Did you recently update the MR46 and is it behind a Web Gateway or Firewall that does not allow HTTPS to the 209.206.48.0/20 IP range? Important note Meraki APs use UDP port 7351 for cloud communication and TCP ports 80 and 443 for backup communications when running MR 27 and older firmware. When running MR 28 firmware, Meraki APs will now use TCP port 443 as the primary means for cloud connectivity. In order to maintain connectivity to the Meraki cloud on MR 28+ ensure that TCP port 443 is allowed to communicate with 209.206.48.0/20 on firewalls that are deployed upstream of your Meraki APs. (Wi-Fi 6 MRs)
... View more
If you can't connect to the cloud, you need to use the local status page to see why. https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Meraki_Device_Local_Status_Page
... View more
You mentioned correctly. 1. If we disconnect internet for DC HUB, VPN still up and user traffic still can forward normal. 2. If MX DC HUB and SPOKE use internet the same connection (DPLC or MPLS NAT to Internet the same ISP), it will be retries to Cloud same time. As I notice VPN will be down after 5 minutes after internet connection down. Please correct me if I am wrong.
... View more
I maybe difficult to explain, but please kindly find the image for reference. When we try to modified and save, it alert as the image reference.
... View more
Hi, Currently I don't see any available virtual class in APAC region, I think you can start with ECMS1 or 2, for CMNA you can review from partner portal it should be available soon. https://community.meraki.com/t5/Learning-Hub/ct-p/hub
... View more
Thank you, your link is useful for me. I just wonder why it sometime not switch from one rule to one rule not properly. sometime it match to general group policy, which is not the requirement.
... View more
To build further on @Ryan_Miles response (all of which I agree with), I would advocate AGAINST using a dedicated VRRP link between the MXs. This is because it creates a loop, and MX appliances are not spanning-tree aware. This can result in intermittent outages because of spanning-tree failures. It wouldn't be so bad if MX was spanning-tree aware.
... View more
@BrandonSit show detect failed, the MX may not receive any reply from upstream in terms of ARP, DNS, ICMP requests tests. What abnormal is face only MX84 only, and detect fail usually around 10mn.
... View more
@cmr It is the new onboard Meraki MX, it should automatic upgrade to the latest stable version. Anyway if we set scheduling every initialize MX from network template it is fine to upgrade, but we cannot do this every onboard MX, it doesn't make sense.
... View more
Dear Community, Meraki MX keep sending request through the back-end, as we try to pcap on upstream device still see the traffic request same src, dst port to VPN Registry Server, you maybe need to change session setting on upstream device like UDP discard, etc as MX use UDP port 9350-9351 to VPN Registry Server. Thanks, BR,
... View more
hi @MakaraMEAS for more info Cisco Meraki Best Practice Design > Best Practice Design - MX Security and SD-WAN > Meraki SD-WAN Service Failover Time Failback Time AutoVPN Tunnels 30-40 seconds 30-40 seconds DC-DC Failover 20-30 seconds 20-30 seconds Dynamic path selection Up to 30 seconds Up to 30 seconds Warm Spare 30 seconds or less 30 seconds or less WAN connectivity 300 seconds or less 15-30 seconds
... View more
@MakaraMEAS I did the change myself there is no real change in end dates. For me the PDL is too complex and would´ve actually wanted to stick to co-term. I see PDL value to organisations having franchisee business or bigger rollout projects. Please note that if you do decide to go ahead there is no turning back while having second thoughts later on. there is a reminder on that as well. Hope it helps.
... View more
No, it's block what's not wanted only for Content filtering. With URL Fltering you'll have the chance to whitelist specific sites. It's up to you to decide if this is a good idea or something that's not worth the effort (that it will be if you're trying to implement the policy you're referring to).
... View more
//
//
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_3f209322efe8c8","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_3f209322efe8c8_0","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_3f209322efe8c8_1","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_3f209322efe8c8_2","feedbackSelector":".InfoMessage"});
LITHIUM.AutoComplete({"options":{"autosuggestionAvailableInstructionText":"Auto-suggestions available. Use Up and Down arrow keys to navigate.","triggerTextLength":4,"autocompleteInstructionsSelector":"#autocompleteInstructionsText_3f20931fc67c71","updateInputOnSelect":true,"loadingText":"Searching...","emptyText":"No Matches","successText":"Results:","defaultText":"Enter a search word","autosuggestionUnavailableInstructionText":"No suggestions available","disabled":false,"footerContent":[{"scripts":"\n\n;(function($){LITHIUM.Link=function(params){var $doc=$(document);function handler(event){var $link=$(this);var token=$link.data('lia-action-token');if($link.data('lia-ajax')!==true&&token!==undefined){if(event.isPropagationStopped()===false&&event.isImmediatePropagationStopped()===false&&event.isDefaultPrevented()===false){event.stop();var $form=$('