As long as you are not using VIP, it won't matter.  Both MXs can go active. ... View more

Have anyone seen the C8121 in CCW yet - I would love to see the price of that one. C8111 seems to be there. ... View more

Will do it all at once, already scheduled them, so they pre-download it. Was thinking of splitting it into two stages, Access -> Cores, but unfortunately, as often, the maintanance window got cancelled. So I need to wait for next weekend, so I can do it. So going to do all at once.   Thanks all for your input 🙂 ... View more

As @alemabrahao indicated, it certainly seems to be a seen behaviour. It's feasible that the issue may be due to the following known issue:   Link aggregates may take some time to be reinitialized when a switch stack failover occurs. During this time traffic traversing the link aggregate will be interrupted.   From what I can tell, that known issue doesn't seem to be present in the 17.5.4 release notes, so it may be fixed there. However, I don't think anyone in the community has performed the testing to validate that. ... View more

After testing and having access to my ISP's Modem, the scenario works for me with the Meraki VPN client, but not through Anyconnect and perform port forwarding of ports 500/4500 UDP and 443 for Anyconnect,   I'm still investigating what might be happening or if something is missing. ... View more

Like everyone else (in this tread 🙂 ), we are just waiting for someone who "dares" to be the "first mover" 🙂 We also have customers with C9500 running in the "old monitor mode", and we also want to go Full Cloud Configured WITH StackWise Virtual .... but .... who dares 🙂 ... View more

Congratulations everyone including me this time 🙂  ... View more

'd probably sit tight till the 2027 expiry, and replace the MX84 and get new licences all in one go. ... View more

Found the same link last week, so that is why I tested it with and without that command in a IOS-XE managed switch. Still working with Support on this. ... View more

Hey Suraj,  "script" is probably a bit strong - But this is the list of commands I literally manually copied and pasted into every single switch we off boarded from Meraki Monitoring 🤣   Obviously, adjust as required - Thankfully 99% of our switches had the exact same configuration left behind during Cloud Monitoring off boarding, so it was very easy to copy and paste the same configuration without having to double check.    ! ! Clean up configuration no aaa authentication login MERAKI local no aaa authorization exec MERAKI local no aaa authorization commands 0 MERAKI local no aaa authorization commands 1 MERAKI local no aaa authorization commands 2 MERAKI local no aaa authorization commands 3 MERAKI local no aaa authorization commands 4 MERAKI local no aaa authorization commands 5 MERAKI local no aaa authorization commands 6 MERAKI local no aaa authorization commands 7 MERAKI local no aaa authorization commands 8 MERAKI local no aaa authorization commands 9 MERAKI local no aaa authorization commands 10 MERAKI local no aaa authorization commands 11 MERAKI local no aaa authorization commands 12 MERAKI local no aaa authorization commands 13 MERAKI local no aaa authorization commands 14 MERAKI local no aaa authorization commands 15 MERAKI local ! ! config t line vty 32 35 no access-class MERAKI_VTY_IN in no access-class MERAKI_VTY_OUT out no authorization commands 0 MERAKI no authorization commands 1 MERAKI no authorization commands 2 MERAKI no authorization commands 3 MERAKI no authorization commands 4 MERAKI no authorization commands 5 MERAKI no authorization commands 6 MERAKI no authorization commands 7 MERAKI no authorization commands 8 MERAKI no authorization commands 9 MERAKI no authorization commands 10 MERAKI no authorization commands 11 MERAKI no authorization commands 12 MERAKI no authorization commands 13 MERAKI no authorization commands 14 MERAKI no authorization commands 15 MERAKI no authorization exec MERAKI no login authentication MERAKI no rotary 50 transport input none !     ... View more

Hi Jbright, Thanks so much Viet ... View more

Nice writeup! I've never liked the NPS Azure MFA integration. We tried getting it integrated with MS AOVPN and had all sorts of issues. Looks like NPS + Azure MFA + Meraki native client is even more difficult. One of the issues we hit was that the MFA prompt would appear behind all of the user's other applications on the client PC. Not super helpful for staff with limited computer literacy 😆 ... View more

Sounds lovely - GUI only does X, CLI only does Y... ... View more

I have only used them in C9300s (where they work fine), I have some MS130s I could try the 1Gb ones with, but I think you already have the 10Gb ones working in MS225s, so that wouldn't prove anything.  Either way as mentioned above they aren't supported in MS switches for some reason... ... View more

Blocking only via Zscaler DNS may reduce some QUIC‑related issues, but it will not reliably prevent QUIC. For consistent results, you need to block QUIC at the network/HTTP proxy level, not just DNS. ... View more

Here we are in 2026 on firmware version 17.2.2 and there is still no reboot stack option for the MS250  ... View more

  The ISP should not have a working DNS resolver accessible from the Internet (one that responds to DNS queries from anywhere).  These are commonly used for DDoS attacks.  I hope the DNS resolver responds only to DNS requests from the customer.   See what Shodan reports: https://www.shodan.io/   ... View more

@DrDray , I appreciate that this is a "volunteer" effort on your behalf.  I wonder if it might be worth putting these on GitHub, so people can submit pull requests for updates (or maybe that is too dificult for the average punter, not sure). ... View more

❤️mDNS ❤️ ... View more

working very good ... View more

>AGREED! MILES 4EVA (I am not really cool enough to say "4EVA".... is that even the right way? Or is it "4-eva"? something else?   67 ... View more

@PhilipDAth : 2026 is coming .. now its like a Tower 🙂 ... View more

late comment but congratulations @DanD!!! ... View more

Just to clarify, I have confirmed the following prerequisites have been met   Prerequisites Uplink connectivity (from the switch to the cloud and not connectivity to the computer being used) must be via a front-panel port (not the management interface). ✅ Only the default VRF is supported. ✅ Ensure routes are in place to reach external addresses including a default route (use of ip default-gateway is not supported). ✅ IP routing (ip routing) must be enabled on the switch. ✅ AAA on the switch must be configured using aaa new-model. ✅ aaa authentication login default local and aaa authorization exec default local must be configured. ✅ The user account for onboarding must have privilege-15 level access on the switch. ✅ The Meraki Tunnel only supports the Global VRF. ✅ Domain Name Lookup is required for hostname resolution to the Dashboard Registration and Meraki Tunnel services ✅ ip name-server {Domain server IP address} ip domain lookup The switch clock must reflect the correct current time in order to establish a mutual TLS tunnel with the Registration and Meraki Tunnel services by enabling NTP services. ✅ ntp server {ntp server IP address} Our C9300 and C9500 are both licenced with Advantage licencing. ✅ ... View more