I recently had issues getting my Cat9300 onboarded to Meraki. I was getting the error "Cloud is not able to login to device". It ended up being an issue with my AAA config.   I had the following AAA config so that when I SSH to my VTY lines it would use my TACACS servers first, and then fall back to local if they were unavailable: aaa authentication login default group TACACS_GROUP local aaa authorization exec default local group TACACS_GROUP local   But Meraki doesn't seem to like that. I tried a ton of things and came up with Meraki requiring those "default" auth-n & auth-z policies to be only local aaa authentication login default local aaa authorization exec default local   So how I solved this was to create a separate policy just for SSH (tied to my vty lines) so that I can still enforce using my TACACS servers when connecting remotely into the switch, but be able to have those "default" policies as local aaa authentication login default local aaa authorization exec default local aaa authentication login SSH group TACACS_GROUP local aaa authorization exec SSH group TACACS_GROUP local   line vty 0 31 authorization exec SSH login authentication SSH     Once I made those changes I was able to successfully onboard my switch to Meraki Dashboard for Monitoring.   ... View more

In our environment we have several older MX84 series and are limited to versioning installation. The sporadic reboots and other issues have caused major grief. The MX105 and higher MX-series still seem to have similar issues. I agree we try to stay away from anything labeled "stable" for awhile and by the time we move to deploy the "stable" version it's a newer version in place. We can spend weeks reading and reviewing the "Known Issues section within the Release Notes" The customer environments are truly the test dummies for Cisco Meraki development team. ... View more

This is why I cannot understand why there is no transparency, no real deep support and so on. What is exactly the reason why our appliances are dying. Why should I do a RMA to get a new broken device? It does not make sense. From my perspective; Meraki could contact me, I am willing to do everything to help to understand why this is happening. ... View more

There is a known routing issue according to TAC for Z3s running 19.1.5. Excessive flapping to SDWAN site connections and to secure connect  ... View more

Unfortunately, not yet. I've asked the question, but haven't been given a solution apart from continuously RMAing at the moment.   I do have a number of other MX75s in the field that aren't affected by the same issue though, so it's very much a game of roulette at the moment.  ... View more

Community moderator here. Marking this reply as the solution for better visibility! ... View more

Thanks a lot for your response. I will try to disable DRS first.   ... View more

Hi mate,   Yep, been there, despite what that reddit article says, they do document (now at least) that they use DES here - SNMP Overview and Configuration - Cisco Meraki Documentation.   No dice following this so far. ... View more

1) Make sure you connect them correctly.  So port 1 of active goes to port 3 of switch 1 and port 2 of active goes to port 3 of switch 2.  Then port 1 of spare firewall goes to port 4 of switch 1 and port 2 of spare firewall goes to port 4 of switch 2. 2) Make sure the Sonicwall uses 802.3ad (or AX) which is LACP negotiation of the channel to bundle them.  Meraki switches will not form bundles statically.  If you are unsure, connect any one of the firewalls to 1 of the switch ports and run a dashboard capture on it and use the capture filter: ether host 01:80:C2:00:00:02 and you will definitely see messages coming from the MS switch but you should check if there are messages coming from the Sonicwall.  If not you have a static aggregate and need to reconfigure that. ... View more

Thanks a lot! ... View more

Love that comment @RaphaelL “iam young and looking for the nightlife”.  Enjoy and make the most of it.     ... View more

yeah you are right. This was the conclusion of my old 2023 case :     This means that if the MX receives DNS responses for 2 different URLs that share the same IP address, the latest DNS entry will override the previous one; the previous entry will not re-populate the DNS table of the MX. ... View more

I forgot to mention this , but this is also what are doing. 2 seperate orgs. Works fine !    Couple of things to "consider" , like DAI will not report the other MX name , only the MAC , minor stuff like that ... View more

Congratulations all, and especially to the fresh faces joining the club 🙂 ... View more

Hello everybody, thank you all for your replies. everything is clear for me now with the time you took to help me. Hope it will help other people. Have a good day. Emmanuel ... View more

Always happy to have one more solved thread for our metrics 😄 ... View more

This is confirmed 100%, only the ISP can turn off dhcpv6 on their handoff. Meraki cannot do this on WAN interfaces (yet). ... View more

Thank you for sharing this is interesting about the noise level. ... View more

UPDATE: This contest is now closed. Thank you to everyone who shared their goals for the new year with us! Congratulations to our 3 randomly selected winners: @Pond @Brian21 and @Viewmax!!! 🎉 ... View more

@Azar go and look at what is actually cabled to those three ports, is it a server, another switch, a wireless access point or... ? ... View more

GUI based backup! ... View more

Would suggest you to configure an SSID with the same configurations and check if the client is getting a splash page when he connects. Try to keep the Splash page frequency to minimum so that you can also try to disconnect the client and connect it again. This will isolate the issue further. ... View more

Can't comment on the first part of your questions as I don't widely use L7 firewall rules. As for the second part, you can apply L7 firewall rules to specific clients by using Group Policies. You can then assign the group policy to the VLAN (which will apply it to all clients on that VLAN), or manually assign it to specific clients. ... View more

Well done everyone, a great way to finish 2024! ... View more

You will need WPA3 for WiFi 6E and 7 deployments for 6GHz. Other than that, I would also recommend a different SSID for known supported devices. ... View more