You can use bonjour forwarding to route mDNS across VLANs. https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Bonjour_Forwarding ... View more

As @ammahend stated, the Meraki AP does not have any control over the endpoint. If the endpoint has the SSID endpoint configured on it, it may have the ability to share or show that password in plain text.   You can prevent this by either:  - Managing the endpoint through MDM software (such as Meraki Systems Manager or MS Intune)  - Using an authentication mechanism that doesn't use pre-shared keys - such as certificate authentication ... View more

Congratulations @rhbirkelund ! Very well deserved ... View more

As @GreenMan stated, Meraki templates certainly make it easier to manage multiple different like networks. I do suggest however on reading up on the limitations, so you don't get caught out.   Otherwise invest some time looking into the API. Meraki is designed API first, meaning that most things you can do in the GUI, you can automate using the API. ... View more

Not a definitive answer, but if you don't have any DNAT rules configured, and manual inbound firewall is disabled, I'd be concerned that the device (192.168.x.222) may already be compromised. ... View more

From ISP side: Does Site A have a significantly lower download bandwidth?   From Meraki side: Do you have any bandwidth shaping on the clients (particularly on Site B)? Anywhere from group policy, MX shaping, MR shaping etc.    Some other observations:  - Is the slowness consistent?  - Does the transfer seem to max out at a specific speed?  - Is it only between Site B and site A or from Site B transferring to anywhere else? ... View more

I'd suggest having a read through the Meraki WiFi best practices guide. It gives some suggestions and guidance around what situations you might want to increase or decrease bitrate. Best Practice Design - MR Wireless - Cisco Meraki Documentation   @Holli69 's recommendations are good too ... View more

Just re-iterating what @PhilipDAth said, if all endpoints are connecting to the switch, and you don't have any sprawling or dynamically changing network, you don't need OSPF. Simply setup the VLAN interfaces for inter-vlan routing and static routes for anything traffic you need to send elsewhere. ... View more

As stated above, CDP is a Cisco proprietary protocol while LLDP is an open standard. LLDP is what is used to read information about connected non Meraki/Cisco devices.   SNMP is not used for collecting this information. ... View more

Huge effort team. Keep up the good work! ... View more

Assuming you're talking about Meraki NAT mode on the SSID, no you can't separate the clients onto a different VLAN. This is because the clients are NAT'd to the IP address of the AP and therefore use the VLAN for that IP Address.   http://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP   If you want to tag clients into a specific VLAN, you need to use bridge mode on the SSID. ... View more

If the printer is dedicated to this VM, there's really no need to create a VLAN interface on the MX. You can simply setup a new VLAN on the vSwitch, configure that VLAN on the trunk ports on the switches through the network to the switch where the printer is connected and configure the printer port as an access port in that VLAN. Don't set any default gateway on either the printer or the computer and you're good to go. Those devices will not be able to communicate with anything outside of that VLAN.   The only 'risk' of this is VLAN bleeding if someone misconfigures the network in the future. To minimize that, you can add switch ACL's to allow on the specific communication (IP's and ports) on that VLAN and deny all other communication from those hosts. ... View more

No, as far as I'm aware that information is not available via the API. ... View more

Take a look at the hold timers for each device, along with the documentation on how the timers are negotiated. Meraki information can be found here: https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)#Default_Update_and_Timeout_Timers   A few things to think about:  - Is it happening regularly at a specific/predictable time?  - Is it only specific sites or random?   Beyond that, I'd suggest engaging support from both vendors to review additional logging. ... View more

Are the two networks on different versions? Or contain different models of AP's? ... View more

"Road-warrior" - Never heard this term before but I love it 😆 ... View more

With WAN failover set to graceful existing connections will continue to remain failed over.   For example, with WAN 2 as primary, if WAN 2 goes down, connections all failover to WAN 1. When WAN 2 comes back online, new connections will go out WAN 2 but existing connections will go out WAN 1.   If you want all connections to immediately failback to the primary uplink, you need to change WAN Failover to Immediate. while new connections start  ... View more

It'll take a bit of getting used to, but I have no issue with it. Especially since the option to disable it is still there.   And to be honest, I'm impressed that an accessibility change is being pushed by default with the ability to opt-out rather than needing users to opt-in. 👏 ... View more

That's a bit weird. I've got an MX68CW with Advanced Sec licensing and definitely see the content filtering and threat protection in the list.   Can you manually navigate to the URL?   https://<shard>.meraki.com/<stuff here>/manage/configure/security_filtering?from=security_sd_wan ... View more

Submitted! ... View more

Assuming the power supplies have the same voltage, polarity and enough amperage, there's no reason it shouldn't work.   But I agree with @PhilipDAth  More commonly than not, the power supply will fail before the unit does. The last thing you want is to have to do a trip around to every site because the power supplies have all started failing one after the other.   ... View more

A lot of people swear by rackstuds for racking anything lighter than a server or UPS. I personally haven't used them and especially wouldn't in a production environment until I've tested them in my own lab.   Assuming this isn't a homelab or a small test lab, I wouldn't risk it. Cage nuts suck but they're at least fairly reliable. ... View more

I'm liking these features. I'd argue DOM should have been implemented way earlier than now but it's exciting  nonetheless. ... View more

What are you using for your RADIUS server? We have upgraded our fleet to 30.7 and are using RADIUS authentication without issue. ... View more