Hello @Mateen1. Unfortunately, the MX can either act as a DHCP server or as a relay. It cannot do both at the same time.  And, as @alemabrahao has already mentioned, once a device has an IP address, the DHCP process is different in terms of renewal.  https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_DHCP_Services_on_the_MX_and_MS ... View more

Hello @rhamersley As @alemabrahao indicated, getting a packet capture and checking logs on your Radius server are good starting points. The packet captures can provide details in terms of whether or not the traffic is reaching the Radius server as well as the responses sent out by the server, if any. In addition to that, Meraki does have a guide for troubleshooting Radius issues. You can find it here:  https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS_Issue_Resolution_Guide ... View more

Hello @USER4. As @rhbirkelund has noted, we're going to need some more information in order to help with the issue you're experiencing. Alternatively, you can reach out to Meraki Support and open a case and one of our engineers can assist you. I am including a link to the installation guide for reference.    https://documentation.meraki.com/MR/MR_Installation_Guides/CW9164_Installation_Guide ... View more

Hello @JJW, one of the other things to be aware of is that you need to make sure that one (or more) subnets are enabled for VPN traffic. As @DarrenOC already noted, verification that the peer is configured with matching security parameters is necessary. I have included a link to our documentation should you require additional help. At the bottom of the page, there is also a link to our troubleshooting guide.    https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings   ... View more

Hello @Brash. The location of the rules shouldn't affect the behavior. Making sure that all of the DSCP tags are uniform across the network is the main area of concern.  ... View more

Hello @Rene1968, please feel free to use the "Give Your Feedback" (at the bottom of the Dashboard) for feature requests such as this. That way our internal teams know what kind of features you are looking for in terms of future releases.  ... View more

Hello @This2shallpass, it is expected that there would be a backoff time depending on what was happening with the switches. This can happen, especially with firmware changes. If one (or more) of the devices went through a factory reset, they would have to download their firmware.  ... View more

Hello @cpuchips42, In addition to the suggestions posted here, Meraki does have some documentation on Large Campus Switching Best Practices. Although it may not be a 1:1 (in terms of a large deployment) for what you are trying to accomplish here, it may be able to provide some valuable information for you to review.  https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MS_Switching/Large_Campus_Switching_Best_Practices ... View more

Hello @kdm_korean, have you opened a case with Meraki Support on this topic? If not, I would recommend doing so. Meraki Support will most likely request live troubleshooting and perform packet captures in an effort to find a root cause.  ... View more

Hello @CLEBERPENTEADO, As @MacuserJim has already indicated, even in a trailing capacity, the asterisk '*' will not be used as a wildcard but as part of the URL itself. If you have any questions about the rules pertaining to the use of the asterisk in this capacity, you can find them in our documentation which I am including below. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering#Using_the_Catch-All_Wildcard_(*)_in_URLs ... View more

You are correct, @Warren. At this point in time, there is no "allow" functionality for Layer 7 rules. Due to the limitations of the Layer 7 rules, and their wide geographic scope, using them can be challenging if you're in the situation that @KenMTS was in. If you only have a subset of devices that need access to these sites, setting up a group policy can help in that situation. You would only need to set up the "Firewall and traffic shaping" option to "Custom network firewall & shaping rules" and set up the same L7 firewall rule but withhold the country in question. This option would leave the main firewall rules intact but still allow a limited number of PCs to reach those countries that are blocked by the main firewall L7 rules. If you need additional information on group policies, you can use this link to our documentation:  https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying_Group_Policies ... View more

As @DarrenOC has already suggested, reaching out to Meraki Support (via a dashboard case or the Meraki support line) would be the best course of action here. The reboots can be associated with the hardware itself, physical issues (such as power), or even firmware. Logs on the device itself can also provide information on potential causes. Meraki support will look into all of these potential causes and may ask you to provide those logs. ... View more

Depending on how the network is configured, there can be a few conditions that would cause these alerts. If internal servers are being used, as opposed to something like 8.8.8.8 for management, the reachability to those servers would need to be checked when this is occurring. Packet captures, as already noted, would also be helpful in determining why the switches are alerting.  ... View more