In addition to the "what does works fine mean" question, how many machines are affected by this issue? Where is your laptop connecting from?    Is your laptop on the same remote network as the device(s) having problems? ... View more

I am officially bummed out. I filed a ticket to see about getting this end point enabled for my orgs, only to be told it's not an endpoint and there's no ETA on it.   It still shows up in the Postman docs. I swear it used to be in the ones on create.meraki.io change log too? I guess it's time to be patient.  ... View more

Are you looking to use AD to authenticate users for the client VPN?   If so, you've got a second way to go, beyond what @jdsilva linked. I usually use Network Policy Server for RADIUS: https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN   Partly because I'm usually already doing RADIUS thru NPS for other network equipment, so it's easy to add one more task. ... View more

XL Black t-shirt please? Thank you! ... View more

Our typical practice is to get a static public IP, then have the ISP's equipment configured to pass the static IP through to the MX btw. So I'd get you a static IP, put the modem into bridge mode (or equivalent), and then go from there.   You'll also want to make sure your SonicWall is set to use IKEv1, and that your lifetimes match. I've run into issues before where the remote site SonicWall defaulted to IKEv2, which Meraki does not yet support.  ... View more

Do you have physical access to the APs right now? Can you try a quick factory reset to ensure they're pulling a completely fresh config? ... View more

@PhilipDAth's got the same logic my company uses. If there's not a lot of inter-VLAN talk, MX is fine. If there's a significant amount of traffic, L3 goes into the core switches. ... View more

I'd plan for an outage.   If you change your subnet mask, you're going to have to update that on all devices with static IP configs.    Force devices on DHCP to refresh their IP address, and they should be updated. If you've got that outage window, you can also reboot your MX in order to clear its DHCP leases, if I recall correctly. I don't believe there's any other way to force an MX to clear its leases. ... View more

@Ahmed83    Two options:   Copy the relevant portions of the capture and paste them into a message.   Open the pcap in Wireshark and take a screenshot. ... View more

@SallyG , I was thinking more like 5-10 minutes, honestly. If you've just been added as an administrator to an organization, it seems to take 5ish minutes most days. 10 on a very sloooow one. ... View more

How long did you give it? It takes a bit of time to propagate across all shards. ... View more

Your primary question is whether or not you can manage your switches. Can you setup VLANs on the switches themselves?   If you can setup VLANs, how much routing are you expecting to do? The MX can do some, but may get bogged down if you have A Lot going on.   In order to use a vlan, you're going to need to draw it from your source of routing through your switches and exit at your endpoints. It looks like your WAP is also a cloud solution, so you're going to have to draw the VLAN to your AP, and ensure that your SSIDs are configured to assign devices to the correct vlan.   Assuming all that - check out this doc for how to setup vlans on the MX itself: https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Appliance ... View more

Panera in the US, pretty much all day every day. My partner likes to make fun of me because I'll whip around and try to identify the model of the AP. ... View more

Pretty sure that's a non-starter. A device can belong to a single network at a time in the dashboard. ... View more

True fact, but I thought one was discouraged from using MX as the router itself.  ... View more

Are you trying to do something like AutoVPN as well as MPLS?   If so, Meraki has a document here on how to configure a failover situation. Please note that it does not discuss load balancing across the two links, as they are not both WAN.   Please also note that it clearly shows the MPLS connected as a LAN connection, as opposed to WAN. You might also find this article useful. ... View more

Does all your traffic hit the MX before being able to go to that IP's subnet?   If it is, you probably really need a switch (with L3 if you've got multiple subnets). MXes aren't routers.   If not, then the outbound rules on the firewall won't help you here. If your traffic is on the same subnet, or if routing between subnets is handled by a proper L3 device, then it won't hit your MX's rules.   You'll need to setup an ACL on the appropriate switch(es) in order to a) first allow your wanted traffic then b) issue a blanket deny to that IP. ... View more

Count me as another vote to use the dynamic DNS provided by Meraki when configuring profiles on your end user's computers. It's especially good practice if you have multiple WAN links.   Easiest place to grab it is from the Client VPN page - it's the second line down, starts with Hostname.   If you don't want to be using wharrrrgarrbbll.dynamic-m.com, you can setup a CNAME record for vpn.yourdomain.com or whatever, on your public DNS. ... View more

I honestly like it, but I need assistance with keeping my eye on a single line. I'd kill for some light-dark highlighting, really. ... View more

Haha, yeah, it is. I just have to talk others into using them when "that's not how we've always done it." ... View more

Thank you for the insight, @MerakiDave. My company's default had been to create a single wireless network for organizations with multiple sites, but I'm now thinking that we shouldn't oughta do that. Especially not for sites that have multiple types of Meraki equipment. (Most commonly - MX and APs.)   Our thinking had been that it makes it easier to broadcast the same SSIDs across multiple sites. But how hard is it to setup the same SSID, really? Especially when the clients don't want PSKs changed regularly.   We don't have a lot of large deployments right now, but we will in the near future. I'm going to start a team discussion about creating a new standard to put us in a better position for when that happens. ... View more

Power cable bags are good for random cables in your go-bag. (Cisco console cable, micro-USB, power cable for my laptop charger.)   Not good for hand-embroidery, as the weave is very very fine and you're going to drive yourself nuts trying to cover any amount of surface. It's also very firm and you will stab yourself due to needing a sharp needle and forgetting your thimble. I did try though. I wanted to label with pretty colors vs. bad sharpie handwriting.   I suspect they'd take ink stamping very well, so long as you put something absorbent in the bag to prevent bleed-through.   Stacking cable bags hold small knitting projects. I've thought about using one to hold my common screwdrivers, with a couple of paperclips slipped through a few warp threads.   Power-injector bags are good for dice bags.   Who's guessed I work for a VAR and have a heap of these things? ... View more

This situation is why we need a test setup specifically for the client VPN, if that's even possible.   I don't think using the 802.1x test off your wireless would necessarily be too helpful here, since that'd be testing off your APs instead of the fw. Did you copy your 802.1x config over to the new NPS server, with your APs as valid clients?   If you're using that test button and not getting a valid test when you should, you probably should check to make sure that packets are actually leaving your device and being received by your NPS server. You can do a pcap off your Meraki device, and then check your NPS logs on your server.  ... View more

Have you tried a factory reset on the device? If you've done that, and it's still exhibiting this behavior, I'm also Team RMA. ... View more

I'd be down, even though I desperately try to stick to being the nerd in the corner and not care about salesing. 🙂 ... View more