I did not know that, actually. Thanks! ... View more

Ok. So I have Manual Inbound Firewall enabled.   If I add an Allow rule for udp/53 inbound, my MX also responds to dns queries on its WAN interface, from outside. RHB@wopr ~ % dig @x.x.x.x google.dk A ; <<>> DiG 9.10.6 <<>> @x.x.x.x google.dk A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52324 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;google.dk. IN A ;; ANSWER SECTION: google.dk. 81 IN A 142.250.74.131 ;; Query time: 159 msec ;; SERVER: x.x.x.x#53(x.x.x.x) ;; WHEN: Thu Dec 19 21:59:23 CET 2024 ;; MSG SIZE rcvd: 54 RHB@wopr ~ %   From the LAN side, the MX does not respond on its LAN Interface IP, nor on its WAN IP. So it seems to only be from the outside on its WAN interface.   If I remove said allow rule on the inbound rules, it goes back to not responding to DNS queries. ... View more

I just did a lookup on my lab MX WAN IP, from outside. It doesn't resolve addresses on DNS.   RHB@wopr ~ % dig @x.x.x.x google.dk A ; <<>> DiG 9.10.6 <<>> @x.x.x.x google.dk A ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached RHB@wopr ~ % ... View more

Hm.. There's a download for a vMX on MX15.42 at Cisco Software. Interesting.   https://software.cisco.com/download/home/286328351/type/286328355/release/15.42?catid=268437899 ... View more

Announced yes, but I have not seen any mention of it being released yet.   I guess it's been secretly released for those large enough customers that have a business need for it. ... View more

I've had many issues with Bonjour forwarding on the SSID. I tend to disable is, and use only on the MX.   I see you've only added Printers and Scanners to the Services list. If you add all the Services, does it then work? ... View more

  Fixed an issue that resulted in vMX appliances running on Cisco UCS servers failing to upgrade to MX 18.2XX versions when the vMX appliance was running a version older than MX 17.   Since when has the vMX been available for Private Cloud?   ... View more

Tags can also be used to enable certain SSIDs on certain APs. ... View more

While unfortunately it's not using ISE, you could create a SmartPort automation that triggers on the AP LLDP description. If it's a Catalyst 91xx it uses a Trunk port, otherwise it's an Access Port with an Access Policy. ... View more

During grad school I had an apartment located in the city centre, rather close to a street with a lot of bars adnd nighclubs. At one time, I was working on a university project where we'd measure cellular availability, and usage on a 4G LTE frequency of one of the major ISPs in Denmark.   We could clearly see an increase in unsage during during the weekend around between midnight and 2am. Around the time where all the drunk people probably were calling a cap or their ride home. 😉 ... View more

I think you are mixing the two Client VPN functionalities. Cisco Anyconnect/Secure Client can not be used for L2TP. Meraki Client VPN uses L2TP, and it usually something you configure directly in Windows.   If you wan't to use Cisco Secure Client (Anyconnect) you need to conifugre that on the Meraki Dashboard, and not Client VPN. ... View more

A case open since 2022, and support still won't answer? Tried getting an SE to push for an answer? ... View more

You will still require MR licenses, to continue use of Meraki Access Points and manage them in the dashboard. There is no console on Meraki - management is only available through the Cloud-based Meraki Dashboard.   You will also need to ensure that the new Firewall allows all communication to the Meraki Cloud for your APs to continue to function. You can see the required firewall openings in the Dashboard by clicking on the Help Button and Firewall Info.   ... View more

Is it a third party supplier that has been installing the CCTV cameras? In my experience, these third parties tend to either configure the NVR to hand out DHCP addresses to their cameras or that the cameras are statically configured with an IP address. They also tend to supply their own unmanaged swtiching infrastructure. which they uplink the camearas to, which may also be connected upstream to the rest of the network infrastructure. ... View more

Is that MX behind a Firepower by any chance? ... View more

This ought to be possible using a combination of local L3 rules on the MX and S2S VPN FW rules.   On each site you'd have to separate the networks in Vlans on the MX. Then you'll have to create a FW rule per MX that denies traffic between the two vlans, within each site. E.g. if site A uses 10.10.1.0/24 for prod, and 10.20.1.0/24, then you'd define a fw rule that denies traffic from 10.10.1.0/24 to 10.20.1.0/24 and vice versa.   Then you'll have to create a rule on on Site-to-Site VPN Firewall rules which denies all traffic between 10.10.0.0/16 and 10.20.0.0/16, and one vice-versa.   The rules per MX allows separation between the Vlan per site, and the S2S rules should allow for sepearation between the Prod and HA supernets. ... View more

It doesn't look like there's any battery packs that are able to provide the required input power for a Z4C. I think your best bet would be to get an inverter  and 12V battery, and use the power supply that comes with the teleworker. ... View more

If I want to change the allow list on e.g. the NM-4C module, I can't just change it. I need to reduce the allow list on all modules, to for example 1-10, before I can change the allow list to what I need on the NM-4C module which is infact installed, unlike the other modules. ... View more

I use Python for my scripts. Meraki has a published Python Library, which works wonders. I am not aware of any .NET implementation of Meraki, but if .NET has support for restful APIs it should not be a problem to use it. But then again I have no experience with .NET so I wouldn't be able to say for sure. ... View more

I think maybe that my greatest annoyance with this switch is the fact that for those C9300s where it supports an NM module, to change to vlan allow list you need to select all NM types and change on them. Not just the NM that is currently installed in the switch.. ... View more