hopefully Catalyst 9400 could be monitored from Meraki Dashboard, like another Catalyst 9200/9300/9500 families.. this will be another breakthrough. ... View more

so it means, when using virtual uplink, it will much easier connect non-meraki vpn peer with, just peer with single VIP only ? ... View more

thank you for your feedbacks @Ryan_Miles , this will help me a lot.. 🤝 ... View more

"The MX requires unique IPs on the WAN side. So, one for MX1 another for MX2 and a third optional one for the VIP." Could I use private IP for vIP ? rather than public IP as vIP ? "The LAN side works differently. There are just VLANs and their associated L3 IPs. No per MX IP, nor a VIP. The single IP per VLAN will belong to whichever MX is primary." So is that mean, i just need these configuration below ? : Create Interface vlan 255 10.10.255.1/30  on MX1 and MX2 Create mode access vlan 255 on port 2-3 towards LAN side  Create Interface vlan 255 10.10.255.2/30 on Firewall side Create static route between MXs and Firewall     ... View more

Got it, will be applied vIPs for each ISP connection. "Also, the diagram mentions 10.10.255.x/29 in a few places. So I'm not entirely sure where that's being used or if it's just a generic reference. On the MX we refer to the VIP as the shared WAN IP(s) and not any LAN side L3 interface/SVI." yes my purpose like having VRRP for LAN side using 10.10.255.x/29 segment.  Much like having HSRP and use IPs on : MX1 10.10.255.1, priority 100 MX2 10.10.255.2, priority 90 MX Standby IP 10.10.255.3 Firewall 10.10.255.5 So traffic from INSIDE (GCP)/LAN side will have an MX Standby IP 10.10.255.3  as next hop to the OUTSIDE (ISPs) And traffic from OUTSIDE (ISPs) will have an Firewall IP 10.10.255.5 as next hop to the INSIDE (GCP)/LAN side Could i applied that scenario above ? because it still confusing me, as there are no exact documentation to applied Layer 3 redundancy on LAN side   ... View more

got it, so it means i could applied with this topology design below? as long peer switch device could run STP to block looping   ... View more

so, is that means we need to have another IP public to be used on our Firewall ? and we need to have this public ip configured :   x.x.x.x/29 (ISP-A) allocation : x.x.x.1 > ISP side x.x.x.2 > MX01 x.x.x.3 > MX02 x.x.x.4 > vIP Heartbeat x.x.x.5 > Firewall y.y.y.y/29 (ISP-A) allocation : y.y.y.1 > ISP side y.y.y.2 > MX01 y.y.y.3 > MX02 y.y.y.4 > vIP Heartbeat y.y.y.5 > Firewall   as mentioned  on this link below https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Routed_Warm_Spare :     ... View more

we thought UNII 1 and 2 not permitted in our country, since it's already permitted, could by using UNII 1 and 2 would reduce channel utilization ?   currently we have average 40 clients on a AP ... View more

so, is that mean when i want to add new role such as "MONITOR", it will use the same SHA1 tokens as "USER" and "ADMIN" ? ... View more

another question is, should the role on IDP defined before tokens generated?   for an example, if i have already create role "ADMIN" on my IDP (Jumpcloud) then generate SHA1 token, and filled it on meraki dashboard.   and in another moment, i need to add new role "USER" on my IDP, should i generate the new SHA1 token? and filled it again on meraki dashboard? ... View more

yep, it's seem pretty easy, but still lack of documentation, for jumpcloud step couldn't get as clearer than setting up on ADFS/Azure.. hopefully could have more details guides like this : https://www.miniorange.com/cisco-meraki-single-sign-on-(sso)   cheers ... View more

thank you   ... View more

Alright that's very clear.   but for another question is, could we configure interface vlan and default route from the MS410 to Forti, using Local Status page ? due to our ISP installation is on going ... View more

our MS390 using CS 15.21.1  ... View more

we have already disable web cache as TAC suggestion, but it didn't resolve ... View more