Cloud Monitoring Overview and FAQ
Learn more with these free online training courses on the Meraki Learning Hub:
Note: Packet captures in the Dashboard are now available for monitored switches. For more information go to the Packet Capture section of this document.
Note: This guide is for Cloud Monitoring for Catalyst Switches. See Cloud Monitoring for Catalyst Wireless FAQ for details on Cloud Monitoring for Catalyst 9800 wireless controllers.
What is Cloud Monitoring?
Cloud monitoring for Catalyst provides an integrated view of Catalyst 9000 series switches, seamlessly integrated into the Meraki dashboard experience.
Cloud monitoring provides the ability to view Catalyst switch statistics, configuration, and troubleshooting capabilities. These switches will be automatically tagged with “Monitor Only” in the dashboard to distinguish from fully managed Meraki switches. Aside from this difference, “Monitor Only” Catalyst switches appear and function very similarly to Meraki MS switches in the dashboard, including a visual representation of connected ports and traffic information.
Live troubleshooting tools are also available to assist with issue identification and resolution.
What Cloud Monitoring is Not
Cloud monitoring does not replace other management solutions for the configuration of switches. As a monitoring tool, most operations are read-only. All live troubleshooting capabilities will also not result in persistent changes to configuration following the troubleshooting operation.
In general, Catalyst switches connected to the Meraki dashboard for cloud monitoring provide a similar interface to that provided for MS switches. However, not all functionality or operations are exactly the same.
What configuration is required for Cloud Monitoring?
Details about the required configuration are available in the: Cloud Monitoring Required Configuration document.
Summary Tab
Switch ports and client usage information are available on the Summary page. On the left side, the Catalyst serial number is shown. The Meraki serial number will not be present outside of the Meraki dashboard or on the hardware itself.
The running IOS-XE version is shown under “firmware” on the left side. Current supported versions can be found on: Recommended Releases for Catalyst 9200/9300/9400/9500/9600 Platforms.
CAVEAT: DNA Essentials license
If a DNA Essentials license is in use, client-level traffic analytics are not available. This will be reflected with the banner:
Error Messages/Troubleshooting
Potential NTP issue detected. Please verify upstream firewall rules.
- Confirm an NTP server is configured on the switch in the running configuration (ntp server {address}).
- Confirm the NTP server is accessible. Additional troubleshooting steps can be found in our NTP Troubleshooting and Debugging Guide.
Netconf is in an abnormal state
- Netconf is a protocol used within the encrypted tunnel to communicate between the switch and cloud.
- If this error appears, additional information may be provided in the syslog (show log) of the switch regarding resolution steps.
- After resolving based on any log information shown, the Netconf process should be restarted (no netconf-yang; netconf-yang in the running configuration).
- Any other processes requiring Netconf will be unavailable while Netconf restarts.
- The error may take up to an hour to resolve in Dashboard following the process restart.
Switch Port Details
Port traffic and configuration can be seen for each port. The configuration summary is shown as well. Note that the configuration shown is a subset of settings on the port. There may be additional configuration settings on the Catalyst switch itself that are not shown here.
Port Configuration
The port configuration section in the dashboard includes the most common configuration options. However, there are additional available configuration options within the CLI on the Catalyst switch that will not be reflected here. If there is no section for the relevant configuration, a feature request can be submitted.
There is currently a known issue with ports with “switch port mode dynamic auto.” This is the default and will not be visible to the user in most cases. Trunk ports that are dynamically detected are shown incorrectly as access ports in the dashboard.
The explicit configuration for trunk ports “switch port mode trunk” can be added to the interface configuration by the user to ensure the port shows as a trunk port.
Client State or Client Info
Current clients
Clients connected via layer 2 to this port will display VLAN, IP address, and MAC address information. Automated hostname detection is not yet supported.
Port Troubleshooting Tools
Cycle port
This is a potentially disruptive operation and is equivalent to the “shutdown” and “no shutdown” commands applied in sequence on a Catalyst switch port. This can be useful diagnostically, but please be aware that this may cause traffic disruption on the port, including but not limited to spanning tree reconvergence, depending on the design and topology of the network.
Multiple ports can also be cycled at once via the Tools tab.
It is not recommended to cycle the uplink port, as that can cause device connectivity issues with the dashboard.
Packet Counters
Counters are shown displaying the packet statistics from each port. This is similar to the information shown with the “show interface” IOS CLI command.
Location Tab
Topology
Catalyst switches are integrated into the Meraki dashboard topology for the network. Layer 2 topology is currently supported.
Map
The physical location of the switch can be viewed and modified.
Tools Tab
Live troubleshooting tools are available here.
Ping
Initiates a ping from the switch and displays the results visually to see latency over time.
Troubleshooting Console (read-only CLI terminal)
The troubleshooting console can be opened using the “Tools” tab of the switch details page. It is available only for Dashboard administrators with full (read/write) access.
The console provides read-only access to "show" commands through a console emulator to assist with troubleshooting operations. Write commands and configuration are not permitted.
The “Detach” button will open the console in a new tab.
Alternatively, the console can be launched using the “Launch Terminal” button on the left side of the switch details page.
Cloud-monitored switch troubleshooting console limitations:
-
The console will proxy individual commands to the CLI of the switch through the cloud. It does not establish a persistent connection.
-
Only full read/write Dashboard administrators have access to the troubleshooting console. Read-only Dashboard users are not permitted access to the console.
-
All commands will run using the meraki-user account from the cloud.
MAC forwarding table
Displays the MAC addresses of clients learned via layer 2 interfaces, including the associated VLAN and physical port number.
Switch ports page
This functions similarly to MS switches. The name of each port comes from the abbreviated interface name from IOS-XE (e.g. Gi1/0/1 for GigabitEthernet1/0/1). If a description is included in the configuration on the CLI, this will be shown as well.
More information about interface configuration is available at: Interface and Hardware Components Configuration Guide, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9300 switches).
Packet Capture
Packet capture is now available for monitored Catalyst switches in Dashboard. To enable visit the Early Access page from the left navigation using Organization > Configure > Early Access
Enable the toggle for Cloud Monitoring - Packet Capture.
After enabling, Catalyst switches will be available from Network-wide > Monitor > Packet capture.
One or more interfaces can be selected, and custom filters can be added using the syntax utilized for Embedded Packet Capture.
After starting the capture, the status will be displayed. A .pcap file will be downloaded once complete.
Switch Stack Page
Switch stack names are shown. By clicking on a name, the switches within the stack will be shown.
Client Info Page
Client information is available on the client information page. If a DNA Essentials license is in use, a banner will display to show this.
CAVEAT: Catalyst 9500 series switches will not send application data to the dashboard due to hardware limitations.
Clients connected via a cloud-monitoring switch with a DNA Advantage license will be able to include client-level traffic analytics if enabled. More information on this feature can be found in the Switch Traffic Analytics document.
Alerts Settings
Selected Network-wide alerts are available for monitored switches in the Switch section within the Meraki and Catalyst category. More details on alert configuration is available at: Alerts and Notifications.
Known Issues/Caveats for Dashboard Monitoring
VTY line requirement
- At least four VTY lines are required for best performance and some new features.
- VTY lines are allocated as part of onboarding. Some switches onboarding with a previous version of the onboarding application may only have two lines allocated.
- To increase the number of VTY lines, the following options are available:
- Automatic: Download and run the onboarding application again to apply the updated configuration.
- Manual: The range of VTY lines associated with MERAKI_VTY_IN and MERAKI_VTY_OUT should include a consecutive range of at least four values inclusive. For example, line vty 42 43 can be updated to line vty 42 45. In order for lines 44 and 45 to be added to this allocation, they must be unallocated prior to the change.
- If the range cannot be expanded, the Automatic method through reonboarding is recommended.
Device-side routing changes
- During initial onboarding, external connectivity to the Meraki cloud is checked, and connectivity is established.
- If device-side routing changes occur, the interface for the TLS tunnel connection might need to be updated.
- The recommended method to reconnect switches to the cloud after routing changes is to run the onboarding app again. This will auto-detect interfaces and verify connectivity.
- The configuration can also be manually updated within the crypto tls-tunnel MERAKI-PRIMARY section. The local-interface will need to be updated to an interface that can reach the cloud.
- The tunnel connection can be stopped and restarted using shut and no shut in the crypto tls-tunnel MERAKI-PRIMARY section.
- Manual configuration changes are provided for reference only. Automatic configuration in the onboarding app is the preferred and recommended method.
Client analytic data information is not shown
-
Client-specific traffic analytic information requires a DNA Advantage license on the switch
-
Catalyst 9500 series switches do not support client analytics, regardless of license
-
Mixing and matching license levels will cause unexpected behavior
Hostnames not available in traffic analytics
- Detailed (hostname-level) traffic analytics are not currently available for Cloud Monitoring switches.
- A message indicating "insufficient data" will appear for detailed traffic analytics information for these clients.
Total traffic utilization does not include some clients
-
Clients connected to switches using a DNA Essentials license or directly to a Catalyst 9500 series switch will not be included in the total amount shown.
Dynamic auto trunk ports shown as access ports
-
Ports not explicitly configured as trunk ports but carrying multiple VLANs will be shown as access ports in the dashboard. To resolve, the port should include the added configuration “switchport mode trunk.”
Clients connected via cloud monitoring switches will display the MAC address as the name.
-
Host name detection is not currently available.
PoE
-
Ports using PoE do not currently include the lightning bolt in the graphical switch display.
Catalyst 9500 switch ports
-
Switches using all-SFP ports appear as Ethernet ports in the graphical switch display on the switchport page.
IPv6-only clients are only supported in the dashboard when using Track-by-MAC
- Since cloud monitoring uses TBUCI, IPv6-only clients are not supported at this time
Recent changes to configuration
- Changes to the running configuration of the Catalyst switch may take a few minutes to reflect in Dashboard. Modified configuration will not be shown in Dashboard while the switch is in the process of being configured and still in configuration mode. To ensure changes are reflected in Dashboard, make sure to exit configuration mode. This will allow the switch to inform the cloud of the committed configuration change and initiate the update in Dashboard.