Yes it is possible as Brash mentioned already, I do this for one gateway on a public facing system that only requires access from a specific country. However if possible I would use this along side a rule allowing ONLY specific IP traffic. That way you have a multi sided approach that should hopefully keep things secure as hackers will use bots located all over the world to do their dirty work so geo blocking on its own isn't secure.
... View more
Following up on what @Brash said, you'd be best to reserve all the new addresses so that they don't initially get given out and only when everyone has renewed their IP (and you have fixed the subnet mask on anything with a static IP) would you allow the new part of the DHCP range to be given out.
... View more
For an enterprise license, you can get info on : Air Marshall events, Flows, URLs, Wireless event log, Switch event log, Appliance event log.Flows would give you more info on source, destination, MAC and protocol.
... View more
I would turn the SSID off, change the VLAN, and then turn it back on. This is to try and force clients to reconnect and get an IP address from the new range.
... View more
There's no way you can really confirm whether the devices are flooding maliciously or not without tracking them down. It could be anything from poorly designed IOT devices to bad drivers, or someone attempting a malicious attack. Do you have any AP's on the same network or broadcasting the same SSID that are not part of this Meraki dashboard? Is it always the same AP that's detecting it? If so, could be worth giving it a reboot. A few threads that provide some more information and other people's experience: Packet floods detected by AirMarshal - The Meraki Community Solved: Mr34 packet flood issues - The Meraki Community Air Marshal - Cisco Meraki
... View more
I'm having the same issue. Has there been any updates to this? Does anyone have a workaround besides disabling MDNS? Are there issues with disabling MDNS and can this be done via group policy?
... View more
It's under the client IP assignment section https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignment L3 roaming is specifically for when you say for example have 3 floors with layer 3 subnets pushed to the access layer. So, clients get IPs in subnet 1, 2, 3 depending on which floor they're on. If devices are going to roam from one floor to another (meaning actively using device during the physical move) then layer 3 roaming is a good option. If however a user will move and say carry a laptop, tablet, etc with them from their desk on 1st floor to a conf room on floor 3 that's not really a use case or need for L3 roaming. Standard mapping of the SSID/APs to their respective floor VLAN ID with bridged mode is fine. Time and time again I see dashboards with L3 roaming enabled and mapped to a single VLAN. That does literally nothing different than standard bridged mode to a single VLAN 😉 Btw this is all explained in great detail here https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MR_Wireless/Wireless_Layer_3_Roaming_Best_Practices
... View more
TLS creates zero overhead on the AP. The TLS conversation is actually between the client and the RADIUS server. The AP just passes the packets on.
... View more
@cmr Pfft MX250C is for commoners you want the MX450CC dual cellular firewall. Or you could just go with a standard MX of your choice and use a starlink connection if its available in your area.
... View more
My NIC Teaming works if I physically unplug the cable from VMNIC0 or VMNIC1. Previously I was disabling the MS410 switch port. I am not sure why the Meraki disable switch port does not act as if link is lost.
... View more
As @KarstenI mentioned, SSID's can be enabled and disabled without disruption. You're correct, using tags would allow you to test on a single AP. When you're done testing, turn off per AP availability and all AP's will broadcast the SSID. https://documentation.meraki.com/MR/Other_Topics/Using_Tags_to_Broadcast_SSIDs_from_Specific_APs#Specify_Which_APs_Should_Broadcast_a_Specific_SSID
... View more
We use 4 SSIDs everywhere... And on some APs even 5 SSIDs. So far, no problems. And got a good amount of devices within the locations/networks.
... View more
Does anyone have any insight regarding the UUID issue and if the relase may adress it? My latest support ticket with Meraki revealed the issue is not present on a wired MACOS. but an issue when that same MAC is on wifi. This to me reveals it is not the device discovery order.
... View more
I have 2 WAN already. I am looking for a way to at least get to the internet for slack and support. We sent everyone home for the day but had to walk around to notify people so a last gasp would have been helpful
... View more
Kandji support states One thing I did notice that may be a lead on why Meraki is reporting names/UUIDs improperly is that the first two computers you listed are running macOS 11 while the second set that you state show UUID on wifi are on macOS 12. I suggest following that thread with Meraki to see if there's some aspect there that is contributing to your scenario.
... View more
//
//
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_44bc916a71187","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_44bc916a71187_0","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_44bc916a71187_1","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_44bc916a71187_2","feedbackSelector":".InfoMessage"});
LITHIUM.AutoComplete({"options":{"autosuggestionAvailableInstructionText":"Auto-suggestions available. Use Up and Down arrow keys to navigate.","triggerTextLength":4,"autocompleteInstructionsSelector":"#autocompleteInstructionsText_44bc90f910104","updateInputOnSelect":true,"loadingText":"Searching...","emptyText":"No Matches","successText":"Results:","defaultText":"Enter a search word","autosuggestionUnavailableInstructionText":"No suggestions available","disabled":false,"footerContent":[{"scripts":"\n\n;(function($){LITHIUM.Link=function(params){var $doc=$(document);function handler(event){var $link=$(this);var token=$link.data('lia-action-token');if($link.data('lia-ajax')!==true&&token!==undefined){if(event.isPropagationStopped()===false&&event.isImmediatePropagationStopped()===false&&event.isDefaultPrevented()===false){event.stop();var $form=$('