Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join nowAbout DevOps_RC
DevOps_RC
Building a reputation
Member since Aug 30, 2022
a month ago
Community Record
81
Posts
77
Kudos
1
Solution
Badges
Thanks for the information. I've not had any update with my own support ticket either. A couple of my siwtches have come back online, and some then back to offline. 4 out of 25 switches showing online.
... View more
Good morning, We are still investigating internally, but almost all of our Cisco Catalyst Meraki monitored switches are showing as offline in the dashboard, but thankfully they are still online currently. It's happening at different sites with independent internet circuits, firewalls etc. Just curious if anyone else was having issues, while we continue out investigations and raise a call with Meraki. Issued started around 0830 GMT
... View more
Mar 17 2025
9:21 AM
Meraki support suggested changing these settings to 80%, however still no effect. They have escalated the call, will update this thread once it has been resolved.
... View more
Long allowed Vlan statements (over ~39 characters) has now been fixed, but the maximum character limit is still ~240. Please also note if your device is not upgrading and stuck at saying 'Not running configured version', make sure that the 'Local device status pages' (Under Network>General Device Configuration) is enabled. I was advised on this by Meraki, good spot to the engineer who figured that one out.
... View more
Long allowed Vlan statements (over ~39 characters) has now been fixed, but the maximum character limit is still ~240. Please also note if your device is not upgrading and stuck at saying 'Not running configured version', make sure that the 'Local device status pages' (Under Network>General Device Configuration) is enabled. I was advised on this by Meraki, good spot to the engineer who figured that one out.
... View more
Mar 10 2025
4:43 AM
Thank you for the reply. Checking the settings you are talking about, I'm assuming it's in relation to these under Motion Alerts or am I looking in the wrong location/tab: Do these settings impact the people detection model, or are they just relating to the alerting? I've assumed that there would be some data validation in the people detection reporting, by checking the footage for 'people in motion' as well as 'passing through the in/out line'. But clearly not the case as I'm getting counts when there are no 'people in motion' detected...
... View more
Mar 10 2025
1:48 AM
I have a MV13M installed to pilot the smart cameras and part of that is to assist with building occupancy. First couple of days and the data it provided seemed to be fairly accurate. However it is now 'detecting' people entering and leaving the building, even when it is empty and locked up for the night. Checked the recorded footage and while there are saved events, there are no people in any of the events, and the only 'action' I can see in the footage is a slight change in intensity of light from a wall. If I filter the events with the 'People in Motion' option, no matching events. It seems to provide these inaccurate counts in particular between 18:00 and 06:00 only. The camera is internal, so it's not that it's picking up movement or changes in light levels from outside. I'm going to raise a call with Meraki, but wanted to see if anyone else has experienced this?
... View more
Labels:
- Labels:
-
Other
For info, I've been notified of a bug with long allowed Vlan statements which IOS breaks into multiple lines. So if you have an allowed vlan over ~39 characters (including ,-) it will fail configuration validation. I hope this is fixed soon, so I can get IOS-XE onto the last few of our MS390s..I feel IOS-XE beta is a more stable/robust firmware than the MS/CW fudges to get the MS390s (C9300 HW) into the dashboard.
... View more
For info, I've been notified of a bug with long allowed Vlan statements which IOS breaks into multiple lines. So if you have an allowed vlan over ~39 characters (including ,-) it will fail configuration validation. I hope this is fixed soon, so I can get IOS-XE onto the last few of our MS390s..I feel IOS-XE beta is a more stable/robust firmware than the MS/CW fudges to get the MS390s (C9300 HW) into the dashboard.
... View more
Nov 4 2024
1:54 AM
2 Kudos
Setup a test user to see if it would show what could be applied to the users/groups, but all I received was the following: So what is the Meraki definition on 'channels' (Out with wireless content)? Curious what the 'Other accesses' are, but suspect these are in relation to SGP. I appreciate that admin users are listed in a separate section, but it would be nice to manage all user based permissions including admin in a single location, and have a little more granularity in what permissions could be assigned (SSID controls potentially).
... View more
Oct 10 2024
7:38 AM
@Ryan_Miles , Don't suppose MR30.7 include radius over DTLS support? Can you confirm that MR APs only support Radius over TLS as @KarstenI has suggested.
... View more
Oct 10 2024
7:36 AM
3 Kudos
Thanks for the information. I appreciate that there are two versions of Rasec, radius over TLS and radius over DTLS. I thought your suggestion couldn't possibly be right, I mean why would Cisco take two different approaches in securing Radius....but I tip my hat to you. All the documentation I can find (https://documentation.meraki.com/MR/Encryption_and_Authentication/MR_RADSec) states that Meraki Radsec uses TLS (Only tcp connections can be seen in the packet captures to prove it), whereas and I'm struggling to find an official Cisco ISE document, I did find this article (https://www.wiresandwi.fi/blog/cisco-radsec-part-1-radius-tls-dtls-overview) and it states 'Throughout this series, we will use RADIUS over DTLS for our RadSec implementation, since this is the only mode available for Cisco ISE.' Oh dear......Anyone from Cisco want to jump in and say, 'Don't worry, upgrade to the latest version of ISE and it will support Radius over TLS'..or someone from Meraki instead want to say 'No worries, MR3X supports Radius over DTLS'??? Please.....
... View more
Oct 10 2024
7:24 AM
Apologies for the delay in responding. I'm just going to upgrade my test lab to that version now, and I'll provide an update hopefully later, if not Monday.
... View more
Oct 8 2024
2:33 AM
Good Morning, Just wondering if anyone has managed to setup radsec between Meraki APs and Cisco ISE. I'm certain I've setup both environments correctly, but authentication (pass or fail) isn't showing with the ISE logs, so suspect it's an issue with the radsec initial connection. When importing the Meraki certificate into ISE, which service should this trusted certificate be used for? (See below) Apart from that, the certificate I have imported into the Meraki dashboard is the Root certificate of the chain that the ISE certificate uses for radsec: ISE Cert>CA Issuing Server Certificate>CA Root Server Certificate. I tried to import the issuing CA certificate (Middle of chain) into Meraki, but it complained that it wasn't a root Certificate, so assume it just wants the root and no other parts of the chain. ISE Network device object is setup to use DTLS on 2083 using it's fixed password radius/dtls Radius setting within Meraki access control is setup to use radsec with that password on port 2083 No acls or firewalls blocking access between APs. Works perfectly well without radsec, but as soon as the config is changed to use radsec it doesn't work. Any thoughts? Logs in the Meraki AP when trying to authenticate via radsec:
... View more
Aug 12 2024
4:42 AM
2 Kudos
Just enabled the Assurance EA feature, and will need to send out an email to the other support staff to stop them panicking about all these alerts/warning that are highlighted...They have always been there, but from this page, they are more visible IMHO. Anyway, again appreciate its still in development, but is anyone else getting alerts/warnings for wireless connections, but it's using the original names for the SSIDs? I suspect it's due to my networks linked to network templates, rather than configuration directly applied at the network level, but curious if anyone else has spotted this. I have feedback to Meraki on this in the meantime.
... View more
Thanks for the quick response...I've created additional SSIDs and linked the sensor button to these networks....My issue is that the names of the networks can't be the same as the originals as they are creted at the template level....Maybe I'll feedback asking for the toggle function to have the ability to disable/enable at the template or network level. 🙂
... View more
We've just setup our first MT30 sensor to enable a site to toggle specific SSIDs on/off, and it does toggle the SSIDs....The issue is this site and it's SSIDs are linked to a Network template, and the toggling is performed at the template level, not at the Network SSID level. Apart from configuring duplicate SSIDs at the local site, is there a fix/workaround for this?
... View more
Thanks for the responses and advice on how to make requests. I've submitted my 'feedback' requesting this functionality/feature. I appreciate this wasn't the correct location to make the request, but I was curious to see if anyone else would want it or not, even though I didn't ask if anyone else thought it would be useful. 🙂
... View more
Could we please have the ability to customise the Called-station-ID when configuring access policies on switches, similar to the options we have for wireless policies: At the moment, this is a fixed value: Called-Station-Id: Contains the MAC address of the Meraki MS switch (all caps, octets separated by hyphens) Even if it could include TAGs by default would help when configuring our radius server policies. We currently assign Vlans for wireless endpoints and these are determined depending on which device/site is making the request (TAG identifier) as well as which authenticating AD/Group the endpoint belongs too. We would need to import every switch MAC address into our radius server and then group them into the different site/device types, in order to ensure the correct dynamic vlan is assigned. While this is possible, the on-going maintenance of this will be problematic, whereas if we could include the TAGs of the switch, we wouldn't need to make the changes on our Radius server. I hope this makes sense.
... View more
Apr 17 2024
12:51 AM
Thank you all for your replies. The interfaces/networks on the MX are more complicated than in the diagram, I just simplified it to try to remove any confusion. We have 5 different vlans/subnets, each with their own source-based route as the MX is also used to tunnel some wireless traffic, and the default gateway for each of these subnets is actually the router, which has those 5 interfaces/subnets on them. I think the issue is routing, but on the return of the traffic. If I disable all firewall rules traffic originating from 10.1.0.0/24 can get to 10.112.5.0/24, however traffic originating from 10.112.5.0/24 passes through the MX to 10.1.0.0/24 (As can be seen in packet captures) and I can see the responses, but I suspect it's then following default routes, rather than source based routing for the return traffic. I'll confirm this by running packet captures on the different interfaces on the MX and check for the reply traffic going down a wrong route... The firewall rules are working correctly as the ACL hit count is increasing as I send test data, so not as I originally thought being an issues with L3 firewall rules. Once again, thanks for your responses, hopefully I can figure this out.
... View more
Apr 15 2024
7:46 AM
Good day all, We have the following setup (roughly): I've simplified it in the diagram, as we technically have multiple vlans off the different connections, but basically I want to prevent all traffic from 192.168.0.0/24 getting to 10.1.0.0/24, but allow 10.112.5.0/24 access to 10.1.0.0/24. I can create the rules, and while traffic appears to be blocked, the allow isn't. Is the issue that the subnets that are the sources aren't locally set on the MX appliance as they are routed from the 172.16.0.0/24 subnet? I have a source-based routing enabled on the 10.1.0.0/24 subnet to default route through 172.16.0.0/24? Any help would be appreciated.
... View more
Feb 26 2024
1:21 AM
My apologies for not responding to your query, region is Europe (UK).
... View more
Feb 26 2024
1:20 AM
1 Kudo
Good Morning, I thought I should drop an update on this issue after raising a support ticket with Meraki. In short, the issue I have (Config history not being visible) is due to being logged into the dashboard with a SAML linked account. When I log in with a local Meraki account, I can see the config history tab. Meraki support are aware of the issue, but at present don't have a timeframe for this to be fixed for SAML linked accounts. If I receive any further updates on this issue I'll post it here.
... View more
Feb 12 2024
8:43 AM
Thanks for the clarification Ryan. Looking forward to this function to (hopefully) simplify our update on Catalyst monitored switches.
... View more
Feb 12 2024
1:47 AM
So I missed this announcementhttps://community.meraki.com/t5/Cloud-Monitoring-Resources/Catalyst-Switches-Firmware-Upgrades/ta-p/222885 Looks great, except I don't have the 'cloud monitored' tab in my firmware upgrade section. Is this restricted to only a few regions, I'm Europe for my tenancy. Has anyone seen this yet, or used it? Just wondering how it copes with stacked switches and your thoughts on the function/process please.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 8 | 1358 | |
| 6 | 1753 | |
| 4 | 2382 | |
| 4 | 1704 | |
| 3 | 2491 |
© 2025 Cisco Systems, Inc.
