Skip to main content
Cisco Meraki Documentation

Connecting Catalyst 9800 Wireless Controller to Dashboard

Cloud Monitoring for Catalyst Wireless is a Meraki Dashboard Early Access Feature. Before you can add your wireless controller to dashboard you have to Opt-in to Cloud Monitoring for Catalyst Wireless. Go to Organization > Early access to enable. 

Meraki Tunnel for Wireless Controllers

The Meraki device-to-cloud connectivity architecture has been crafted from the ground up to provide security and simplicity for connecting network devices to the Meraki dashboard, which now includes Catalyst wireless controllers. The Meraki Tunnel uses TLS 1.2 with AES-256 for encryption and enforces mutual TLS authentication to securely connect C9800 wireless controllers to the Meraki cloud infrastructure. Device-to-cloud connectivity with the Meraki Tunnel communicates on TCP port 443. This simplifies upstream firewall configurations, as many firewalls that C9800 wireless controllers are behind may already allow outbound connections to port 443.

When Meraki Service Connect is initiated on the C9800 wireless controller, the controller will  register with dashboard to obtain its Cloud ID (Meraki Serial Number) over a secure HTTPS connection:



Once the C9800 has been registered with dashboard, it will securely connect to the dashboard Tunnel Config server to fetch its Meraki Tunnel configuration:


Finally, with the Meraki Tunnel configuration, the C9800 will create a secure tunnel to dashboard on TCP Port 443:


  • The Meraki Tunnel on C9800 wireless controllers does NOT support HTTP Web Proxy servers and requires the controller to have direct outbound access to the Meraki Cloud Infrastructure.

  • It is recommend for Meraki Tunnel traffic to be exempt from TLS/SSL traffic inspection in order to avoid potential connectivity issues.


Connecting the C9800 to dashboard is the first stage of onboarding. Continue here to claim your C9800 into your dashboard organization after you have connected the C9800.

Meraki Tunnel Prerequisites

Before the Meraki Tunnel is enabled the C9800 Controller the following is required:

  • IP Routing is enabled. IP routing mode is required for the Meraki Tunnel services on the wireless controller.

  • The Meraki Tunnel only supports the Global VRF.

  • Domain Name Lookup is required for hostname resolution to the dashboard Registration and Meraki Tunnel services.

  • The Wireless controller clock must reflect the correct current time in order to establish a mutual TLS tunnel with the Registration and Meraki Tunnel services by enabling NTP services.

Connect the Wireless Controller to Dashboard (Web UI)

Connecting the C9800 wireless controller to dashboard from the web user interface is done by navigating to Configuration > Services > Cloud Services > Meraki:


Click the Meraki Connect button to ENABLE the Tunnel and click Apply.


Use the same Web UI page to confirm the C9800 wireless controller has successfully registered and the Meraki Tunnel is connected:


Connect the Wireless Controller to Dashboard (CLI)

Connecting the C9800 wireless controller to dashboard from the command line interface is done with the configuration command service meraki connect

C9800-meraki-mon#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

C9800-meraki-mon(config)#service meraki connect


To confirm the C9800 wireless controller has successfully registered and the Meraki Tunnel is connected use the show meraki connect command: 

C9800-meraki-mon#sh meraki connect 

Service meraki connect: enable

Meraki Tunnel Config


  Fetch State:                Config fetch succeeded

  Fetch Fail:                 no failure

  Last Fetch(UTC):            2023-10-13 18:43:26

  Next Fetch(UTC):            2023-10-13 19:44:41

  Config Server:    



  Client IPv6 Addr:           FD0A:9B09:1F7:1:4E42:1EFF:FEBE:9360


Meraki Tunnel State


  Primary:                    Up

  Secondary:                  Up

  Primary Last Change(UTC):   2023-10-13 18:43:37

  Secondary Last Change(UTC): 2023-10-13 18:43:37

  Client Last Restart(UTC):   2023-10-13 18:43:26


Meraki Tunnel Interface


  Status:                     Enable

  Rx Packets:                 1221

  Tx Packets:                 1090

  Rx Errors:                  0

  Tx Errors:                  0

  Rx Drop Packets:            0

  Tx Drop Packets:            0


Meraki Device Registration



  Device Number:              1

  PID:                        C9800-40-K9

  Serial Number:              TTM270100L8

  Cloud ID:                  Q2ZZ-2SK3-UHQD

  Mac Address:                4C:42:1E:BE:93:60

  Status:                     Registered

  Timestamp(UTC):             2023-10-13 18:43:14


Access Point Registration

Access points must be registered with dashboard in order to be onboarded and will also receive their own unique Cloud ID (serial number). When the Meraki Connect service is enabled on the controller, the controller will instruct all joined access points to begin to register with dashboard over a secure HTTPS connection: 



The access point registration process will automatically begin when the service is enabled on the controller and requires no additional configuration.

Access Point Registration Prerequisites

  • Access Points must be able to reach the following Meraki Dashboard IP ranges to register with dashboard:
    • TCP/443 TCP/443 TCP/443

  • Access Points must be able to perform a domain name lookup is required for hostname resolution to the dashboard Registration service.
    • For access points obtaining IP address configuration from DHCP, make sure DHCP Option 6—DNS server option is enabled to specify the DNS server IP address to be assigned to the access points.


Only dashboard supported access point models will register. Find the list of supported access points here.

To confirm access points have successfully registered in dashboard use the show ap meraki monitoring summary command:

C9800-meraki-mon#show ap meraki monitoring summary 

Meraki Monitoring          : Enabled

Number of Supported APs    : 2

AP Name                          AP Model             Radio MAC      MAC Address    AP Serial Number       Cloud ID        Status                   


AP-C9130AXE-01                   C9130AXE-B           5c64.f112.c720 6c8d.7738.2130 FJC271123CQ            Q2ZZ-8SWV-NZ7A  Registered                               

AP-CW9166I-01                    CW9166I-B            e438.7e43.bd20 6849.9275.9060 FJC271122H0            Q5AP-WBAV-2SSY   Registered            


Access point registration status can also be seen in the he C9800 Web UI by navigating to Configuration > Wireless > access points:




Note: You may need to select the Meraki monitoring columns to see the AP Meraki registration information: 



Access points need to communicate to dashboard on TCP port 443 ONLY during registration. access points do not communicate directly to dashboard during normal operations.


As long as the Meraki connect service remains enabled, any access points that join the C9800 wireless controller that are supported will automatically register to dashboard.


Continue here to claim your C9800 into your dashboard organization.

  • Was this article helpful?