Cisco Meraki: Switches

Meraki switches (MS series) support powerful API capabilities that enable centralized management, automation, and integration with other systems. These endpoints allow administrators to monitor switch port status, configure ports, and gather performance insights.

• List Switch Ports by Switch:
  /api/v1/organizations/{organizationId}/switch/ports/bySwitch
  Returns a list of configured ports on all switches in the organization, grouped by switch.
• Switch Port Statuses:
  /api/v1/devices/{deviceSerial}/switch/ports/statuses
  Retrieves current status, performance, and connectivity data for all ports on a specific switch.
• Switch Port Performance Data:
  This data is returned in the response of the statuses API and includes important metrics such as usage, errors, and client connection.
• Uplink Status Across Appliances:
  /api/v1/organizations/{organizationId}/appliance/uplink/statuses
  Provides real-time data on WAN uplink status for all MX or Z-series appliances in the organization.
• Uplink Usage by Network:
  /api/v1/organizations/{organizationId}/appliance/uplinks/usage/byNetwork
  Displays data usage trends and WAN traffic analytics over time, grouped by network.
• Generate API Key for Integration:
  To use the API, generate a key by going to: Organization > Settings > Dashboard API access, then enable API and generate a secure key. Keys should be treated like passwords.
• Important: All requests must include an X-Cisco-Meraki-API-Key header with your API key and are subject to rate limits.

Configuration templates and switch profiles dramatically simplify the process of deploying, managing, and updating large fleets of Meraki switches. By applying standardized configuration templates, organizations ensure consistency while still allowing for flexibility when needed.

1. Create a Configuration Template:
   
   1. Go to Organization > Configuration templates in the Meraki dashboard.
   2. Click Create a new template.
   3. Provide a descriptive name for your template and select the switch model(s) it will apply to.
   4. (Optional) Copy settings from an existing network or template if you want to reuse existing configurations.
   5. Click Add to save the template.
2. Customize Switch Templates & Profiles:
   
   1. Select your newly created template from the list.
   2. Navigate to Switching > Configure > Switch templates.
   3. Click View ports on this switch template to adjust port settings as needed.
   4. Create Switch Profiles to group switches by model and port configuration. Each profile defines settings for all switches with the same port mix.
3. Bind Networks or Switches to a Template:
   
   1. In the configuration template, select Bind networks or Bind switches.
   2. Choose one or more networks or switches to apply the template settings.
   3. Click Bind (or Bind to profile if binding individual switches).
   4. All devices bound to the template will automatically inherit the configuration. Any further changes to the template will instantly update all bound devices.
4. Apply Configuration Changes in Bulk:
   
   • Editing the template or associated profiles will update all bound switches in real time.
   • This ensures streamlined operations and eliminates manual errors when deploying updates across different sites.
5. Switch Profile Assignment via API (Advanced):
   
   1. List available switch profiles using:
      GET /organizations/{organizationId}/configTemplates/{configTemplateId}/switch/profiles
   2. Assign a switch to a profile with:
      PUT /networks/{networkId}/devices/{serial}
      Include the switchProfileId in your API request body.
6. Key Considerations:
   • Switch templates are ideal for sites with standardized configurations and multiple devices of the same model.
   • Site-specific exceptions can still be configured after binding.
   • Changing a device’s profile may require manual binding in existing networks.

Cisco Meraki switches offer a streamlined onboarding process to bring your devices into cloud management and enable API access for automation and integrations. Follow these steps to quickly onboard switches and generate API keys.

1. Prepare for Onboarding:
   • Make sure you have physical or remote access to the switch you want to add.
   • Gather credentials and the serial number for each device.
2. Access the Meraki Dashboard:
   1. Log in to the Meraki Dashboard at dashboard.meraki.com.
   2. If you do not have an account, create one and set up your organization.
3. Onboard Your Switches:
   1. Navigate to Organization > Inventory.
   2. Click Add devices and enter the serial number(s) for the switches you wish to onboard.
   3. Assign the switches to the appropriate network.
   4. After onboarding, the switches will appear in the dashboard ready for monitoring and configuration.
4. Enable API Access:
   1. Go to Organization > Settings.
   2. Under Dashboard API access, check the box to enable access.
   3. Click Save Changes if prompted.
5. Generate an API Key:
   1. Click your username or email in the upper right corner and select My Profile.
   2. In the API access section, click Generate new API key.
   3. Copy your API key and store it securely. This key grants administrative access and will not be shown again.
6. Use Your API Key:
   • API keys are required for all automated scripts and integrations with the Meraki Dashboard API.
   • Keep API keys secure; treat them like sensitive passwords.
7. Key Reminders:
   • Only dashboard admin users can generate API keys.
   • Each user may have up to two active API keys.
   • If a key is lost, revoke and generate a new key from your profile page.

Configuring SNMP (Simple Network Management Protocol) on Cisco Meraki switches allows you to monitor device status, gather real-time data, and integrate with third-party network management tools. Follow this step-by-step process to set up and secure SNMP on your switches.

1. Access the Meraki Dashboard:
   1. Log in to the Meraki Dashboard.
   2. Navigate to Network-wide > Configure > General or Reporting section (depending on your dashboard version).
2. Enable SNMP:
   • Scroll down to the SNMP section.
   • Select the SNMP version you wish to use:
     • SNMP v1/v2c: Simple community-string-based access. Enter a secure community string.
     • SNMP v3: More secure—requires a username and password; communications are encrypted.
   • Click to Save Changes.
3. Configure SNMPv3 (Recommended for Security):
   1. Choose SNMP v3 in the configuration panel.
   2. Set a username and password for authentication and privacy.
   3. SNMP v3 uses SHA authentication and AES128 or DES for privacy.
4. Set SNMP Access Restrictions:
   • For v1/v2c, define allowed IP addresses to limit SNMP access and increase security.
   • For v3, this is optional but still recommended as an added security layer.
5. Download Meraki MIB (Optional, for OID lookups):
   1. In the SNMP settings panel, look for an option to Download MIB file.
   2. Upload the MIB to your SNMP management system for better object identification and alerting capabilities.
6. Test SNMP Configuration:
   • Use tools like snmpwalk from a monitoring server to verify SNMP communication with your switch.
   • Sample command for v2c: snmpwalk -v2c -c <community> <switch_ip>
   • Sample command for v3: snmpwalk -v3 -l authPriv -u <username> -a SHA -A <authpass> -x AES -X <privpass> <switch_ip>
7. Configure SNMP Traps (Optional):
   1. Go to Network-wide > Configure > Alerts.
   2. Enable SNMP Traps and enter the IP address of your SNMP trap receiver.
   3. Choose SNMP version (v2c or v3) and provide credentials accordingly.
   4. Use the Test Trap feature to ensure traps are received successfully.
8. Apply & Review:
   • Save all configuration changes.
   • Verify SNMP data and alerts are visible in your management system.
   • Periodically review SNMP credentials and access lists for ongoing security.

• Tip: SNMPv3 is strongly recommended for security. Always use strong credentials and limit access to trusted IP addresses when possible.
• Note: Each switch must be polled individually; repeaters and devices without an IP address cannot be directly polled with SNMP.

Integrating Cisco Meraki switches with external Network Access Control (NAC) and security platforms enables enhanced network security, access enforcement, and automation. Use these steps to connect Meraki switches to popular NAC systems such as Cisco ISE, FortiNAC, or other third-party solutions.

1. Enable SNMP and API Access:
   • SNMP is used by many NAC platforms for device discovery and monitoring. Ensure SNMP credentials are configured (preferably SNMPv3).
   • Enable the Dashboard API and generate an API key. Both will be required for platform integration.
2. Add Switches to the NAC Inventory:
   1. Open your NAC/security platform’s management console.
   2. Navigate to the section for network devices or switches.
   3. Add each Cisco Meraki switch by specifying its IP address and SNMP credentials.
   4. For advanced integrations, provide the Meraki API key and organization details.
3. Configure RADIUS Authentication (Optional, for 802.1X NAC):
   1. In the Meraki dashboard, go to Switch > Access Policies.
   2. Create or edit an access policy and select 802.1X authentication.
   3. Enter the RADIUS server IP, shared secret, and specify authentication methods.
   4. Assign the created policy to the desired switch ports for endpoint verification and access enforcement.
4. Verify Device Visibility and Host Detection:
   • Confirm that the NAC solution can discover and profile Meraki switches via SNMP.
   • Check for end-host visibility and network mapping to ensure endpoints are being identified and controlled.
5. Configure Enforcement Policies/Groups:
   1. Within your NAC platform, create enforcement rules or groups based on user roles, device posture, or security policy.
   2. Link these policies to authenticated devices or endpoints connected to Meraki switches.
   3. Automate actions such as quarantine, VLAN assignment, or access restrictions when security requirements are unmet.
6. Troubleshoot Integration:
   • Review SNMP logs and API response codes for errors or access issues.
   • Test authentication flows and endpoint policies to validate enforcement.
   • Refer to platform documentation for supported Meraki switch models and integration best practices.

• Tip: Keep API keys and SNMP credentials secure. Regularly update passwords and delete unused integration accounts for better security.
• Note: Integration steps may vary depending on the NAC or security platform in use. Always review vendor documentation for exact workflow details.

Assigning switch profiles programmatically enhances efficiency and consistency when managing large numbers of Cisco Meraki switches. Follow these step-by-step instructions to assign switch profiles using the Meraki Dashboard API.

1. Retrieve Available Switch Profiles:
   1. Use the API endpoint:
      GET /organizations/{organizationId}/configTemplates/{configTemplateId}/switch/profiles
   2. This will return a list of switch profiles, including each profile's unique switchProfileId.
2. Identify the Target Switch and Network:
   • Locate the serial number of the switch you want to assign the profile to.
   • Find the network ID (networkId) where the switch is deployed.
3. Assign the Profile to the Switch:
   1. Use the following API call to update device attributes:
      PUT /networks/{networkId}/devices/{serial}
   2. Include the switchProfileId in the JSON request body. Example:
      { "switchProfileId": "ID_Number_From_Previous_Step" }
   3. Execute the request. The switch will now be bound to the specified profile and inherit its configurations.
4. Verify Profile Assignment:
   • In the Meraki dashboard, navigate to the switch's details page to confirm the correct profile is assigned.
   • Use API calls to fetch device data and verify the switchProfileId configuration.
5. Key Best Practices and Notes:
   • Only compatible switch models can be assigned to a given profile.
   • Profile assignment through the API is ideal for existing networks. For new network creation, enable auto-bind in the dashboard for automatic assignment.
   • Manual intervention might be needed for large-scale profile changes if automated methods are unavailable for certain scenarios.
   • Always test in a staging environment before updating production devices in bulk.

Follow these steps to safely replace a switch in a Cisco Meraki switch stack, ensuring minimal downtime and configuration consistency:

1. Document the Existing Stack:
   • Note the current stack configuration, including stack members, port usage, and uplink connections.
   • Capture existing switch and port configurations from the Meraki Dashboard.
2. Schedule Maintenance Window:
   • Plan the replacement during a low-traffic period to minimize service disruption.
   • Notify stakeholders of the expected downtime.
3. Remove the Old Switch:
   • Power down the stack or isolate the switch to be replaced.
   • Disconnect the old switch from stack cables and network connections.
   • Remove the device from the Meraki Dashboard, and document serial numbers as needed.
4. Add the Replacement Switch:
   • Physically install the new switch in the stack position of the old switch.
   • Connect stack cables and relevant network uplinks in the same configuration as before.
5. Configure in the Meraki Dashboard:
   • Add the new switch’s serial number to the Meraki Dashboard.
   • Apply the old switch’s configuration (name, tags, and port settings) to the replacement device.
   • Ensure the replacement switch adopts the stack configuration and synchronizes with other members.
6. Verify and Test:
   • Check that all stack members are online and recognized in the dashboard.
   • Confirm port and uplink statuses, and verify traffic flow through the replacement switch.
   • Run validation tests to ensure network connectivity and stack stability.
7. Finalize and Document:
   • Update network documentation with the new serial numbers and stack topology.
   • Notify stakeholders of completion and normal network operation.

Use these step-by-step troubleshooting strategies to quickly resolve common Cisco Meraki switch issues:

1. Check Device Connectivity:
   • Ensure the switch has power and is properly connected to the network.
   • Look for solid or blinking status lights indicating hardware health and connectivity.
2. Verify Internet Access:
   • Log into the Meraki Dashboard and confirm the switch status is ‘Online’.
   • If offline, verify upstream connectivity (ISP modem, firewall, or core switches).
3. Check Uplink Configurations:
   • Confirm that uplink ports are configured correctly and that ports are not administratively disabled.
   • Use the Dashboard's "Tools" section to ping gateway or DNS servers from the switch.
4. Inspect Port Traffic and Errors:
   • Go to the individual switch page in the Dashboard and review port statistics.
   • Look for CRC errors, dropped packets, or high usage that may indicate physical cable or speed mismatch issues.
5. Review Event Logs:
   • Check the switch’s "Event log" in the Meraki Dashboard to track link flaps, STP changes, or configuration errors.
6. Use Cable Test Tool:
   • From the Dashboard, run cable tests on suspicious ports to rule out physical layer issues.
7. Validate VLAN and DHCP Settings:
   • Ensure ports are assigned to the correct VLANs and that DHCP settings are properly configured for end devices.
   • Ensure clients are receiving the correct IP address, subnet, gateway, and DNS settings.
8. Perform Packet Captures (Optional):
   • Use the “Packet Capture” tool within Meraki Dashboard to isolate packet-level communication issues between devices.
9. Reboot the Affected Switch:
   • If necessary, issue a remote reboot via the Meraki Dashboard to resolve software-based or temporary hardware issues.
10. Contact Meraki Support:
    • If issues persist after basic troubleshooting, open a case directly from the Dashboard for expert assistance from Meraki Support.