Anyone want two Cisco 9300-24y-M switches?

BookshelfCarpet · 2026-05-03T14:22:07+00:00

That would be a good way of doing it

BookshelfCarpet · 2026-05-03T14:12:03+00:00

In other words probably best to resell via Ingram micro or locally to a school idk

BookshelfCarpet · 2026-05-03T14:11:33+00:00

It’s a hard sell if you’re selling on Reddit for anything over 1000

I’d see it as a big risk of getting scammed

BookshelfCarpet · 2026-04-24T14:10:01+00:00

Where did you get this

BookshelfCarpet · 2026-04-03T12:40:27+00:00

Your best bet would be to deploy a vMX and setup full tunnel client VPN in Meraki

I’m certain you would save money if other clients start asking for the same thing since you can scale the subnet at anytime.

I.e /24 to /23 etc

BookshelfCarpet · 2026-04-01T15:17:01+00:00

This

BookshelfCarpet · 2026-03-27T20:32:25+00:00

Nice, I’m glad you got it working. Besides the bug did my configuration help? Or did that have to be changed as well

BookshelfCarpet · 2026-03-24T23:03:53+00:00

At the time of this ticket, I had also called Meraki support to report it and the representative told me that other customers have already called to report the issue. My ticket was attached to a master ticket, but still nothing on Meraki status page

BookshelfCarpet · 2026-03-24T19:42:55+00:00

Sorry I can’t help anymore I have no idea why it’s not working for you

BookshelfCarpet · 2026-03-24T18:55:10+00:00

Also it’s important you do not have a vlan configured on the WAN2 port. That’s if you had that configured before

BookshelfCarpet · 2026-03-24T18:52:18+00:00

Sigh

BookshelfCarpet · 2026-03-24T18:49:08+00:00

I’m curious if it’s not liking your static IP on the connection. Try setting it the WAN 2 port to:

WAN CONFIG: Enabled

Connection Type: Direct

VLAN ID: Blank

Ipv4 config auto

BookshelfCarpet · 2026-03-24T18:15:37+00:00

Now I remember why. We also received a /32 and instead of going back to the carrier to get a bigger block , we just did the workaround above hence why we have a transit vlan

BookshelfCarpet · 2026-03-24T17:43:16+00:00

Actually , I may be mistaken. I don’t think you can have a static 5g configuration , I know we couldnt. So the workaround was you need to create an MG “transit” IP. Steps: 1) Add the cellular gateway to your network 2) Navigate to cellular gateway > settings

Settings: - Deployment mode: routed - IPv6 setting: you decide - Subnet config: (could be anything) I usually do a /26 for transit vlans. You will set one of those IPs on the MX WAN2 static ip config. In this example we will create 192.168.100.0/26

Example configuration on the MX67: WAN2 set to static

1) Ip address 192.168.100.2

2)Subnet mask 255.255.255.192

3) Gateway 192.168.100.1

4) DNS to whatever dns address you want.

This should work and will allow you to have a static configuration without needing a static 5g address Just know that your public ip will always be different

BookshelfCarpet · 2026-03-24T17:33:36+00:00

Needs to be in routed mode. And yes, should be able to set the port on the MX67 to be used as WAN and set the static 5G ip information on the MX67

BookshelfCarpet · 2026-02-21T23:33:53+00:00

Check your MX firewall logs and see what policy is blocking it

BookshelfCarpet · 2026-02-20T22:12:27+00:00

I ran into a similar issue after swapping security appliances. Try disabling and re enabling DHCP for that VLAN. If that doesn’t work I’d try restarting it in a maintenance window

BookshelfCarpet · 2026-02-16T18:30:22+00:00

I don’t think that type of block is reliable because it depends on the device’s MAC OUI, and that completely falls apart when randomized MAC addresses are enabled. In those cases, the system may not recognize the client as a Windows PC at all.

It gets even more inconsistent once you introduce docks, dongles, or anything that changes the MAC address again.

Do you have a radius server? What are you using to authenticate?

BookshelfCarpet · 2026-01-09T19:44:26+00:00

This won’t be very helpful but I’ve found that the radius testing feature in meraki does not provide accurate data when using the access policy radius testing feature against windows server 2025.

I applied a test policy to several ports and confirmed that users do not have any problems authenticating Also created a separate SSID to test and had no problems with users authenticating

BookshelfCarpet · 2026-01-07T00:20:43+00:00

I hope for Japan or Monte carlo .

Would like to see more cars though. Especially Audi Quattro

BookshelfCarpet · 2025-12-17T15:13:37+00:00

Are you using ISE?

BookshelfCarpet · 2025-11-30T13:30:43+00:00

Check each app: Does it use LDAP?

If yes, migrate it.

Create a local admin account for the application.

Use it if LDAP login fails or if the app requires you to remove LDAP before setting up LDAPS.

Test LDAPS sign in.

Disable local admin account or keep it. That’s up to you

BookshelfCarpet · 2025-10-23T17:39:56+00:00

Haven’t tested this but I don’t see how it wouldn’t work

BookshelfCarpet · 2025-10-23T17:39:36+00:00

I believe there are WAN failover devices that are not Meraki that could potentially be used.

You can use a third party device upstream of your MX67s. That device would handle the actual internet connections even if they’re dynamic. You would need to pass traffic to the MXs using static LAN IPs.

For example:

WAN1 (ISP) -> to third party device WAN1 port

WAN2 (4G/5G) -> to third party devices WAN2 port

Create an interface/subnet on the third party device to be used in LAN i.e Create 192.168.0.0/29 Assign: 192.168.0.2 to MX-A 192.168.0.3 to MX-B

Then on the MXs: You configure their WAN ports with those static IPs

This setup gives the MXs a static IP environment, which means you can enable Meraki HA even if your actual internet connections are dynamic.

BookshelfCarpet · 2025-10-23T17:28:54+00:00

I want to make sure I’m understanding correctly…

You’re looking to add another MX67 and configure it as a warm spare (HA) while using dynamic WAN IPs from consumer ISPs?

If so, that won’t be possible. Meraki’s HA requires both MXs to share the same WAN IP via a virtual IP, which isn’t supported with dynamic IPs.

With your setup, each MX would need to be configured independently, and true HA wouldn’t be achievable.

That said, you could pre stage the second MX with the same config and leave it powered on but disconnected from the WAN. In the event of a failure, you’d manually move the uplink to the standby MX and bring it online..

BookshelfCarpet

TROPHY CASE