@GreenMan is right. Be sure to use MST 0 (instance 0) for compatibility. This was discussed before on this other thread. ... View more

Good news everyone! This behaviour was fixed by firmware release 18.107.6 now. This solution was confirmed by @Ryan_Miles first and @jacobi50 later. Thanks for sharing! ... View more

No ETA at this stage. Please, don't kill the messenger! 😁 ... View more

Hi there! It looks like the suppression syntax used caused problem in other IOS XE module for some reason.   Try avoiding spaces in the expressions you're searching    I see this syntax usually works fine:   logging discriminator DROP-ME msg-body drops meraki-user|Public-key   Hope this is useful. ... View more

Hello everyone! Hope you're doing great!   I noticed a number of cases in Support and some customers referring to this log suppression workaround solution.   The root cause for this notice in syslog and console logging is just a reminder that SSH with RSA Public Key algorithm will be deprecated therefore, the network administrator should be aware. This is explained here in this Cisco doc [1]   Having this in mind, @redsector has a good point: just suppressing the messages it's not much of a solution. However, the fix could cause other compatibility issues when authenticating users/systems that can't use another algorithm.   That's why we never recommend changing your public key algorithm configs. If you're curious, you can find more details here in this other Cisco doc (valid for other IOS XE releases) [2].   Having said that, you may want to do it at your own risk.   Solution: change the publickey algorithm settings   Step 1. check if you have x509v3-ssh-rsa    Switch#sh run | inc ip ssh ip ssh version 2 ip ssh server algorithm authentication publickey password keyboard ip ssh server algorithm publickey x509v3-ssh-rsa   Step 2. enter config mode and remove public key x509v3-ssh-rsa   Switch#conf t Enter configuration commands, one per line.  End with CNTL/Z. Switch(config)#default ip ssh server algorithm publickey Switch(config)#end   Once more: <disclaimer> Asses your public keys and users/systems before doing this. Use this at your own risk. It's safer and easier to implement log suppression workaround solution </disclaimer>.   Workaround: suppress just that kind of message   Switch#config-transaction admin connected from 127.0.0.1 using console on Router Switch(config)#logging discriminator DROP-ME msg-body drops meraki-user|Public-key Switch(config)#end   More about the suppression syntax can be found here [3]. If this syntax doesn't work well for you, try building your own until you find one that works fine. Small syntax variance is common.   Hope this information is useful. And again, we recommend implementing the workaround since it's more compatible. Change public key settings at your own risk.   Reference: [1] https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/17_xe/syslogs/17-5-x/b-system-message-guide-routers-17-5-x.html [2] https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/sec-usr-ssh-xe-3s-book.html [3] https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#wp1888787448   ... View more

There's no ETA at this moment. ... View more

Hello everyone! Yes, @Malwina Malwina is correct. That behaviour may be observed in other MX models if they also run in HA (a.k.a. Warm Spare). From my knowledge, you can workaround this issue by temporarily running firmware 17-10-8 if your don't mind having a previous firmware. ... View more

Hello everyone,   Hope you're doing great!   This is a old discussion but since I've seen a number of cases on Meraki Support I decided to give this topic a bump up.   TL/DR: if you seen traffic like RADIUS, Netflow, SYSLOG, access requests, etc coming from your MX with IP 6.x.y.z it's ok if your MX is in Pass Through mode or it just have one single VLAN.   According to this official document [1], MX devices which operate in Pass-through mode or just have on single VLAN pick an address from range 6.x.y.z only for certain types of traffic. "When in Passthrough or Routed/NAT mode in Single LAN the MX will source traffic from a 6.X.X.X address for services such as Syslog, Netflow, RADIUS access requests and potentially others." [1]   Reference: [1] https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway#Considerations_for_VPN_and_Other_Features ... View more

Hi Jaeyoonkim,   Thanks for the positive feedback and this update. It was a pleasure working with you on the support ticket. I love when there's another engineer on the customer side that never gives up like you did. Congratulations and may you have success and all the best for you in your professional career. ... View more

Hello Jaeyoonkim,   Thanks for posting your questions here in the Meraki Community Forum as well.   That catalyst configuration you're referring to will be added by Catalyst onboarding tool. You don't need to add manually to your netconf.   Check out this (non-official) article about onboarding Catalysts. - Catalyst on Meraki: Getting Started    I also replied to your support case and we can discuss your questions over there if you prefer.   Hope this helps other people in this community as well.   Cheers! ... View more

Thanks @Chris_Skees and @cmr    I'm adding my 2 cents here:   1st cent) A connection disruption is inevitable in such cases: either the station NIC or bad cabling will cause it as it did before or you and the end-user will as part of the troubleshooting. I prefer the later as it gets the user closer to a solution.   So, I wouldn't discard a poorly written/implemented ethernet device driver at the OS layer on the user's workstation. I.e.: maybe NIC driver is misconfigured and turning ethernet off when OS is entering energy saving modes. I know its unlikely since it's all new stations and that's the only one having issues. In addition, this tshoot approach would be reaching too far outside support scope. Nevertheless, it's worthy investigating.   In this sense, this Meraki article is also relevant. It mainly talks about duplex, but speed and duplex are tied to Ethernet auto-negotiation (802.3u).   In conclusion, before going for the cabling testing feature and/or swapping cable for a new one, I would leave Meraki device port with speed and duplex auto-negotiation turned on while configuring the station's OS to don't turn off NIC when saving energy as well as NIC manual contig to 1000Mbps full-duplex (no auto-negotiation). Since this 1000Mbps full-duplex is the preferred negotiation at Meraki device, we would see the port connecting at ideal speed and duplex and no more disruptions. If we don't see this result, then we would have a bad cable.   This brings us to my 2nd cent.   2nd cent) Going deeper into this rabbit hole: (far fetched tshoot approach). If the user is more of a tech person, maybe you could test using a Loopback plug tool connected to the port you're investigating and run Meraki's cable test feature. This would isolate bad cable and NIC driver.   Ideally, those cable testing features should be used with a loop tool, otherwise it will cause interruptions on whatever is connected to the port where you run this test. Those loop tools are generally cheap but quite effective. Check out this one (I swear I'm not affiliated or have any kind of connection to those guys - it's just a google search result)!   Going further deeper: I come from older switch and networking devices but the fundamentals are valid.   So check out this Cisco Document: Troubleshooting Catalyst Switches to NIC Compatibility Issues (Old but Gold).😎   In our case here, we pay attention to these three sections:   Why Do Autonegotiation and Compatibility Issues Exist? General Troubleshooting for 10/100/1000 Mbps NICs Autonegotiation Valid Configuration Table   I love this foot note: "2 Some third-party NIC cards can fall back to half-duplex operation mode, even though both the switchportand NIC configuration are manually configured for 100 Mbps, full-duplex. This is because NIC autonegotiation link detection still operates when the NIC is manually configured. This causes duplex inconsistency between the switchport and the NIC. Symptoms include poor port performance and frame check sequence (FCS) errors that increment on the switchport. In order to troubleshoot this issue, try to manually configure the switchport to 100 Mbps, half-duplex. If this action resolves the connectivity problems, this NIC issue is the possible cause. Try to update to the latest drivers for your NIC, or contact your NIC card vendor for additional support. "   In essence, that was an example of a poorly written/implemented device driver.   I would only add to that part: and make sure OS energy saving options aren't interfering - e.g.: energy saving feature turning off NIC, turning off USB-C or thunderbolt when station is connected through an ethernet transceiver.   Hope this is useful - or at least educational! 🤓  ... View more

Thank you, @Inderdeep ! Hope one day I can be a top contributor like you. ... View more