Skip to main content
Cisco Meraki

MR Regulatory Domains

Cisco traditionally sells a unique product SKU per country/territory. These devices have features enabled or disabled as necessary. Cisco Meraki’s philosophy is making IT simple and a software implementation is used to automatically set the right features based on the identified regulatory domain for an MR. This simplified software implementation allows Meraki to ship a single SKU worldwide and is applicable to MR access points (APs) and MX security appliances with Wi-Fi (MX-W) capabilities.

MX Products will not support a manual override of the regulatory domain, please contact support in case of alerts. For more information follow this link.

The regulatory behavior defined in this document does not apply for LTE and users may need to buy region-specific products for LTE support with MX devices.

 

Regulatory Domain Setting for a Device 

A device's regulatory domain is determined based on the ship-to location when a device is sold and the IP geo-location (Geo-IP) when the device checks into the dashboard. If the ship-to country or subsequent Geo-IP lookup for a specific node does not match the network country, an error will be shown in the dashboard and users must take corrective action. Devices and dashboard networks can only function in one country at a time.

From a device management perspective, it is recommended to create separate dashboard networks per geographical area or country per building, floor, etc., and assign devices to those networks accordingly. A more in-depth conversation about the dashboard organization and network is discussed in the Cisco Meraki Best Practice Design document.

If new APs are added to a network and this causes a regulatory mismatch, the new APs will alert about the regulatory mismatched and the AP will be placed in the network’s configured country.

 

Regulatory Domain Setting for a Network

The regulatory domain of a network is determined by the network country. It can be set manually after a network is created or can be automatically determined when devices are deployed into the network. The regulatory domain can be set manually by navigating to Network-wide > General > Country/Region and selecting the appropriate country.

The first device added to the network is used to determine the country if it is not manually set. This will also automatically set the regulatory domain for the network.

Regulatory domain enforcement

There are two different ways to enforce the regulatory domain to the Access Points:

  • Automatic (done by the dashboard, recommended).

  • Manual enforcement.

Automatic

As explained before, regulatory enforcement is done per Geo-IP Location and network-wide setting automatically. The user only defines the country when creating the network and that will be the source of truth when compared to the GeoIP location, any mismatches will generate alerts. If all the nodes in the network are detected (via geolocation) to be in the same country, the network country is updated automatically to this detection.

Usually, this configuration will be correct except special cases where the IP of the gateway is located in a different country, (due to VPN, MPLS, etc).

Manual

A user can agree to use the manual regulatory enforcement in order to bypass the Geo-IP location and enforce the desired regulatory domain of a specific country manually.

 

In order to do this, a legal agreement must be accepted specifying the user is responsible to enforce the right regulatory domain to be used on the network acknowledging the physical location of the Access Points will match the specified.

Configuration

Go to Network-Wide > General, a new option is presented to change to “Manual country setting”

 

Screen Shot 2021-11-15 at 5.15.17 PM.png

 

After clicking on it, the legal agreement will be presented, please, make sure to read it and understand it fully before accepting.
 

Screen Shot 2021-11-15 at 5.17.09 PM.png

Once accepted, two new options will be presented in the “Manual enforcement options” section:

 

  • Override APs to match network

    • This setting will enforce the country selected to all access points disregarding the GeoIP location of the Access Point.

  • Revert network to auto-detection

    • This option will enforce the automatic regulatory domain of the network as before.

 

Screen Shot 2021-11-15 at 5.19.37 PM.png

The country defined in the network can also be changed at this point.

 

To verify the country of the access point go to Wireless > Access Points, select the desired one and Regulatory Info can be seen with the country enforcement. For example:

Screen Shot 2021-11-15 at 5.20.19 PM.png

 

Alerts

In case there are access points alerting for a mismatch regulatory domain, they will be presented in the General webpage ( Network-wide > General ), and they will be shown similarly as the image below:

Screen Shot 2021-11-15 at 5.21.12 PM.png

 

In this example the access points are detected in MX regulatory domain, however, the network is configured as “United States”.

Since there is a mismatch between the configuration and the automatic regulatory domain detection, access points will alert about this issue.

If the configured regulatory domain setting is correct, meaning the Access Points are physically located in Mexico (in this case), the override is feasible.

Click on Override APs to match network, this will force the Access Points to enforce the configuration set in the network-wide page and honor it, disregarding GeoIP Location.

Screen Shot 2021-11-15 at 5.23.20 PM.png

Be aware the country configured must always match the country where the Access Points are physically located.

  • Was this article helpful?