Pretty much what Philip said. Try to avoid PVST/RPVST and keep with MST which plays best Meraki since you don't have any PVST simulation errors. ... View more

It is an honesty license.  You have to buy a licence to have a legal entitlement to use it - but nothing prevents you from just turning it on. ... View more

Replace C9300s used as WAN switches with unmanaged switches.  Just have 3 ports connected in each; 1-ISP, 2-MX1, 3-MX2.  Safer from hackers and won't cause you any issues.  If you must use managed switches, then use some with a dedicated Out Of Band management port. ... View more

Ok, thanks for the info. ... View more

@MartinLL is onto to it.  This is something you would enforce in your IDP, such as Entra ID, Duo, etc.  This is exactly how I do it for our company (using Duo).  We strict VPN access to company owned machines.   It likes it might be possible to do this using certificates as well.  You would deploy a certificate onto the machine you want to allow.  And then you create an "Remote Access - VPN Posture" configuration that requires a certificate. https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco__Secure_Connect_Now_Remote_Access/Remote_Access_-_Client-based_Posture     This is under Secure Connect/Endpoint Posture/VPN Access. ... View more

Thanks 👍 ... View more

I have used the GLC-T modules in the WAN ports of MX250s for many years and they do work. ... View more

Hi, Thanks for your response. it worked 👍 ... View more