Hi,   We have a server room in our head office that has a typical lock and key, aircon etc that holds the core of our Meraki network. It holds 2 x mX100 in HA DR with a BT failover 1gb Leased line.  1 connection into each MX. We then have 2 core switches MS425 stacked and lots of fibre connections to various parts of the building to distribution cabs with MS250's serving users/AP's and other devices. We've now decided to look at splitting this across 2 locations in the building for DR. 1 MX in 2 physically separate locations, 1 of the core switches and then get BT to re-route the backup line to the new location. My only question is presently the MS425's are stacked with 2 mini stacking cables (about 10cm long)! Can we "stack" across a OM4 fibre run in a new location - dual runs?  So no stacking cable anymore but about a 150m fibre run between comms cabs...? ... View more

Hi All,   We have always had a fail over HSRP/HA MX with a BT leased lien failover circuit 1 in each device and it served us well.   We have now introduced a cheap broadband line for our primary MX100 in WAN 2 and we are looking for all non-corporate and Guest traffic to be pushed out to that as opposed to thottling and having them use our primary leased line.   I was about to do it but realised our Volutneer network is using NAT isolation and the default scope is 10.0.0.0/8 and all teh guests have random 10.x.x.x adresses with the 2nd octet changing.   I was hoping to say guest network 10.10.10.x/24 source go over WAN2 but the issue is (even though it's isolated) that 10.0.0.0/8 actually overlaps our main corporate LAN which is 10.15.x.x (lots of vlans /24). Is there anyway to change the default Meraki scope of isolation from 10.0.0.0/8 or do we have to use a DHCP server and bridge it and secure with firewall rules?   i.e should I re-do the guest network  ... View more

So after 5 years or so of our full stack Meraki implementation complaints in a particular area of our building are ever more increasing.  We have users who are sat working happily on 5 bars of signal strength connected to their local AP and then for no apparent reason they will then Roam over to an AP on the floor above or one at the other end of the building and the speed/connection will be so bad they'll either have 1 bar shown or it will show the globe icon "no internet".     So a bit of back ground - Office Building is 3 floors and about 50m x 20m We have 3 AP's on Ground floor, 6 AP's on 1t floor (as it's sectioned off in to wards) 3 AP's on top Floor The issues are with the people who work on the 1st floor (most AP's).  I'm starting to consider we have too many AP's in that space but what is annoying most is why they are picking up AP's on the floor above or below when there is a thick concrete layer between them. Why would they do this? I almost wish i could tell certain clients they are only allowed to connect to certain AP's which you can't quite do albeit fudge some ssid availability and create a new SSID which i don't want to do.  I'm using basic indoor radio profiles but I did turn on the Auto RF AI radio feature but i'm not sure it has helped.  Does this override the RF profiles? See below a user that is having massive issues and is more or less sat in between 2 AP's (W4 & W3)        ... View more

Hi,   We have a 4 site full Mesh.   HQ - UK (server access) Data Center -UK (server access) Branch office Paris (no servers just clients) Branch office London (no servers just clients)   All 4 are in a 4 site auto-VPN mesh.   However we now have a Layer 2/Lan extension/p2p link between our data center and HQ so I want to remove the VPN participation of the Server VLAN (15) and route (well switch) traffic over that p2p link.   The problem i'm guessing will happen is that if I remove the server VLAN from going over the VPN then our Paris and London branches will lose access to them.   Is there anyway to just remove the VPN participation between HQ and DC and leave it in for the other sites? We are trying to stretch the Server VLAN 15 across HQ/DC via the p2p link for DR mainly but what i've found is if it is still participating over the VPN aswell you essentially have a loop and things stop working.   Any idea?   I think I also need to go from full mesh to a 2 site mesh (HQ/DC) and a Spoke London/Paris.  Is that correct ?   Cheers ... View more

Hi All,   Just after some basic best practise and to see what everyone is doing out there. Switches and AP's....Do you.....   Assign all devices with a static IP? Use Google DNS for each device?   Or   Use DHCP for each device with DNS registration locally so you can see your device MAC and name in DNS? or do you do a hybrid approach.... AP's on DHCP but switches on static? Does anyone use IP address reservations for devices (Based on MAC addresses)? Perhaps use 1 google address and one local for DNS? We've also have Umbrella UVA's so should we use them? OR doesn't it really matter? ... View more

We are Meraki Full stack - MX, MS, MR, MV etc   We have a HQ site with a production virtual server infrastructure.  (Dell VXRail)   We have an identical DR site in a data centre 30 miles away.   We have a leased line and backup line at each site and a WARM spare HA pair of MX's   We've got Auto VPN connecting all sites.   We tried the NAt translation for DR and re-ip'ing etc and never really got it working for a few VM's that HAD to retain their IP address.   So we bit the bullet and actually got a cheap Layer2 p2p QinQ link between HQ and our DC.   Question now is how Meraki handles the layer 2 do we join all the meraki hardware in the DC to the HQ network in Meraki or do we trunk/route certain VLANs across the link or do we stretch the VLANs?   Basically we want server A 10.10.10.1 to move from HQ to DR and stay on 10.10.10.1 (forget the gateway for now)   At present the 10.10.10.x subnet at HQ is called VLAN10 'server vlan'   In our DR site we also have a server VLAN but it's VLAN 20 and is on 10.10.20.x/24   I know that a layer 2 link is essentially no different now from the other distribution/Edge switches in HQ that hang off our core switches.  e.g our Finance switch is connected with fibre in the to core switch in HQ and this is 100m away....in theory the DR switch and infrastructure is technically now just the same but is 30 miles away...?   Normally everything between sites ran over the auto VPN for inter site traffic i.e backups, replication etc etc   What's the best way to get this running over the Layer2 p2p link now and not over the auto VPN?       ... View more

Hi All,   After a few tips for the next stages of our Meraki Journey and WAN topology. We started as a 200 user org with a Meraki Full Stack (MX, MS, MR, MV, MDM) We are now at 500 users and the MX100 is squeeling and hitting 100% utilization on CPU frequently! We have 3 sites, MX100 (HA pair) at HQ with Production virtual servers  MX84 at DataCentre (DR/failover site) MX84 at remote branch (no servers just users) All 3 sites are connected via Auto VPN.  This has served us well for 3 years. We used to use the MX100 as a client VPN server and then played with Meraki Anyconnect but had no luck so we were sold 2 vFTD (Virtual Cisco Firepowers) to do the Anyconnect piece in a more reliable manner than Meraki. The MX's now NAT VPN traffic to vFTD's. I'm looking to re-design this all as I think we need bigger hardware and more bandwidth. - Do I get a p2p (LAN extension between the HQ and DC) and leave the MX for Internet and VPN only - this will make DR better as no-re-ip'ing of VMs) - Do I get a MX 250 or 105 and add second leased line - Do i use the virtual firepowers and retire the MX's as let's face it the MX isn't the best Meraki product - DO I get a rebate on the vFTD's and buy a physical FTD appliance? - Do I do something completely different? - Ideally I'd also like the anyconnect VPN to flip between sites if a heart beat is lost or we have an outage - i've been looking at cloudflare for DNS failover. Anyone have any better solutions/ideas? ... View more