Skip to main content
Cisco Meraki Documentation

Cloud Monitoring Overview and FAQ


Learn more with these free online training courses on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training
Packet capture now available

Packet capture in Dashboard is now available for monitored switches. Click here for more information.

This guide is for Cloud Monitoring for Catalyst Switches. See Cloud Monitoring for Catalyst Wireless FAQ for details on Cloud Monitoring for Catalyst 9800 wireless controllers.

What is Cloud Monitoring?

Cloud monitoring for Catalyst provides an integrated view of Catalyst 9000 series switches, seamlessly integrated into the Meraki dashboard experience.

Cloud monitoring provides the ability to view Catalyst switch statistics, configuration, and troubleshooting capabilities. These switches will be automatically tagged with “Monitor Only” in the dashboard to distinguish from fully managed Meraki switches. Aside from this difference, “Monitor Only” Catalyst switches appear and function very similarly to Meraki MS switches in the dashboard, including a visual representation of connected ports and traffic information.

Meraki Switch Dashboard for Monitoring.

Live troubleshooting tools are also available to assist with issue identification and resolution.

What Cloud Monitoring is Not

Cloud monitoring does not replace other management solutions for configuration of switches. As a monitoring tool, most operations are read-only. All live troubleshooting capabilities will also not result in persistent changes to configuration following the troubleshooting operation.

In general, Catalyst switches connected to the Meraki dashboard for cloud monitoring provide a similar interface to that provided for MS switches. However, not all functionality or operations are exactly the same.


What configuration is required for Cloud Monitoring?

Details about required configuration are available in: Cloud Monitoring Required Configuration.

Summary Tab

Catalyst status page.

Switch ports and client usage information are available on the Summary page. On the left side, the Catalyst serial number is shown. The Meraki serial number will not be present outside of the Meraki dashboard or on the hardware itself.

The running IOS-XE version is shown under “firmware” on the left side. Current supported versions are 17.3.1 - 17.9.4. Recommended version information can be found at:

CAVEAT: DNA Essentials license

If a DNA Essentials license is in use, client-level traffic analytics are not available. This will be reflected with the banner:

Switchport settings gated by DNA Advantage License.

Error Messages/Troubleshooting

Potential NTP issue detected. Please verify upstream firewall rules.

NTP error message.

  • Confirm an NTP server is configured on the switch in the running configuration (ntp server {address}).
  • Confirm the NTP server is accessible. Additional troubleshooting steps are available in the NTP Troubleshooting and Debugging Guide.
Netconf is in an abnormal state


  • Netconf is a protocol used within the encrypted tunnel to communicate between the switch and cloud.
  • If this error appears, additional information may be provided in the syslog (show log) of the switch regarding resolution steps.
  • After resolving based on any log information shown, the Netconf process should be restarted (no netconf-yang; netconf-yang in the running configuration).
    • Any other processes requiring Netconf will be unavailable while Netconf restarts.
  • The error may take up to an hour to resolve in Dashboard following the process restart.

Switch Port Details

Port traffic and configuration can be seen for each port. The configuration summary is shown as well. Note that the configuration shown is a subset of settings on the port. There may be additional configuration settings on the Catalyst switch itself that are not shown here.

Switchport 8 details.

Port Configuration

The port configuration section in the dashboard includes the most common configuration options. However, there are additional available configuration options within the CLI on the Catalyst switch that will not be reflected here. If there is no section for the relevant configuration, a feature request can be submitted.

There is currently a known issue with ports with “switch port mode dynamic auto.” This is the default and will not be visible to the user in most cases. Trunk ports that are dynamically detected are shown incorrectly as access ports in the dashboard.

The explicit configuration for trunk ports “switch port mode trunk” can be added to the interface configuration by the user to ensure the port shows as a trunk port.

Client State or Client Info

Current clients

Clients connected via layer 2 to this port will display VLAN, IP address, and MAC address information. Automated hostname detection is not yet supported.

Current clients connected to switchport.     

Port Troubleshooting Tools

Cycle port

This is a potentially disruptive operation and is equivalent to the “shutdown” and “no shutdown” commands applied in sequence on a Catalyst switch port. This can be useful diagnostically, but please be aware that this may cause traffic disruption on the port, including but not limited to spanning tree reconvergence, depending on the design and topology of the network.

Cycle port troubleshooting tool.

Multiple ports can also be cycled at once via the Tools tab.

It is not recommended to cycle the uplink port, as that can cause device connectivity issues with the dashboard.

Packet Counters

Counters are shown displaying the packet statistics from each port. This is similar to the information shown with the “show interface” IOS CLI command.

Port packet counters.

Location Tab


Catalyst switches are integrated into the Meraki dashboard topology for the network. Layer 2 topology is currently supported.

Topology diagram emphasizing location of current switch.


The physical location of the switch can be viewed and modified. 

Map physical location of switch.

Tools Tab

Live troubleshooting tools are available here.

Ping to tool.


Initiates a ping from the switch and displays the results visually to see latency over time.

Troubleshooting Console (read-only CLI terminal)

The troubleshooting console can be opened using the “Tools” tab of the switch details page. It is available only for Dashboard administrators with full (read/write) access.

The console provides read-only access to "show" commands through a console emulator to assist with troubleshooting operations. Write commands and configuration are not permitted.

Read-only CLI troubleshooting tool.

The “Detach” button will open the console in a new tab. 

Alternatively, the console can be launched using the “Launch Terminal” button on the left side of the switch details page.

Cloud-monitored switch troubleshooting console limitations: 

  • The console will proxy individual commands to the CLI of the switch through the cloud. It does not establish a persistent connection. 

  • Only full read/write Dashboard administrators have access to the troubleshooting console. Read-only Dashboard users are not permitted access to the console.

  • All commands will run using the meraki-user account from the cloud.

MAC forwarding table

Displays the MAC addresses of clients learned via layer 2 interfaces, including the associated VLAN and physical port number.

Switch ports page

This functions similarly to MS switches. The name of each port comes from the abbreviated interface name from IOS-XE (e.g. Gi1/0/1 for GigabitEthernet1/0/1). If a description is included in the configuration on the CLI, this will be shown as well.

All switchports page.

Packet Capture

Packet capture is now available for monitored Catalyst switches in Dashboard. To enable visit the Early Access page from the left navigation using Organization > Configure > Early Access

Enable the toggle for Cloud Monitoring - Packet Capture.

Cloud Monitoring Packet Capture

After enabling, Catalyst switches will be available from Network-wide > Monitor > Packet capture.

Network-wide packet capture on the catalyst switch.

One or more interfaces can be selected, and custom filters can be added using the syntax utilized for Embedded Packet Capture.

Packet capture switchport interface selection.

After starting the capture, the status will be displayed. A .pcap file will be downloaded once complete.

Packet capture initiated UI with a loading progress bar.

Switch Stack Page

Switch stack names are shown. By clicking on a name, the switches within the stack will be shown.

Switch stacks UI.

C9200 switch stack details.

Client Info Page

Client information is available on the client information page. If a DNA Essentials license is in use, a banner will display to show this.

Clients page.

CAVEAT: Catalyst 9500 series switches will not send application data to the dashboard due to hardware limitations.

Clients connected via a cloud-monitoring switch with a DNA Advantage license will be able to include client-level traffic analytics if enabled:

Alerts Settings

Selected Network-wide alerts are available for monitored switches in the Switch section within the Meraki and Catalyst category. More details on alert configuration is available at: Alerts and Notifications.

Switch alerts settings.

Known Issues/Caveats for Dashboard Monitoring

VTY line requirement

  • At least four VTY lines are required for best performance and some new features.
  • VTY lines are allocated as part of onboarding. Some switches onboarding with a previous version of the onboarding application may only have two lines allocated.
  • To increase the number of VTY lines, the following options are available:
    • Automatic: Download and run the onboarding application again to apply the updated configuration.
    • Manual: The range of VTY lines associated with MERAKI_VTY_IN and MERAKI_VTY_OUT should include a consecutive range of at least four values inclusive. For example, line vty 42 43 can be updated to line vty 42 45.  In order for lines 44 and 45 to be added to this allocation, they must be unallocated prior to the change.
      • If the range cannot be expanded, the Automatic method through reonboarding is recommended.

Device-side routing changes

  • During initial onboarding, external connectivity to the Meraki cloud is checked, and connectivity is established.
  • If device-side routing changes occur, the interface for the TLS tunnel connection might need to be updated.
  • The recommended method to reconnect switches to the cloud after routing changes is to run the onboarding app again. This will auto-detect interfaces and verify connectivity.
  • The configuration can also be manually updated within the crypto tls-tunnel MERAKI-PRIMARY section. The local-interface will need to be updated to an interface that can reach the cloud.
    • The tunnel connection can be stopped and restarted using shut and no shut in the crypto tls-tunnel MERAKI-PRIMARY section.
  • Manual configuration changes are provided for reference only. Automatic configuration in the onboarding app is the preferred and recommended method.

Client analytic data information is not shown

  • Client-specific traffic analytic information requires a DNA Advantage license on the switch

  • Catalyst 9500 series switches do not support client analytics, regardless of license

  • Mixing and matching license levels will cause unexpected behavior

Hostnames not available in traffic analytics

  • Detailed (hostname-level) traffic analytics are not currently available for Cloud Monitoring switches.
  • A message indicating "insufficient data" will appear for detailed traffic analytics information for these clients.

Total traffic utilization does not include some clients

  • Clients connected to switches using a DNA Essentials license or directly to a Catalyst 9500 series switch will not be included in the total amount shown.

Dynamic auto trunk ports shown as access ports

  • Ports not explicitly configured as trunk ports but carrying multiple VLANs will be shown as access ports in the dashboard. To resolve, the port should include the added configuration “switchport mode trunk.”

  • Host name detection is not currently available.


  • Ports using PoE do not currently include the lightning bolt in the graphical switch display.

Catalyst 9500 switch ports

  • Switches using all-SFP ports appear as Ethernet ports in the graphical switch display on the switchport page.

IPv6-only clients are only supported in the dashboard when using Track-by-MAC

  • Since cloud monitoring uses TBUCI, IPv6-only clients are not supported at this time

Recent changes to configuration

  • Changes to the running configuration of the Catalyst switch may take a few minutes to reflect in Dashboard. Modified configuration will not be shown in Dashboard while the switch is in the process of being configured and still in configuration mode. To ensure changes are reflected in Dashboard, make sure to exit configuration mode. This will allow the switch to inform the cloud of the committed configuration change and initiate the update in Dashboard.