Did you open a ticket by chance? If not, please do and forward me the ticket ID at alburger@cisco.com   ... View more

Ok just checked and the fixes should be in production for the beta. If you have a chance to try it @cmr , please do and feel free to reach out to me alburger@cisco.com if you find issues. From testing we are seeing things working the way it should, but would be glad to have some field feedback.  ... View more

@MRCUR On the 9200L, you have claimed the switch into a network but it has not migrated correct?  ... View more

We should have the DHCP server configuration resolved soon. I will check with engineering and get back to you.  ... View more

That is odd.... let me bring that up to our dashboard team! Thank you!  ... View more

Ah perfect 😬 if you find any issues with the documentation / readability please give feedback here. I wrote it with a peer of mine and we are open to feedback and fixing anything confusing  ... View more

VLAN profiles allows you to assign a name to a VLAN ID. If the MS is not an L3 switch, it can still map clients to a VLAN ID. That VLAN ID needs to be handled upstream by a gateway, but the L2 switch will still have a concept of VLANs. If you don't have any VLANs configured, you have 1 VLAN, and this feature wouldn't make a ton of sense for that scenario.  ... View more

Also MS does not have a limit to the number of clients in a network that can have a group policy ACL assigned, the limits stated in your initial post are based on static assignment done in dashboard that is applicable to MR and MX. If you were to assign group policies by RADIUS on MR and MS there would be no specific limit.  ... View more

Ok I will do my best here. The 390s have a limit of about 5000 active ACE entries on the platform at any given time. The 355s are about 600 ACE entries active at any given time, and the 125s unfortunately do not have the TCAM for group policy ACL assignment. That being said, a single 30 line group policy ACL with 100 clients associated to it, will take up 30 entries in the TCAM due to the way the ACLs are applied to the endpoints. This is the same across the 390 and the other platforms that support GPACL (210/225/250/350/355). These do require a RADIUS server to apply them, so you would need to enable at the minimum MAC Auth Bypass to start applying group policies to clients on switching. Hope this helps!  ... View more

@GregErnest What model MS do you have? Group Policy L3 ACLs are implemented via RADIUS whether it is through a dot1x or mab session. Different platforms have different limits to the number of active ACEs.  ... View more

The bullet was with regards to @cmr s work of sorting the change log by model.  ... View more

Thanks for having me @merakisimon !  ... View more

Connecting an appliance to both DNAC and Dashboard is not supported today. We are investigating a means to provide the functionality but have some firmware limitations we have to investigate further.  ... View more

Hah Thanks @Larry_Woods ! Please feel free to provide feedback via the blog post or here! ... View more

That guide or check our documentation at: https://documentation.meraki.com/MS/Meraki_MS_Beta/StackPower  ... View more

easy to do, the ui could use a little modernizing!  ... View more

If you have RADIUS testing disabled and still see this alert, it could be due to a client connecting and failing authentication, which led to a dot1x authentication failure. These are tracked as a health alert. ... View more

This is a function that was added to MS14 on a few specific switches. It watches traffic for anomalous behavior that would indicate a device is NATing clients. The intention was to try and help people identify rogue access points that are NATing and catching clients that are using VMs that may be performing NAT to the host address. We are working on producing documentation but as of today, I would recommend daily alerts, as if you have misbehaving or oddly behaving clients, it can produce false positives due to the nature of fingerprinting.   ... View more

This feature is for Named VLANs to VLAN ID mappings for RADIUS. We definitely do want to leverage this further down the road for more than just simplifying RADIUS deployments. Please use the feedback button at the bottom (that we for some reason renamed from make a wish) and let us know there if you wouldn't mind.  ... View more

if youre using rapid-pvst just include vlan 1 in the trunk between the Catalyst upstream switch and MS. This will ensure that the stp formatted BPDU makes it to the RSTP process and prune any unused VLANs from the trunk ... View more

Just to add to this release note. The addition of accounting on the MS390 also includes extra attributes for the endpoint including DHCP, LLDP, and CDP information to assist in greater profiling on Cisco ISE and any other supported platforms.  ... View more

Hey, these are good questions. Your L3 switch or switch stack will need to have it's management IP within the uplink subnet with a default gateway that is routable to the internet. This does NOT mean that it cant be in the same L3 segment, but you have to have a control plane MGMT IP & Data-plane IP. Example.    Northbound uplink is 10.0.0.0/29.    Neighbor is 10.0.0.1 switch SVI is 10.0.0.2 and default static is 10.0.0.1 switch management is 10.0.0.6 and default gateway is 10.0.0.1 You can absolutely peer with 10.0.0.1 using OSPF for dynamic routing, but the management interface (10.0.0.6) must be able to statically point to 10.0.0.1 and reach the internet.    ... View more

We are working towards bringing adaptive policy to the MX and should support most of the current platforms out today from a hardware perspective. Official support has yet to be determined but we are hoping for a beta of SGT being carried over AutoVPN on MX sometime Q1 FY21.  ... View more

ISE is not required but does make assigning SGTs to an Access_accept incredibly easy. You can assign tags in a few ways. 1. Statically to a switchport or an SSID, dynamically via RADIUS av-pair, and in the near future, you will be able to create Network Object Groups and map them to SGTs as a fallback tagging mechanism. ... View more

Excellent work Amelie!!!  ... View more