Hi there,   The TLDR version is: We didn't. It remains a problem. The slightly longer explanation is as follows:   It turned out that it wasn't just WAN interface drops - the whole appliance was rebooting.   The problem seemed to self-resolve once support got involved. For months we'd had these random drops, but support blamed the ISP. It wasn't until we put a switch between the MX and our ISP demarc/router and could prove the MX interface was dropping that support really took any notice.   Once that was proved conclusively they started looking into it some more, and the conclusion they came to was that we were overloading the appliance with too many WAN users at once. We were forced to upgrade to an appliance which could handle more users, which we are very unimpressed about.   We regularly have between 250-300 active devices at once and support's view was that the 75 was not designed to handle over 200. They wouldn't look into the matter further. I won't throw any individual agent under the bus, but here's what they said:   Performance from the last day on this device is still receiving a few performance spikes up to 100 percent CPU Usage, However at about average this device seems to be under about 75 percent on average, however this again could be because this device is over spec'd above the documentation of 200 clients. Due to the recent panics of this device we will continue to monitor moving forward on this device to see if any further reboots occur. Please let me know if you have any further questions. We had an unexpected reboot again on 6th Jan and this is what support said this time:   Thanks for calling Cisco Meraki Technical Support today. I investigated your WAN outage and consequent loss of LAN connectivity at around 11 am this morning. I examined back-end logs and can confirm that this was due to the MX unexpectedly rebooting. I am glad to hear that the recovery time for the network was under a minute. I have collected initial data regarding this and will be collecting further data with a view to raising an internal case to investigate the issue further. I will keep the case open and keep you informed of progress. Please let me know in the case comments if you experience this issue again. Thank you for being a valued Meraki customer. I've chased them today for an update - Support are notoriously bad at getting back to you. What  they said on the phone was that they could see "an event which caused the device to reboot" but wouldn't be drawn on what that "event" was.   So we await the installation of our new MX105 in an HA pair to hopefully solve this problem once and for all.   And Meraki - if you're reading this, your support sucks. Do better. ... View more

I will mention it to support again and have them check the CPU logs! Thanks! ... View more

That's interesting as that was similar to my theory. I wondered if it was CPU usage. We have some port forwards enabled on 8001 and 8002 for CCTV access. We had/have a case open with support who have now replaced the MX and we put the new one in this week.  ... View more

No, AnyConnect is disabled. ... View more

Have you set a trunk port for that VLAN so that it can escape the core? We have a VLAN which only exists on our core switches, and thus isn't tagged anywhere. Those devices in that VLAN can't get out of the switch to the gateway or beyond. ... View more

If you have a singe /23 subnet then as @PhilipDAth says, VLAN trunks wont make a jot of difference. You could split them into VLANs on separate subnets, and that would then mean you would, by necessity have to have some trunk ports in your switches, otherwise your VLANs won't be able to escape the switch. ... View more

We have a similar setup. An MS Core, with two legs going to each of our access layer. The core has LACP links across the switches so in the event that one switch fails, the other can keep chugging.   Can you describe your LACP setup switch by switch? ... View more

It appears to be all interfaces. ... View more

Came here to say this! We had a mixed setup whilst we were waiting for our new MR's to come in. Air Marshal went wild until we figured out what it was and turned it off! ... View more

Hi, It's connected to an HPE Aruba 2530, and I don't think EEE is enabled?   HP-2530-48G(config)# sh savepower led LED Save Power Information Configuration Status : Disabled HP-2530-48G(config)# sh savepower port-low-pwr Port Save Power Information Configuration Status : Disabled HP-2530-48G(config)# sh energy-efficient-ethernet Port | EEE Config Current Status txWake(us) ----- + ---------- -------------- ---------- 1 | Disabled Inactive - 2 | Disabled Inactive - ... View more

Apologies, it's a 2530, and I don't think EEE is enabled?    HP-2530-48G(config)# sh savepower led    LED Save Power Information    Configuration Status : Disabled   HP-2530-48G(config)# sh savepower port-low-pwr    Port Save Power Information    Configuration Status : Disabled   HP-2530-48G(config)# sh energy-efficient-ethernet     Port  | EEE Config Current Status txWake(us)   ----- + ---------- -------------- ----------   1     | Disabled   Inactive       -   2     | Disabled   Inactive       -     ... View more

We have the same problem, only slightly reversed. We saw the MX drop WAN1 at random - only for a second or two and then come back up. We were directly connected to the ISP router and they were saying it is the MX dropping, whilst Meraki were suggesting it is the ISP router. We installed an HPE Aruba 2920 in between to log the port changes and we can see that the MX is indeed dropping the WAN1 interface, whilst the ISP router stays up.   We logged these findings with Meraki and they are replacing the MX as they believe it is a faulty port.  ... View more

That has worked a treat! Thanks very much indeed, that is exactly what I needed to see! Next question - is there a similar template for the MS range? ... View more

I downloaded the MIB and copied it to C:\Program Files (x86)\PRTG Network Monitor\MIB - is that all I need to do, or is there some more magical process to get PRTG to see it? ... View more

I have v2C and V3 enabled and have tried with both. How did you get yours set up?  ... View more

I don't believe EEE is enabled - but I can't find how to check? ... View more

Just the WAN port - WAN1 to be exact. WAN2 is fine. ... View more

Of course! I'm dumb. When I connected the switch it was sending out BPDU's like crazy, and because we had BPDU guard enabled, the Meraki port transitioned to a disabled state. Because it is a switch and not a client device it would always send BPDU's.   Thank you @ww and @alemabrahao for the info. ... View more

Yes, BDPU guard was enabled on the Meraki trunk port, but I had to switch it off to get the CBS switch to work. ... View more

They are not Catalyst switches. These are CBS-250's and 350's. BDPU guard is not enabled on those switches. ... View more

We've recently done this due to a flapping port on either the MX or the ISP router. We used an HPE Aruba switch with no config. Works well! ... View more

The core stack is priority 0:     The Cisco IOS devices have RSTP enabled, and the uplink is a trunk port:   POD-SW1#sh span     Spanning tree enabled mode: RSTP Default port cost method:   long Loopback guard:             Disabled         Root ID    Priority:   0              Address:    a8:46:9d:d9:1e:11              Cost:       50000              Port:       gi1              Hello Time: 2 sec Max Age: 20 sec Forward Delay: 15 sec   Bridge ID  Priority:   32768              Address:    2c:1a:05:26:39:e8              Hello Time: 2 sec Max Age: 20 sec Forward Delay: 15 sec     Number of topology changes: 2 last change occurred: 165:24:43 ago   Times:  hold: 1, topology change: 35, notification: 2           hello: 2, max age: 20, forward delay: 15   Interfaces   Name     State   Prio.Nbr    Cost    Sts   Role PortFast       Type --------- -------- --------- -------- ------ ---- -------- -----------------    gi1    enabled    128.1    20000    Frw   Root    No       P2P (RSTP)    gi2    enabled    128.2   2000000   Dsbl  Dsbl    No            -    gi3    enabled    128.3    20000    Frw   Desg   Yes       P2P (RSTP)    gi4    enabled    128.4    20000    Frw   Desg   Yes       P2P (RSTP)    gi5    enabled    128.5    20000    Frw   Desg   Yes       P2P (RSTP)    gi6    enabled    128.6    20000    Frw   Desg   Yes       P2P (RSTP)    gi7    enabled    128.7    200000   Frw   Desg   Yes       P2P (RSTP)    gi8    enabled    128.8    20000    Frw   Desg   Yes       P2P (RSTP)    Po1    enabled  128.1000   20000    Dsbl  Dsbl    No            -    Po2    enabled  128.1001   20000    Dsbl  Dsbl    No            -    Po3    enabled  128.1002   20000    Dsbl  Dsbl    No            -    Po4    enabled  128.1003   20000    Dsbl  Dsbl    No            -   _____________________________________________________________________   POD-SW1#sh run int ge1 interface GigabitEthernet1 switchport mode trunk   ... View more