Meraki

Community

About Suar_Mustafa

Re: Organization Wide Group Policies improvement proposal

by in Security & SD-WAN
‎Oct 2 2025 12:56 AM
‎Oct 2 2025 12:56 AM
I completely agree with your points. The lack of rule ordering, limited default deny options, and no proper destination scoping make org-wide group policies hard to use in anything beyond the simplest designs. Your proposed improvements would make them far more practical at scale. ... View more

Re: Local DNS Service on MX – unable to delete profile due to “Networks are...

by Kind of a big deal in Developers & APIs
‎Aug 21 2025 1:14 PM
‎Aug 21 2025 1:14 PM
This sounds like it will require a support case to resolve. ... View more

Re: Association Failure

by in Wireless
‎Aug 15 2025 12:17 AM
‎Aug 15 2025 12:17 AM
Cisco Meraki Case 13390694: 802.11 Association Error Code 30 ... View more

Re: Vpn and dnat traffic flow

by in Security & SD-WAN
‎Aug 14 2025 12:43 AM
‎Aug 14 2025 12:43 AM
Your understanding is correct. If both MX WAN ports are on the same L2 from the ISP and the /29 is delivered on the wire, assigning VIP (.4) plus additional public IPs (.5, .6) works: VIP handles AutoVPN and Client VPN without interruption, while DNAT rules against .5/.6 float seamlessly during warm-spare failover.   Just add the additional IPs under Security & SD-WAN > Configure > Firewall, set up your DNAT rules, and point all VPN traffic at the VIP.   Refer to the Meraki Documentation: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX   https://meraki.cisco.com/blog/2014/08/1many-nat-for-meraki-mx/     ... View more

Re: Meraki Sponsored Guest Access Duration Time

by Kind of a big deal in Wireless
‎Aug 13 2025 1:43 PM
‎Aug 13 2025 1:43 PM
The guest user is able to select the time required, up to the maximum.  The person doing the sponsoring does not have control.   https://documentation.meraki.com/MR/Encryption_and_Authentication/Sponsored_Guest   "The session time can be set to: automatically grant the access duration (30 minutes to 6 weeks) specified by the “Maximum sponsorship duration” during the splash page registration allow users to request access for a session duration that is limited by the “Maximum sponsorship duration” specified by the Meraki Administrator" ... View more

Re: I need to block traffic between branch offices

by in Security & SD-WAN
‎Aug 13 2025 5:28 AM
3 Kudos
‎Aug 13 2025 5:28 AM
3 Kudos
Yes you can do this directly in Meraki without an external firewall. Go to Security & SD-WAN → Site-to-site VPN in Dashboard. In the VPN settings section, look at the VPN firewall rules (sometimes labeled “VPN firewall” or “Custom rules” under “Site-to-site VPN”). These rules control traffic that traverses the AutoVPN fabric. You can explicitly deny branch-to-branch subnets while allowing branch-to-DC traffic. For example: Deny: Source = Branch subnet(s), Destination = other Branch subnet(s) Allow: Source = Branch subnet(s), Destination = DC subnet(s)   Since these rules are enforced in the VPN overlay, the block happens before traffic can pass between branches, and you don’t need to touch the traditional firewall at the hub. ... View more
My Accepted Solutions
View all
© 2026 Cisco Systems, Inc.