Alerts
Overview
This article describes the alert hub and organization alert page use case, different functionalities, and its use for monitoring and troubleshooting.
There are several different features or functionalities that make the monitoring and troubleshooting Cisco Meraki full-stack solution simple. Dashboard alerts, event logs, and the ability to quickly sort event logs based on device types, event types, and timestamps are among those features. And the number of these alerts or event logs will continue to grow as we continue to add new features or bring more visibility into overall network health. However, it is challenging to keep track of all of them and know which one to check first under certain circumstances. It can also be time-consuming to find and learn more about these alerts and event logs.
The alert hub and the organization alert page bring more convenience by accumulating dashboard alerts in a single place. By linking relative documentation that can help users find alert triggers and troubleshooting steps, it reduces time to resolution.
1. Organization alert page and alert hub enhancements (timestamp and dismissal) are available via early access program for customers to opt-in. To enable these features please navigate to Organization > Configure > Early Access page and opt-in. The early access page is available for all customers to opt in and out of advanced features.
2. Alert hub without enhancements (timestamp & Dismissal) is available for all customers.
Learn more with these free online training courses on the Meraki Learning Hub:
Alert Hub
Alert hub consolidates all the alerts from a single dashboard network.
Location
The alert hub is located in the top right corner of the dashboard. It is a network-wide feature, so this feature is not available on any pages under “Organization".
Clicking on the icon will show a popover summary of network alerts.
Organization alerts page
The organization alert page displays all dashboard alerts of an organization in a single place.
Location
The organization alert page is located under the Organization >> Alerts tab. The page will only be visible after an organization opts-in for the feature on "Organization>> Configure >> Early Access" page.
Alert categories
The alert hub categorizes alert types into four different categories based on the nature of the issue that triggers them.
Configuration Issues - These issues are triggered if the current setting or configuration differs from Cisco Meraki recommendation. (e.g: VLAN mismatch, Stack misconfigured, etc)
Connectivity Issues - These issues are triggered if there are problems in connectivity between devices/services. (e.g: Device unreachable, 802.1X failure, etc)
Device Health Issues - These issues are triggered if a device detects problems with its primary or auxiliary systems. (e.g: fan failure, power supply offline, etc)
Insights - These issues are triggered if Cisco Meraki detects problems with LAN/WAN services. (e.g: Sticky client on APs, ISP outage, etc)
Cisco Meraki might add more categories if needed to accommodate more alerts in the future.
Alert types
There are several alert types under each category. All the devices with the same alert type will be listed together in their respective alert type card.
Different colors are used for visual indication of severity levels as following:
-
Yellow: Warnings
-
Red: Critical
-
Blue: Informational
Instances: This is only applicable to the alert hub. A single occurrence of an alert is considered as one instance. For example, an unreachable device under “Unreachable Device(s)” alert type is regarded as one instance. If there is more than one device unreachable then the list of devices/instances will show up under the same alert type. Count of devices/instances are shown next to the alert type.
Current alerts
The “Current alerts” tab lists all the active dashboard alerts in an organization. Please note that resolved alerts will not be displayed in this list.
Organization alert page
Alert hub
Dismiss
The current alerts tab also allows network administrators to dismiss alerts that they think are not relevant by selecting irrelevant alerts and clicking on the “Dismiss alert” button.
Organization alert page Alert hub
Dismissed alerts
The dismissed alerts tab lists all the active and dismissed dashboard alerts in an organization. Please note that dismissed alerts will disappear after alerts are resolved.
Organization alert page Alert hub
Restore
Dismissed alerts can be restored under the current alerts tab using the restore alert button on the top right corner.
Filters
Filters are only available for the organization alert page.
Network filters
This dropdown filter allows administrators to view alerts of a single network or all networks.
Alert and device type filters
Additional alerts and logs
This section on the organization alert page list hyperlinks to different alert configuration pages for the selected network in the left navigation pane. For example, in the screenshot below, clicking on the “Network alerts” hyperlink will redirect the user to the Driplr HQ >> Network-wide >> Alerts page.
No alert state
If there are no alerts this message will be displayed.
If the organization alert page and the alert hub are not showing any alerts that does not mean that there are no active alerts in the network. Please note that not all the alerts or event logs are available in the alert hub. For the list of available alerts, please refer to the individual alert category documentation hyperlinked in the alert category section of this document.
Some delays might be observed in alerts showing up or disappearing from the organization alert page and the alert hub. This might create a UI discrepancy between the original dashboard alert, the organization alert page, and the alert hub.
List of alerts shown on the organization alert page
The organization alert page and alert hub enhancements use a new backend alert database that supports timestamps and dismissal functionalities. Not all alerts available in the existing alert database will be available in the new alert database but eventually, there will be parity. So after opting in for these features few alerts might not be visible on the new organization alert page and the alert hub. This does not affect alerts shown at the device level, email alerts, Webhook, API. Please refer to the following list for available alerts in the existing alert database/before opting-in vs the new alert database/after opting-in.
If you notice false positive alerts please report it via "Give your Feedback" and "Give feedback about these alerts" or open a support case.
Alert Type |
Existing alert database/Before opting-in
|
New alert database/After opting-in
|
Fan Failure |
✅ |
✅ |
CRC error detected |
✅ |
✅ |
Port VLAN mismatch |
✅ |
✅ |
STP topology changes |
✅ |
✅ |
Cellular failover active |
✅ |
✅ |
Unreachable device |
✅ |
✅ |
Cannot find an internet gateway |
✅ |
✅ |
Bad internet connection |
✅ |
✅ |
Cannot find a gateway to the internet |
✅ |
✅ |
Poor connectivity to the Meraki cloud |
✅ |
✅ |
Never connected to the Meraki cloud |
✅ |
✅ |
Misconfigured DNS |
✅ |
✅ |
Uplink IP address in conflict with another device |
✅ |
✅ |
Bad IP assignment configuration |
✅ |
✅ |
Device(s) VLAN mismatch |
✅ |
✅ |
Unable to fetch configuration |
✅ |
✅ |
Configuration is out of date | ✅ | ✅ |
Sticky Client |
✅ |
✅ |
Switch not connected to stack |
✅ |
Coming soon |
Misconfigured switch |
✅ |
Coming soon |
Unconfigured switch |
✅ |
Coming soon |
DFS event pattern |
✅ |
✅ |
Detect country mismatch |
✅ |
✅ |
Manual country mismatch |
✅ |
✅ |
Power supply offline |
✅ |
✅ |
Redundant power system down |
✅ |
✅ |
Switch using backup power |
✅ |
✅ |
Sensor Tampering detected |
✅ |
✅ |
Probe disconnected |
✅ |
✅ |
Water Leak cable disconnected |
✅ |
✅ |
Detected an unsupported cable type |
✅ |
✅ |
Switch received high OSPF routes |
✅ |
✅ |
Host overflow |
✅ |
✅ |
Safe Mode Active |
✅ |
✅ (There might be some false positive alerts. A fix is in progress) |
VLAN disconnect |
✅ |
✅ |
Backup cloud connection used |
✅ |
✅ |
Meraki cloud communication issues |
✅ |
✅ |
VRRP failover |
✅ |
✅ |
Potential hardware problem |
✅ |
✅ |
Cloud archive upload failure |
✅ |
Coming soon |
High latency over VPN |
✅ |
Coming soon |
ARP Failure |
✅ |
Coming soon |
ISP issue |
✅ |
Coming soon |
Traffic Shaping Rule Saturation |
✅ |
Coming soon |
Uplink Saturation |
✅ |
Coming soon |
#{app_name} performance degradation |
✅ |
Coming soon |
Potential NTP problem |
✅ |
✅ |
Cannot connect to the device via ssh or netconf | ✅ | ✅ |
SISF based device tracking not enabled | ✅ | ✅ |
Potential NTP issue detected. Please verify upstream firewall rules | ✅ | ✅ |
One or more members of this stack are unhealthy | ✅ | ✅ |
Netconf is in an abnormal state | ✅ | ✅ |
No telemetry is being received from the device | ✅ | ✅ |
VLAN prefix shortage occurred | ✅ | ✅ |
The configuration for this device is out of date | ✅ | ✅ |
Feedback
There is a "Give your Feedback" and "Give feedback about these alerts" buttons on the organization alert page and the alert hub respectively which administrators can use to provide feedback on the feature.
Give your feedback button might not work with a few select ad blockers. If you would like to provide feedback please disable adblocker temporarily.