In that case, to keep the network traffic on the Mikrotik switch, you'll need to create a VLAN interface on the Microtik switch for the VLAN's and set it as the default gateway instead.  Otherwise you can connect both the NAS and the client on the same VLAN. In theory you can also  ... View more

For the traffic flow you described, it sounds like the default gateway for VLAN 4 or VLAN 12 (or both) reside on the upstream MX. ... View more

Ok Perfect. That makes much more sense now. I had an automatic upgrade notification for a different site but it looks like that's because it has an MX75 and is getting moved from an early-stage beta release to a stable release.   Thanks @cmr  ... View more

Adding to @KarstenI 's reply. The firewall rule you've got in the screenshot is for SSH connections initiated inside your network with a destination of 1.2.3.4. It does not apply to SSH connections inbound from 1.2.3.4.   If you have inbound connections from specific IP's that you want to port forward, you can apply them in the port forwarding rule under "Allowed Remote IP's" ... View more

Right, that makes sense. I manually configured an upgrade for the switch and I can see it now set as an option. The remaining question is: With the current configuration, will the switch and MX be automatically upgraded if I leave them? I would have expected the MX to have automatically upgraded by now since the stable release available is from August.   ... View more

If you have a grounding of networking basics, navigating the dashboard is the biggest hurdle you'll face. Once you get accustomed to it, you'll find most things logically.   There's a few Youtube videos which provide a good overview of the dashboard and how to use it. Meraki Dashboard 101: Onboarding - YouTube Cisco Meraki Dashboard overview demonstration - YouTube   Beyond that, I recommend taking some time to get used to where things are laid out in the dashboard. This is especially necessary for firewall rules/ACL's as there's different places where these can be added. Also get to know Network Wide settings and Organisation Wide settings - they're typically where you'll spend the least amount of time, but do hold some key settings that you'll likely need at a later time.   Then when you have a good idea of the specific task you're trying to achieve, the Meraki documentation is typically quite good (Google usually gets you to the right place). ... View more

It sounds like you're talking about the WAN data usage (for if your ISP caps your data usage for example). If that's the case, you can find some data under "Network Wide" -> "Traffic Analysis" and select traffic analytics for your security appliances. Then next to the work "Usage", you'll see the total amount down and up. I'm not sure whether this accounts for SD-WAN tunnelled traffic.       Another interesting yet less elegant way is making a custom pie chart to track internet bound traffic vs internal traffic. It's not elegant but it may work for you. Custom Pie Charts in Meraki – dunxd.com     ... View more

It depends on what specific usage information you're looking for.   MX WAN network usage graph is under "Security & SD-WAN" -> "Appliance Status". This will give you an idea of bandwidth usage going out of the MX Client usage data is under "Network Wide" -> "Clients". This has per application breakdowns and you can drill down per client. Finally, a very handy overview of usage across the network can be found under "Organization" -> "Summary Report"   Each of these graphs defaults to the last day but there is a dropdown to change to data over the past week.   A few reference docs that might lead you further: Clients Usage Page Overview - Cisco Meraki Summary Report Overview - Cisco Meraki Device Utilization - Cisco Meraki ... View more

If the two Windows machines are on the same L2 (VLAN and subnet), it should be a fairly simple flow. What you've described is very typical of Windows firewall (especially Windows server) - blocking all inbound ping requests. For testing, I would disable the firewall completely.   Other than that, I would start by:  - Check ARP on both machines to verify whether they have address resolution for eachother. In cmd, type "arp -a"  and check for the other machine's IP.  - Run up wireshark on both machines and run a ping from one to the other to determine which direction the ping is failing.   From the above tests, you should be able to verify whether the issue is a machine not replying or the switch blocking a ping request/reply. That way you can focus your troubleshooting to the appropriate device. ... View more

Sorry, when writing up the reply, i forgot that this would be specific to Meraki (*facepalm*). Yes, the information I provided was for an ASA. ... View more

Probably not of much help here as my Anyconnect knowledge is very limited but it's definitely possible. My previous company had something similar.   Looking at the XML schema, I don't see anywhere to insert a message via XML directly. However, the description indicates it should be editable in the message catalog.   + <!-- + This control enables an administrator to have a one time message + displayed prior to a users first connection attempt. As an example, + the message could be used to remind a user to insert their smart + card into it's reader. + + The message to be used with this control is localizable and can be + found in the AnyConnect message catalog. + (default: "This is a pre-connect reminder message.") + --> + <ShowPreConnectMessage>false</ShowPreConnectMessage> Source: [PATCH] Provide profile.xml for AnyConnect (infradead.org)     Looks like the message string is under localization settings Solved: SSL VPN (AnyConnect) and Customize Preconnect Message - Cisco Community     ... View more

Yes, either should be fine ... View more

Not quite. You need to ensure that your internal DNS can forward requests that it doesn't have the answer for. These should be forwarded to another DNS that does have the answer. Typically you would set up to forward to an external, top level DNS, such as 8.8.8.8 (Google's DNS) or 1.1.1.1 (Cloudflare DNS ... View more

You'll need one of those set up in order to resolve domains external to your environment, including the Meraki dynamic domain name for your MX. ... View more

When you say doesn't resolve correctly, is it resolving to any IP address at all? Is your client PC using a well known internet DNS or an internal DNS? ... View more

As the client has already been given an IP address, it will typically hold onto it until expiration. It would be up to the client to request a new IP from the DHCP server.   Most operating systems will support this in one way or another but you'll need to log onto the client directly. Worst case scenario, rebooting the client should also force it to pull a new IP. ... View more

Thanks @MeredithW  Congrats to the top contributors... Killing it as always.   A great community indeed. ... View more

Meraki recommends using the hostname precisely for the reason you mentioned. In the event of a WAN failover, the hostname should update to the new WAN IP.   In regards to getting it working, using a hostname vs an IP address shouldn't make a difference as long as the hostname resolves correctly. Are you using the Meraki dynamic hostname or do you have another hostname defined? Does the hostname resolve to the correct IP on the client PC? ... View more

You're correct, the MS220-8P is an 8 port GigE switch. It received an EOL notice in 2018 - https://meraki.cisco.com/lib/pdf/eol/meraki_eol_ms220-8.pdf   I believe last date of support is 2025. As support is tied to licensing, and licenses are required for the devices to operate, you will need to purchase a license for the switch in order to continue using it. ... View more

Thanks mate. I figured that was the case but wanted to confirm I wouldn't be stuck in the water if I did buy a USB modem. You'll be glad to know that there will definitely be MS and MRs scattered around the site. 😉 No MT's and MV's yet but never out of the question. ... View more

The only reason I can think of DHCP being recommended is for ease of initial configuration (zero touch deployment etc). If you want to stick with DHCP IP's for the AP's, you've got a few options:  - Create DHCP reservations for the AP's to ensure their IP remains consistent  - Rather than adding individual addresses as NPS clients, add the entire Meraki AP management subnet   Of course, as you mentioned the other option is to use static IP's instead. ... View more