Skip to main content
Cisco Meraki

Cloud Monitoring Onboarding

Onboarding is the process of enabling cloud-monitoring functionality for an existing Catalyst switch. For background information regarding cloud monitoring for Catalyst, please refer to Cloud Monitoring Overview and FAQ.

Requirements

Cloud monitoring for Catalyst currently supports the following hardware and software:

To enable cloud monitoring for Catalyst, each switch must be onboarded. This process connects the switch to the cloud using a TLS tunnel, which is used to communicate device status and telemetry to the Meraki dashboard.

Pre-Onboarding

  1. Confirm that the switch(es) designated for onboarding are one of the following:

  • Catalyst 9200, 9300, or 9500 series hardware

  • Running iOS-XE 17.3.1 or later

  1. Have access to the Meraki dashboard
  1. Get your organization's dashboard API key. To find or generate an API key:
  • In Organization -> Settings verify that the checkbox for “Dashboard API Access” is selected and saved in the “Dashboard API access” section

  • From My Profile, choose "Generate new API key" or use an existing key. Note that a full admin account must be used. SAML log-in is not supported for API key creation

  1. Ensure reachability
  • The computer from which the onboarding application is run must be able to reach api.meraki.com on TCP port 443

    • The onboarding application is a stand-alone executable file; security settings on your local device must permit running this application and accessing the API server

    • HTTPS proxy servers that modify the certificate in transit are not currently supported

  • The Catalyst devices to onboard need access to the Cisco cloud

    • Ensure any firewall rules in place allow communication with the gateway corresponding with the dashboard region on TCP port 443:

      • Americas: us.tlsgw.meraki.com

      • EMEA: eu.tlsgw.meraki.com 

      • Asia Pacific and Japan: ap.tlsgw.meraki.com

  • HTTPS proxies to access the API endpoint and the TLS gateway are not currently supported. If necessary, ensure rules are in place to allow direct HTTPS connections to each.
  • Connectivity must be via a front-panel port (not the management interface).
  • IP routing (ip routing) must be enabled on the switch or will be enabled as part of onboarding.
  • Ensure routes are in place to reach external addresses including a default route (use of ip default-gateway is not supported).
  • Ensure DNS is enabled on the switch (ip name-server {DNS server IP} configured).
  • NTP needs to be enabled on the switch (ntp server {address}), and the switch clock must reflect the correct time.
  • AAA on the switch must be configured using aaa new-model.
  • SSH access to the switch CLI must be enabled and accessible via the computer used for onboarding.
  • The user account for onboarding must have privilege-15 level access on the switch.
  1. Determine which dashboard network(s) to add the switch to
  • The network must be "switch" or "combined" type
  • The network must use the "Unique Client Identifier" tracking method. If it is not already configured as such, the onboarding process will automatically change the network to "Unique Client Identifier" mode

Information about creating a new network is available at: https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Creating_and_Deleting_Dashboard_Networks#Creating_a_Network

When the tracking method is changed, clients may appear to be duplicated until previously collected data ages out and is no longer valid. For more information, see: https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options.

  • Back up the current running configuration on the switch prior to beginning onboarding (copy run flash:config-backup.txt)

Downloading the Onboarding Application

The onboarding application is available through the Meraki dashboard. To access it, go to Network-wide > Add Devices from the navigation on the left side. In this section, click on the link to add Catalyst switches to the dashboard.

Screen Shot 2022-06-14 at 4.10.07 PM.png

Select your operating system from the list to download the version for your computer.

Screen Shot 2022-06-14 at 4.11.03 PM.png

Onboarding

Onboarding is guided through an application that verifies compatibility, gathers the dashboard account information, and creates a tunnel connection to the cloud, enabling telemetry to be sent from the device to the cloud.

Configuration changes to the Catalyst switch are the minimal set required to provide cloud-monitoring functionality.

Using the Onboarding Application

The onboarding tool is a stand-alone application that runs natively on Windows, MacOS, or Linux. If running on Linux, note that this is a GUI application, and a CLI version is not currently available.

We recommend making a backup of your existing running configuration on switches before making any changes.

Upon launching the onboarding application, it will automatically check and download the latest version. First-time users will also need to read and accept the terms and conditions for this cloud service.

On the main page, paste in the API key that you previously copied from the dashboard (refer to the checklist above if you do not have this saved).

Screen Shot 2022-06-10 at 6.31.50 AM.png

To continue, a valid dashboard API key from an account with write access must be entered.

Step 1: Confirm the organization associated with the API key the switch(es) should be added to. The link can be used to access the dashboard for that organization. If you have multiple organizations you wish to onboard switches to, you will need to run the app separately for each organization.

Screen Shot 2022-06-10 at 6.31.59 AM.png

Step 2: Enter the IPv4 address of the switch(es) to be onboarded. This should be the local address that is accessible from the computer on which the onboarding tool is run. A port number can be specified if other than the default (TCP 22). For example: 192.168.1.10:3421

Screen Shot 2022-06-10 at 6.32.35 AM.png

Step 3: Enter the SSH credentials of the switch(es) to be onboarded. The credentials must be the same for all switches. If different credentials are required, the onboarding process must be restarted after completion.

Screen Shot 2022-06-10 at 6.33.00 AM.png

Step 4: Pre-checks will be completed to verify that the hardware, software, and configuration is eligible for cloud monitoring.

Screen Shot 2022-06-10 at 6.33.17 AM.png


Screen Shot 2022-06-10 at 6.42.32 AM.png

Step 5: The user is provided a list of networks in their organization and can select which one they would like to use for onboarding. Note that a switching network or combined network including switching must be used and a different network can be selected per switch being onboarded.

Screen Shot 2022-06-10 at 6.42.45 AM.png

Step 6: The proposed configuration changes are presented to the user for review. The user must check the box next to each switch to confirm they would like to make the change.

Screen Shot 2022-06-10 at 6.42.55 AM.png

Details of all changes can be seen using the “show details” link.

Screen Shot 2022-06-10 at 6.42.59 AM.png

Step 7: The configuration is applied.

Screen Shot 2022-06-10 at 6.47.36 AM.png

After completion, the switch may take a few minutes to appear in the dashboard. Additional data will take time to populate.

Screen Shot 2022-06-10 at 6.47.51 AM.png

Dashboard page after onboarding:

Offboarding/Removing Switches from Cloud Monitoring

To remove a switch from the Meraki dashboard and cloud monitoring, follow the standard process for removing a device from a Meraki network seen in the article, Adding and Removing Devices from Dashboard Networks.

From the switch page, select the checkbox next to the desired switch(es) and select “remove from network.” At this time, the tunnel connection will be disabled on the switch if currently connected, and the switch will be removed from the dashboard.

The running configuration on the switch will not automatically be reverted to its state prior to onboarding in order to prevent unexpected behavior due to additional changes that may have occurred outside the scope of cloud monitoring.

Cloud Monitoring Onboarding Error Messages

Invalid API key. A full (read/write) key is required. The API key is validated by the onboarding application by connecting to the API server at api.meraki.com.

This message indicates that the API key could not be validated with the server. Check that the key is entered correctly. If this still does not work, a new API key must be created following the instructions in our Dashboard API article. 

Note that a full admin account is required and that the key must be read/write (not read-only). Accounts using SAML are unable to generate API keys, and a dashboard account with Meraki credentials should be used instead.

Unable to validate your API key. A full (read/write) key is required. Please try again.

Ensure connectivity from the local computer to api.meraki.com on TCP 443. HTTPS proxies in the path are not currently supported.

If connectivity has been validated and this error is still seen, a new key can be generated following the instructions above.

Error: Timed out while waiting for handshake. Confirm you can reach the switch via SSH from this computer.

The onboarding application will attempt to connect via SSH on the IP address and port provided. Confirm that the switch can be reached from the same computer using a terminal connection on the same IP address and port. Ensure there are no firewall rules in place preventing connections from the onboarding application.

Error: All configured authentication methods failed. Confirm your username and password are correct.

The credentials provided are returned as invalid from the switch. Ensure that the username and password are correct. If an enable password is required to have elevated rights (privilege level 15), this must be provided as well.

Device is not eligible for onboarding. Reason: [reason]

Review the reason shown. Confirm that the hardware, iOS-XE version, and DNA license are supported according to the onboarding documentation.

Error checking device [configuration]

Ensure the switch is reachable on the IP address and port provided. Confirm that the credentials provided have privilege level 15 to read all information from the switch.

The credentials you provided do not have permission to proceed with the onboarding process. Please provide an enable password.

An enable password must be provided if the username/password do not provide privilege level 15 rights.

A device with specified serial number and model already exists and is in use by different account.

Remove the switch from the existing dashboard network. Steps are available in the Offboarding/Removing Switches from Cloud Monitoring section of this article above.

It’s taking longer than usual to confirm your device is ready. Onboarding will continue in the cloud. Please check your dashboard later.

The onboarding process on the switch has been completed, but additional back-end processing in the cloud is required. The switch should be available in the dashboard after 15 minutes. If it does not appear after one hour, attempt onboarding again or contact support.

Known Issues/Caveats for Onboarding 

  • Configuration of “aaa new-model” must be implemented in configuration prior to running onboarding. This will not be added automatically by the onboarding tool in order to prevent unexpected changes in the authentication process on the network.

  • For authorization only (not authentication), local must be first in the list to allow the local Meraki user to have sufficient permissions to establish the tunnel and connect.

    • This change will be presented for review prior to application in the onboarding tool

    • If command authorization is used (via "aaa authorization commands <level> ...") the user "meraki-user" must be granted privilege 15 access from TACACS

  • RADIUS authentication is not currently supported.

  • HTTPS proxies that perform TLS decryption are not currently supported. Both the onboarding tool and the switches enabled for cloud monitoring require direct access to the respective resources on TCP 443. For more detail, review the Cloud Monitoring Overview and FAQ.

  • Cloud monitoring is not currently supported on switches attached to a Cisco DNA Center appliance. The additional telemetry feeds required for cloud monitoring may conflict with those needed for DNA Center. The onboarding tool will not prevent switches attached to DNA Center from being added for cloud monitoring. However, this configuration has not been fully tested and is not officially supported at this time.

  • To avoid conflicts or issues when onboarding a switch that has a pre-existing NetFlow configuration, the cloud monitoring NetFlow configuration will not be applied to the device. This means that traffic and application data will not be available in the Meraki dashboard.

  • While SVL stacks can be onboarded to cloud monitoring without issue, SVL stacking is not supported at this time, so some of the data on the stack connection itself may be missing or inaccurate. In addition, Catalyst 9500 switches will show two additional ports in the switch port list that do not actually exist. Other than these two specific issues, stacked 9500 switches are fully compatible with cloud monitoring.

Example onboarding configuration changes

Once the tunnel is established, the cloud back end adds additional configuration to the switch to receive telemetry information. This process occurs automatically and does not require user intervention.

An example of the added iOS-XE configuration is:

! Clean up pre-existing configuration
no crypto tls-tunnel MERAKI-PRIMARY
no crypto pki trustpoint MERAKI_TLSGW_CA
yes
no interface Loopback55
yes

! Removing existing Line VTY Using Same Rotary
no line vty 16 17

! Certificates to trust for Cloud Connectivity
crypto pki trustpoint MERAKI_TLSGW_CA
enrollment terminal
crypto pki authenticate MERAKI_TLSGW_CA
-----BEGIN CERTIFICATE-----
ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697E
A7sKPPcw7+uvTPyLNhBzPvOk…
-----END CERTIFICATE-----
quit
yes

! Set trustpoint storage location and turn off certificate revocation check
crypto pki trustpoint MERAKI_TLSGW_CA
  enrollment url flash://MERAKI_TLSGW_CA
  revocation-check none

! Create Loopback interface for TLS tunnel overlay
interface Loopback55
description Meraki TLS Connection
exit

! Enable routing (required for Netconf)
ip routing
ip route 18.232.x.x 255.255.255.255 Null 0

! Create local auth group
aaa authentication login MERAKI_VTY_AUTH_N local
aaa authorization exec MERAKI_VTY_AUTH_Z local

! Create ACL for cloud SSH ingress
ip access-list extended MERAKI_VTY_IN
10 permit tcp host 18.232.x.x any eq 2222
20 deny   tcp any any

! Create ACL for cloud telemetry egress
ip access-list extended MERAKI_VTY_OUT
10 permit tcp any host 18.232.x.x eq 2022
20 deny   tcp any any

! Enable SSH to VTY lines
line vty 16 17
  access-class MERAKI_VTY_IN in
  access-class MERAKI_VTY_OUT out
  authorization exec MERAKI_VTY_AUTH_Z
  login authentication MERAKI_VTY_AUTH_N
  rotary 50
  transport input ssh
  exit

! Configure SSH v2 with publickey authentication
ip ssh version 2
ip ssh server algorithm authentication publickey password keyboard

ip ssh port 2222 rotary 50

! Configure a user for SSH and Netconf access
username meraki-user privilege 15 secret 9 $9$1XUfj8vd…
ip ssh pubkey-chain
username meraki-user
key-string
AAAAB3N…
exit
exit
exit

! enable NETCONF YANG globally
netconf-yang

! enable LLDP for non-CDP network discovery
lldp run

! Configure a TLS tunnel for Cloud Connectivity
! Using GigabitEthernet1/0/1 as the preferred source based on the current default route
crypto tls-tunnel MERAKI-PRIMARY
  server url us.tlsgw.meraki.com port 443
  overlay interface Loopback55
  local-interface GigabitEthernet1/0/1 priority 1
  pki trustpoint CISCO_IDEVID_SUDI sign
  pki trustpoint MERAKI_TLSGW_CA verify
  no shut
exit

Example of full change in configuration following onboarding:

aaa authentication login MERAKI local       
aaa authorization exec default local       
aaa authorization exec MERAKI local       
!       
!       
!                      
aaa session-id common       
!               
ip routing       
!               
device-tracking policy MERAKI_POLICY       
security-level glean       
no protocol udp       
tracking enable       
!       
!       
flow record MERAKI_AVC_HTTP_SSL_IPV4       
match application name       
match connection client ipv4 address       
match connection server ipv4 address       
match connection server transport port       
match flow observation point       
match ipv4 protocol       
match ipv4 version       
collect application http host       
collect application ssl common-name       
collect connection client counter bytes network long       
collect connection client counter packets long       
collect connection initiator       
collect connection new-connections       
collect connection server counter bytes network long       
collect connection server counter packets long       
collect datalink mac source address input       
collect datalink mac source address output       
collect flow direction       
collect timestamp absolute first       
collect timestamp absolute last       
!       
!       
flow exporter MERAKI_AVC       
destination local file-export default       
export-protocol ipfix       
option interface-table timeout 300       
option application-table       
option application-attributes       
!       
!       
flow monitor MERAKI_AVC_IPV4       
exporter MERAKI_AVC       
cache timeout inactive 60       
cache timeout active 300       
cache entries 65536       
record MERAKI_AVC_HTTP_SSL_IPV4       
!       
flow file-export default       
destination 18.232.x.x transport http dest-port 18088 up
file max-size 10       
file max-count 2       
file max-create-interval 5       
crypto pki trustpoint MERAKI_TLSGW_CA       
enrollment url flash://MERAKI_TLSGW_CA       
revocation-check none             
   quit      
crypto pki certificate chain MERAKI_TLSGW_CA       
certificate ca 06D8D904D5584346F68A2FA754227EC4       
  308204BE 308203A6 A0030201 02021006 D8D904D5 584346F6 8A2FA
  0D06092A 864886F7 0D01010B 05003061 310B3009 06035504 06130
  13060355 040A130C 44696769 43657274 20496E63 31193017 06035
...
   quit       
!               
username meraki-user privilege 15 secret 9 $9$lQXSZ...$
lldp run       
!               
!       
!       
       
crypto tls-tunnel MERAKI-PRIMARY       
server url us.tlsgw.meraki.com port 443       
overlay interface Loopback1000       
local-interface GigabitEthernet1/0/1 priority 1       
pki trustpoint CISCO_IDEVID_SUDI sign       
pki trustpoint MERAKI_TLSGW_CA verify       
interface Loopback1000       
description Meraki TLS Connection       
ip address 20.0.x.x 255.255.255.255       
!                
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
!               
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY                
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
!       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       |
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
!               
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       |         
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
!       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
device-tracking attach-policy MERAKI_POLICY       
ip flow monitor MERAKI_AVC_IPV4 input       
ip flow monitor MERAKI_AVC_IPV4 output       
ip route 18.232.x.x 255.255.255.255 Null0       
ip ssh port 2222 rotary 50       
ip ssh version 2       
ip ssh pubkey-chain       
  username meraki-user       
   key-hash ssh-rsa 8CDF9A4C836A3D74673...       
ip ssh server algorithm authentication publickey password key
!       
ip access-list extended MERAKI_VTY_IN       
10 permit tcp host 18.232.x.x any eq 2222       
20 deny   tcp any any       
ip access-list extended MERAKI_VTY_OUT       
10 permit tcp any host 18.232.x.x eq 2022       
20 deny   tcp any any       
logging host 18.232.x.x       
!       
snmp-server enable traps smart-license       
snmp-server enable traps config-copy       
snmp-server enable traps config       
snmp-server enable traps config-ctid       
snmp-server host 18.232.x.x version 2c public       
!                
      > login local
      > login local
line vty 16 17       
access-class MERAKI_VTY_IN in       
access-class MERAKI_VTY_OUT out       
rotary 50       
transport input ssh       
line vty 18 19       
access-class MERAKI_VTY_IN in       
access-class MERAKI_VTY_OUT out       
authorization exec MERAKI       
login authentication MERAKI       
rotary 50       
transport input ssh       
               
!               
netconf-yang       
telemetry ietf subscription 1001       
encoding encode-tdl       
filter tdl-uri /services;serviceName=sman_oper/control_proce
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1002       
encoding encode-tdl       
filter tdl-transform MERAKI_INTF_STATS_DELTA       
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1003       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_d
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1004       
encoding encode-tdl       
filter nested-uri /services;serviceName=sman_oper/control_pr
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1007       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/platform_compo
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1011       
encoding encode-tdl       
filter tdl-uri /services;serviceName=smevent/sessionevent    
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1012       
encoding encode-tdl       
filter tdl-uri /services;serviceName=sessmgr_oper/session_co
stream native       
update-policy periodic 360000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1013       
encoding encode-tdl       
filter tdl-uri /services;serviceName=iosevent/sisf_mac_oper_
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1014       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/sisf_db_wired_
stream native       
update-policy periodic 360000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1015       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/poe_port_detai
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1016       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/poe_module     
stream native       
update-policy periodic 60000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1018       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_d
stream native       
update-policy periodic 360000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1020       
encoding encode-tdl       
filter tdl-uri /services;serviceName=stkmevent/stkmevent     
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1021       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_oper/switch_oper_in
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1030       
encoding encode-tdl       
filter tdl-uri /services;serviceName=iosevent/platform_compo
stream native       
update-policy on-change       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 1031       
encoding encode-tdl       
filter tdl-uri /services;serviceName=ios_emul_oper/entity_in
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry ietf subscription 2002       
encoding encode-tdl       
filter tdl-transform MERAKI_PORTCHANNEL_STATS_DELTA       
stream native       
update-policy periodic 30000       
receiver ip address 18.232.x.x 25103 protocol cloud-nati
telemetry transform MERAKI_INTF_STATS_DELTA       
input table tbl_interfaces_state       
  field ipv4       
  field name       
  field speed       
  field if_index       
  field description       
  field oper_status       
  field admin_status       
  field phys_address       
  field interface_type       
  field statistics.rx_pps       
  field statistics.tx_pps       
  field statistics.in_octets       
  field statistics.out_errors       
  field ether_state.media_type       
  field statistics.in_errors_64       
  field statistics.out_discards       
  field statistics.in_crc_errors       
  field statistics.out_octets_64       
  field intf_ext_state.error_type       
  field statistics.in_discards_64       
  field statistics.in_unicast_pkts       
  field statistics.out_unicast_pkts       
  field ether_stats.in_jabber_frames       
  field statistics.in_broadcast_pkts       
  field statistics.in_multicast_pkts       
  field statistics.out_broadcast_pkts       
  field statistics.out_multicast_pkts       
  field ether_stats.in_fragment_frames       
  field ether_stats.in_oversize_frames       
  field ether_stats.in_mac_pause_frames       
  field statistics.in_unknown_protos_64       
  field ether_stats.out_mac_pause_frames       
  field intf_ext_state.port_error_reason       
  field ether_state.negotiated_port_speed       
  field ether_state.negotiated_duplex_mode       
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  field ether_stats.dot3_counters.dot3_error_counters_v2.dot3
  join-key name       
  logical-op and       
  type mandatory       
  uri /services;serviceName=ios_emul_oper/interface       
operation 1       
  output-field 1       
   field tbl_interfaces_state.name       
  output-field 2       
   field tbl_interfaces_state.if_index       
  output-field 3       
   field tbl_interfaces_state.interface_type       
  output-field 4       
   field tbl_interfaces_state.description       
  output-field 5       
   field tbl_interfaces_state.admin_status       
  output-field 6       
   field tbl_interfaces_state.oper_status       
  output-field 7       
   field tbl_interfaces_state.speed       
  output-field 8       
   field tbl_interfaces_state.ipv4       
  output-field 9       
   field tbl_interfaces_state.phys_address       
  output-field 10       
   field tbl_interfaces_state.statistics.in_unknown_protos_64
  output-field 11       
   field tbl_interfaces_state.statistics.in_octets       
  output-field 12       
   field tbl_interfaces_state.statistics.out_octets_64       
  output-field 13       
   field tbl_interfaces_state.statistics.in_errors_64       
  output-field 14       
   field tbl_interfaces_state.statistics.out_errors       
  output-field 15       
   field tbl_interfaces_state.statistics.in_unicast_pkts      
  output-field 16       
   field tbl_interfaces_state.statistics.out_unicast_pkts     
  output-field 17       
   field tbl_interfaces_state.statistics.in_multicast_pkts    
  output-field 18       
   field tbl_interfaces_state.statistics.out_multicast_pkts   
  output-field 19       
   field tbl_interfaces_state.statistics.in_broadcast_pkts    
  output-field 20       
   field tbl_interfaces_state.statistics.out_broadcast_pkts   
  output-field 21       
   field tbl_interfaces_state.statistics.in_discards_64       
  output-field 22       
   field tbl_interfaces_state.statistics.out_discards       
  output-field 23       
   field tbl_interfaces_state.statistics.tx_pps       
  output-field 24       
   field tbl_interfaces_state.statistics.rx_pps       
  output-field 25       
   field tbl_interfaces_state.ether_state.media_type       
  output-field 26       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 27       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 28       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 29       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 30       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 31       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 32       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 33       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 34       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 35       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 36       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 37       
   field tbl_interfaces_state.ether_stats.dot3_counters.dot3_
  output-field 38       
   field tbl_interfaces_state.ether_stats.in_mac_pause_frames
  output-field 39       
   field tbl_interfaces_state.ether_stats.out_mac_pause_frame
  output-field 40       
   field tbl_interfaces_state.ether_stats.in_oversize_frames  
  output-field 41       
   field tbl_interfaces_state.ether_stats.in_jabber_frames    
  output-field 42       
   field tbl_interfaces_state.ether_stats.in_fragment_frames  
  output-field 43       
   field tbl_interfaces_state.ether_state.negotiated_duplex_m
  output-field 44       
   field tbl_interfaces_state.ether_state.negotiated_port_spe
  output-field 45       
   field tbl_interfaces_state.statistics.in_crc_errors       
  output-field 46       
   field tbl_interfaces_state.intf_ext_state.error_type       
  output-field 47       
   field tbl_interfaces_state.intf_ext_state.port_error_reaso
specified       
telemetry transform MERAKI_PORTCHANNEL_STATS_DELTA       
input table tbl_interfaces_state       
  field ipv4       
  field name       
  field speed       
  field if_index       
  field description       
  field oper_status       
  field admin_status       
  field phys_address       
  field interface_type       
  field interface_class       
  field statistics.rx_pps       
  field statistics.tx_pps       
  field statistics.in_octets       
  field statistics.out_errors       
  field statistics.in_errors_64       
  field statistics.out_discards       
  field statistics.out_octets_64       
  field statistics.in_discards_64       
  field statistics.in_unicast_pkts       
  field statistics.out_unicast_pkts       
  field statistics.in_broadcast_pkts       
  field statistics.in_multicast_pkts       
  field statistics.out_broadcast_pkts       
  field statistics.out_multicast_pkts       
  field statistics.in_unknown_protos_64       
  join-key name       
  logical-op and       
  type mandatory       
  uri /services;serviceName=ios_emul_oper/interface       
operation 1       
  filter 1       
   condition operator eq       
   condition value INTF_CLASS_UNSPECIFIED       
   field tbl_interfaces_state.interface_class       
   logical-op and       
   logical-op next and       
  filter 2       
   event on-change       
   field tbl_interfaces_state.name       
   logical-op next or       
   logical-op or       
  output-field 1       
   field tbl_interfaces_state.name       
  output-field 2       
   field tbl_interfaces_state.if_index       
  output-field 3       
   field tbl_interfaces_state.interface_type       
  output-field 4       
   field tbl_interfaces_state.description       
  output-field 5       
   field tbl_interfaces_state.admin_status       
  output-field 6       
   field tbl_interfaces_state.oper_status       
  output-field 7       
   field tbl_interfaces_state.speed       
  output-field 8       
   field tbl_interfaces_state.ipv4       
  output-field 9       
   field tbl_interfaces_state.phys_address       
  output-field 10       
   field tbl_interfaces_state.statistics.in_unknown_protos_64
  output-field 11       
   field tbl_interfaces_state.statistics.in_octets       
  output-field 12       
   field tbl_interfaces_state.statistics.out_octets_64       
  output-field 13       
   field tbl_interfaces_state.statistics.in_errors_64       
  output-field 14       
   field tbl_interfaces_state.statistics.out_errors       
  output-field 15       
   field tbl_interfaces_state.statistics.in_unicast_pkts      
  output-field 16       
   field tbl_interfaces_state.statistics.out_unicast_pkts     
  output-field 17       
   field tbl_interfaces_state.statistics.in_multicast_pkts    
  output-field 18       
   field tbl_interfaces_state.statistics.out_multicast_pkts   
  output-field 19       
   field tbl_interfaces_state.statistics.in_broadcast_pkts    
  output-field 20       
   field tbl_interfaces_state.statistics.out_broadcast_pkts   
  output-field 21       
   field tbl_interfaces_state.statistics.in_discards_64       
  output-field 22       
   field tbl_interfaces_state.statistics.out_discards       
  output-field 23       
   field tbl_interfaces_state.statistics.tx_pps       
  output-field 24       
   field tbl_interfaces_state.statistics.rx_pps       
specified
  • Was this article helpful?