Skip to main content
Cisco Meraki Documentation

Using the Cisco Meraki Device Local Status Page

Most Cisco Meraki devices have a local status page that can be accessed to make local configuration changes, monitor device status and channel utilization, and perform local troubleshooting. This article provides instructions on how to access the local status page, the functions/information available on it, and how to manage and access them.

Accessing the Local Status Page

The local status page of any Meraki device is accessible via the web browser of a host machine. By default, users are required to log in to pages that provide configurable options. The local status page uses digest authentication with Message Digest Algorithm 5 (MD5) hashing for the connection between the administering computer and the Meraki device to protect these sensitive settings.

The username for devices that have default authentication credentials or have not fetched configuration will be the serial number (upper case letters and dashes) with no password. Authentication credentials should be changed to have a strong password after their initial use. Please see the Changing Log-In Credentials section below.

To reach MR devices, the client must be wirelessly connected to the access point (AP) using a configured service set identifier (SSID) or the "meraki-setup" SSID. However, MS and MX devices can be accessed by any device with access to their LAN IP. This is done by entering the LAN IP address in the URL bar of a web browser. Additionally, each device can be accessed by DNS name if the client traffic passes through the device while browsing the following URLs. This can be useful for determining which AP/switch/firewall a client's traffic is going through to reach the internet. 

 

Note: These URLs will work for any Meraki devices listed above, but will only access the first device in its path.

Since the URL above can be used to access the local status page, UDP port 53 is enabled on Meraki devices and will be detected as open by any scanning tool.

If access by DNS name is not possible, you can access the local status page by IP address. This is often helpful when initially configuring the device on a network without DHCP, or when setting a device's IP configuration prior to deployment.

Note: MR does not provide access to the local status page via a wired connection (for example, when a client is connected directly to one of the AP's Ethernet ports) for security reasons. Refer to the subsequent section for access to local status page via SSID.

  • MR - 10.128.128.126
    In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
    IP address: 10.128.128.125
    Subnet mask: 255.255.255.0
     
  • MS : Select MS switches have a dedicated management port that can be used without needing to set a static IP on your client. When connected to the management port of a Meraki switch, your device can obtain the appropriate IP settings via DHCP. Alternatively, the following IP settings can be used by the client device to access the Local Status Page.
     
    • MS390 and C9300-M on firmware versions CS 16 and higher:  198.18.0.1
      In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
      IP address: 198.18.0.2
      Subnet mask:255.255.255.240
      DNS: 198.18.0.1
       
    • MS390 and C9300-M on firmware versions CS 15.21.1 and lower:  10.128.128.130 
      In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
      IP address: 10.128.128.132
      Subnet mask:255.0.0.0
      DNS: 10.128.128.130 
       
    • All other MS switches - 1.1.1.100
      In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
      IP address: 1.1.1.99
      Subnet mask: 255.255.255.0
       
  • MX - (varies)
    Most MX models have a dedicated management port used to access the local status page. In addition, all models can access the local status page using the MX LAN IP address. 
    By default, MX devices run DHCP. Once the client is connected to a LAN interface of the MX, find the client's IP address and default gateway, then open the default gateway address in a web browser.

Note: If the MX security appliance is in passthrough mode and its uplink is on a subnet that overlaps with a remote subnet over VPN, either the MX will need to be temporarily removed from VPN to be accessed locally or the local status page can only be accessed via VPN.

  • MG - (varies)
    The local status page is accessible at the MG cellular gateway's LAN IP address. By default, MG devices run DHCP. Once the client is connected to a LAN interface of the MG cellular gateway, find the client's IP address and default gateway, then open the default gateway address in a web browser.

Local Status Page Options

Every device's status page includes useful information about the status of the device, limited configuration options (such as setting a static IP), and other tools. This section will cover what is available for each device.

MR Series

MR access points provide the following information and configuration options on their local status page:

  • Connection
    Provides information regarding the client's connectivity to the access point, the access point's current network and channels, as well as other cloud connectivity and status information.
    • Speed test
      Provides a tool for conducting a speed test from the wireless client to the access point.
    • Access point details
      Provides utilization information about the hardware and the channels being used by the access point you are connected to.

Example of an MR access point local status page. The 'Connection' tab is selected.

The channel utilization information on the local status page is sourced from the client-serving radio. The client-serving radio on the Meraki access point has a counter that is updated every 20 seconds. Counters indicate how many times the AP was transmitting, receiving, and saw congestion on the channel, as well as the total cycle count. After every three seconds, the AP reads the counters and computes the difference between the value from three seconds ago and the new value. This difference is used to calculate the channel utilization and is displayed on the local status page.

  • Neighbors
    Provides information about any neighboring access points. Includes information like SSID, BSSID, signal (signal-to-noise ratio in DB), channel, mode, and encryption.
  • Configure 
    Provides options for setting the IP address of the access point, putting the MR access point into site survey mode (see Conducting Site Surveys with MR Access Points), manual channel and power adjustment, and configuring a proxy for Meraki cloud traffic. Also on this page, you can find the Download support data function (see more in Support Data Bundle (SDB) article). This will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online. 

MR31.1 provides secure access and communication to the local status page for all MR access points and Meraki products by using Transport Layer Security (TLS) on port TCP 443. The TLS certificate will be valid for "*.[mac-address].devices.meraki.direct", to support IP-carrying names, and "(*.)[unique distinguishing word]-[mac-address].devices.meraki.direct"  The local status page has been updated to support TLS and will now be accessed at https://ap.meraki.com rather than http://ap.meraki.com

 Note: The web proxy (HTTP proxy) option on the local status page allows specific management traffic from an MR to be directed to an HTTP proxy server instead of an AP directly reaching out to the Meraki dashboard. All APs running MR 27.X or older firmware support web proxy.

With MR 28.X and MR 29.X firmware, Wi-Fi 6 and newer APs use a Transport Layer Security (TLS) on port TCP 443 to connect to the Meraki dashboard. Therefore, Wi-Fi 6 and newer APs running MR 28.X and MR 29.X firmware do not support the web proxy option.

MR 30.X added a new HTTP CONNECT proxy option for  Wi-Fi 6 and newer APs. For more information, please refer to HTTP CONNECT Proxy Support on MR Access Points.

Example of an MR access point local status page. The 'Configure' tab is selected.

MS Series

MS switches offer the following information and configuration options on their local status page:

  • Connection
    Provides information regarding the client's connectivity to the switch, the switch's current network, as well as other cloud connectivity and status information.

Example of an MS local status page. The 'Connection' tab is selected

  • Uplink configuration
    • Provides options for setting the IP address of the switch, other addressing settings, or configuring a proxy for HTTP traffic.
    • The Download support data function will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online (see more in Support Data Bundle (SDB) article).
    • The packet capture option will assist with troubleshooting Meraki Cloud connectivity. Additionally, there is a packet capture tool found here that will assist with troubleshooting Meraki Cloud connectivity on a switch uplink. 

Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.

Note: The local status page packet capture requires a minimum firmware version of MS16 and is only supported on a single physical port. 

Additionally, the packet capture function found on the local status page has a default filter that is specific to Meraki Cloud Connectivity requirements and will not capture or display anything outside of that filter. This filter is not configurable. 

This filter is set to capture the following traffic patterns to/from the switch MAC which were determined to be critical to Meraki Cloud connectivity:

  • ARP,
  • DHCP (UDP 67/68)
  • DNS (TCP/UDP 53)
  • ICMP (type 0, 3 and 8)
  • UDP 7351
  • HTTPS (TCP 443)
  • LLDP

Example of an MS local status page. The 'Uplink configuration' tab is selected.

 

  • Switch port status
    Provides information regarding the configuration and status of ports on this switch.

Example of an MS local status page. The 'Switch ports status' tab is selected.

  • Switch ports configuration
    Provides options for limited configuration changes on switch ports, including enabled/disabled, native VLAN, and link negotiation.

Example of an MS local status page. The 'Switch ports configuration' tab is selected

MX Series with Single Dedicated WAN Link

MX security appliances with single dedicated WAN links offer the following information and configuration options on their local status pages:

  • Connection
    Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.
    • Speed test
      Provides a tool for conducting a speed test from the client to the appliance.

NOTE: The speed test functionality has been deprecated and removed as of MX18 firmware releases and later on all platforms, regardless of uplink types or counts.

Example of an MX local status page with a single WAN link. The 'Connection' tab is selected

  • Configure
    • Provides options for setting the IP address of the appliance on its WAN interfaces, enabling WAN port 2, other addressing settings, or configuring a proxy for HTTP traffic. 
    • The Download support data function will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online (see more in Support Data Bundle (SDB) article).

Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.

Example of an MX local status page with a single WAN link. The 'Configure' tab is selected

  • Ethernet
    Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.

Example of an MX local status page with a single WAN link. The 'Ethernet' tab is selected

MX Series with Multiple Dedicated WAN Links

MX security appliances with multiple dedicated WAN links offer the following information and configuration options on their local status pages:

  • Connection
    Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.
    • Speed test
      Provides a tool for conducting a speed test from the client to the appliance.

NOTE: The speed test functionality has been deprecated and removed as of MX18 firmware releases and later on all platforms, regardless of uplink types or counts.

Example of an MX local status page with multiple WAN links. The 'Connection' tab is selected

  • Configure
    • Provides options for setting the IP address of the appliance on its WAN interfaces, other addressing settings, or configuring a proxy for HTTP traffic. 
    • The Download support data function will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online (see more in Support Data Bundle (SDB) article).

Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.

Example of an MX local status page with multiple WAN links. The 'Configure' tab is selected.

  • Ethernet
    Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.

Example of an MX local status page with multiple WAN links. The 'Ethernet' tab is selected

MX Series with Multiple Dedicated SFP WAN Links

MX security appliances with dedicated Small-Form Factor Plugable (SFP) WAN links offer the following information and configuration options on their local status pages:

  • Connection
    • Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.
    • Speed test
      Provides a tool for conducting a speed test from the client to the appliance.
    • The Download support data function will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online (see more in Support Data Bundle (SDB) article).

NOTE: The speed test functionality has been deprecated and removed as of MX18 firmware releases and later on all platforms, regardless of uplink types or counts.

Example of an MX local status page with multiple SFP WAN links. The 'Connection' tab is selected

  • Configure

Provides options for setting the IP address of the appliance on its WAN interfaces, enabling WAN port 2, other addressing settings, or configuring a proxy for HTTP traffic.

Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.

Example of an MX local status page with multiple SFP WAN links. The 'Configure' tab is selected

  • Ethernet
    Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.

 

Example of an MX local status page with multiple SFP WAN links. The 'Ethernet' tab is selected.

 

Note: Navigating to http://wired.meraki.com or http://mx.meraki.com when directly connected to a LAN port on a spare MX security appliance in active MX warm spare deployments will present the local status page of the primary MX appliance. The spare must be disconnected from the LAN in order to access its local status page. This does not apply to MX security appliance models with a dedicated management port, as their local status page can be accessed directly using that port.

MX Series with Wireless 

The Local Status Page tabs and navigation instructions are the same as for their non-wireless MX model version presented above.  In addition, the Connection tab provides information similar to an MR device's LSP. 

MX Series with Integrated Cellular

The Local Status Page tabs and navigation instructions are the same as for their non-cellular MX model version presented above. Furthermore, the tabs can display information similar to what's described below for an MG device's LSP.

MG Series

Note: The speed test functionality on the local status page is deprecated on all MG cellular gateway devices starting with MG 3.1+ firmware.

MG21

MG21 cellular gateway provides the following information and configuration options on their local status page:

  • Connection

Provides information regarding the client's connectivity to the MG cellular gateway, including the current cellular network status, cloud connectivity, and signal information.

Example of an MG21 cellular gateway details local status page.

 

Connection page from MG 1.11 onwards:

Example of MG41 local status page. The 'Configure' tab is selected

Example of MG41 local status page. Modem properties and cellular status can be checked here.

The connection statistics is moved to Cellular Status Page

  • Cellular Status          Example of an MG21 local status page. The 'Cellular Status' tab is selected.
    • Speed test 

Provides a tool for conducting a speed test from the client to the gateway.  The speed test functionality on the local status page is deprecated on all MG cellular gateway devices starting with MG 3.1+ firmware.

  • Configure

Configure section contains options for modifying bearer settings such as Access Point Name (APN), PIN, and authentication. The Integrated Circuit Card Identifier (ICCID) of the SIM card and International Mobile Station Equipment Identity (IMEI) of the MG cellular gateway can also be found in this section as well. Safe Mode portion allows you to reconfigure port 1 into a WAN role for troubleshooting. To toggle port 1 from default operating mode into Safe mode on the MG, check the box to Enable Safe Mode and save.

Note: The MG cellular gateway will perform a soft reset on both interfaces immediately after saving port 1 role change. For example, this is in similar fashion to the MX security appliance when enabling the secondary WAN port on an MX64. It is recommended to toggle this change when out of production hours to prevent disruption of network connectivity.

Example of MG21 local status page. The Safe Mode, SIM PIN, and Cellular information options are visible.

Diagram of configured ports. Ports are labeled LAN2 and WAN1Diagram of ports set to default mode. Ports are labeled LAN2 and LAN1

  • Default mode

This is the default mode that MG cellular gateway will be configured with out-of-the-box or when a factory reset is performed. In default mode, the standard operation and roles of both ports on the MG cellular gateway are set as LAN ports. The left graphic shows both ports in their default role as LAN interfaces. Note the AC adapter port on the right side of port 1 for orientation.

  • Enabling Safe Mode

MG cellular gateways can be configured to have port 1 as a WAN uplink. The safe mode configuration allows for additional troubleshooting and firmware upgrades for pre-staging if a valid working cellular is unavailable. When in safe mode mode, port 1 is converted into a WAN port to allow connection into a switch, router, or other uplink. Similar to an MR access point, when plugged into a switch device it will attempt to obtain a valid IP and reach out to the dashboard. When there is a valid wired network connection on port 1, the wired interface will take priority over the cellular interface even if the cellular interface is functioning properly. The right graphic highlights the port 1 configuration in the role as a WAN1 interface when enabling safe mode.

Note: When using safe mode, it is recommended to have access to a valid working internet-accessible network to allow the cellular gateway to check in and pull configurations and firmware. Additionally, the MG cellular gateway is not intended to be used in this mode for production. This mode is reserved as a troubleshooting tool for Support to assist with cellular interface issues and to allow the cellular gateways to pull firmware upgrades without using cellular data. The dashboard will display an alert when the MG cellular gateway is configured in safe mode.

  • Access point Name Configuration can be configured when clicking on the cellular override drop-down menu
  • Web proxy allows all default management traffic from the Meraki device to be sent through a proxy 
  • Download support data function will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online (see more in Support Data Bundle (SDB) article).

Example of MG21 local status page. The Access Point Name Configuration, Web proxy and Download support data options are visible.

Ethernet

Allows local changes to the speed/duplex settings of the LAN ports.

Example of MG21 local status page. Ethernet configuration options are visible

Note: On the MG 1.11 beta, the Connection tab now only presents basic information about the carrier, APN, and signal strength. A new Cellular Status tab presents additional information on the status of the cellular connection.

MG41

Cellular Status

The cellular statistics is moved to a new "Cellular Status" tab on the MG41.

Example of MG41 local status page. The 'Cellular Status' tab is selected.

Configure

The MG41 also provides an option to switch the SIM slot. If there is more than one active SIM card, its possible to set the APN settings for the standby SIM card in advance. If the primary SIM card needs special/private APN settings which is different from what the MG41 is currently using, then the override primary SIM setting can be used to override the necessary APN.

Example of MG41 local status page. The 'Configure' tab is selected

The MG41 has two PoE ports; however, the LAN1 port can be converted to WAN1 using the Safe Mode option for additional troubleshooting.

Note - The MG41 does not support the SIM PIN feature as of yet. The feature will be added in the upcoming software releases.

Configuring the Local Status Page

The following dashboard configuration options may be used to control access to the local status page:

Changing Log-In Credentials

As mentioned in the Accessing the Local Status Page section above, the default credentials for the local status page are the serial number of the device (upper-case letters with dashes) for the username, and a blank password. After their initial use these default credentials should be modified to use an administrator-defined password. Navigate to Network-wide > Configure > General > Device configuration and provide a strong password. This password can then be used with the username "admin" to access certain pages, including the local status page. Note that the password you set will apply to all devices in your network.

Controlling Remote Access to the Local Status Page

On MX series devices, by default, access to the local status page is only available to devices via the LAN IP address(es). However, it is possible to allow access via the WAN/internet IP as well. 

  1. Navigate to Security & SD-WAN > Configure > Firewall > Layer 3 > WAN appliance services.
  2. In the field for Web (local status & configuration), enter "any" to allow access from any remote IPs, or enter address ranges in CIDR notations separated by commas.
    Ex. 192.168.13.73/32, 192.168.47.0/24
  3. Click Save Changes.

 

For all other devices, the local status page can be accessed by IP after enabling remote device status pages on the Network-wide > Configure > General page. This allows you to connect to the local status page of a Meraki device via its LAN IP over the network.

Disabling the Local Status Page

Though the local status page is enabled by default, administrators do have the option to disable the local status page on their devices.

Note: The local status page allows administrators to change the IP configuration of their Meraki devices. If the local status page is disabled and a device's current IP configuration does not allow it to contact the cloud controller, the only option will be to perform a factory reset and clear the local configuration (Resetting Cisco Meraki Devices to Factory Defaults article).

 

The option to enable/disable the local status page is available in the dashboard under Network-wide > General > Device configuration

Note: If your device has a physical management port, it will always remain active regardless of the value of this setting.

Troubleshooting the Local Status Page 

Cannot connect to the local status page URL when wired

All DNS queries for setup.meraki.com (or any other local status page URL) that route through the MX or MS are intercepted and responded to with an "A record" pointing to the local IP address of the device's local status page interface. If DNS queries for setup.meraki.com (or any other local status page URL) do not pass through the Meraki device in question, the DNS queries will not resolve to the correct local IP address and clients will not be able to reach the local status page. You may also get an error (example) shown below due to DNS not resolving to the local IP of Meraki device.

Screenshot 2023-08-24 at 9.44.41 AM.png

If a client is unable to resolve the local status page, be sure to check the following:

  • Client is connected to the network and is within the same subnet as the Meraki device.
  • DNS is set to the Meraki device IP or to a DNS server that will route through the Meraki device
  • Try all relevant local status page URLs (see top of this article)
  • Try incognito/private browsing to eliminate potential caching issues 

This issue frequently occurs when the DNS server used by clients on the LAN does not send its DNS queries through the MX, as is the case when the DNS server uses a different default gateway. If this is the case, it can be resolved by either pointing the DNS server through the MX or by creating a specific "A record" in the DNS server to point the appropriate local status page URL to the correct device IP. 

If the local status page URLs are still unreachable for some reason, the local status page can also be reached by going to the LAN IP of the device through a web browser. For more information about connecting to the local status page using a static IP, see the Accessing the Local Status Page  section at the top of this article.

Cannot connect to the local status page when connected to an SSID

Both ap.meraki.com and my.meraki.com are locally-hosted sites useful for configuring an access point (AP) when it cannot reach the Meraki Cloud. This is often seen on a static, non-DHCP network or when there are strict firewall rules. After a Cisco Meraki AP has lost its connection to the Internet but is still receiving power, it will broadcast a default Service Set Identifier (SSID) that can be connected to for administrative tasks.

Connect to the default SSID by completing the following steps:

  1. Physically inspect the AP
    1. Check that the AP has power (see the LED codes section of MR installation Guides)
    2. Copy the MAC address (see the Locating the MAC Address of Cisco Meraki Devices article).
  2. Check for available wireless networks 
    1. Check if a known default SSID is being broadcast
  3. If a default SSID is being broadcast, connect your device to it
  4. If no known default SSIDs are present, set up a manual wireless network connection
    1. For the SSID name, use 'meraki-<MAC_Address>', for example 'meraki-xx:xx:xx:xx:xx:xx'. Replace the x's with the AP's MAC address in lower case

If a Meraki Access Point does not have a configuration from the Meraki Cloud Controller it will instead broadcast a default SSID of "Meraki-Scanning." The AP takes an address of 10.128.128.128, the SSID runs DHCP, and it will try to assign any clients that associate with it an address. This is merely to provide a connection between a client and the AP to allow for local configuration.

  1. After connecting, open a web browser and connect to one of the local status page addresses

  2. A list of the administrative tasks which are available to use can be found on the Using the Cisco Meraki Device Local Status Page article.

Default SSIDs

Potential known default SSID names along with potential causes/solutions:

<SSID_name>-bad-gateway

Cause: An AP's configured default gateway has failed to respond to 15 consecutive ARP requests.

Solution: Check the AP's IP address configuration and reachability to its default gateway.

<SSID_name>-connecting

Cause: An AP's SSID that is configured to use a VPN concentrator is unable to connect.

Solution: Verify connectivity to the concentrator using the tools in dashboard. Also, confirm that your local firewall is not blocking the connection.

<SSID_name>-scanning

Cause: Similar to 'bad-gateway', an AP is unable to connect to its default gateway.

Solution: Check the AP's IP address configuration and reachability to its default gateway.

Meraki Setup

Cause: An AP has never connected to the Meraki Cloud Controller (MCC) or has been factory reset.

Solution: Establish MCC connectivity for the AP by ensuring appropriate Internet access.

Note: MR46 (and other Wi-Fi 6 and newer APs) might not broadcast any of the default SSIDs out-of-the-box when running a factory firmware if an AP cannot acquire an IP address (e.g., networks without a DHCP server available).

In this scenario, the local status page cannot be used for an initial IP configuration, and the AP must be connected to the network with the DHCP server so the AP can connect to the dashboard.

 

IPv6 Support on MX Security & SD-WAN Platforms

The MX security appliance's local status page can be accessed using IPv6 via the browser by using the IPv6 address of an IPv6-enabled VLAN. 

The local status page will report the existing IPv6 address of the uplink(s). IPv6 uplink cannot be configured statically via the local status page.

Local status page with IPv6

When configuring PPPoE through the local status page, both IPv4 and IPv6 will be negotiated in the same PPP session.

PPPoE configuration with local status page IPv6

Similarly as to how we can manually set up the IPv4 address of our end of the PPP connection, it’s possible to configure a static link-local IPv6 address to be used in the PPP tunnel.

IPv6 link-local address

In the unlikely scenario where negotiating both IPv4 and IPv6 in the same PPP session causes the ISP to make the whole session fail, it’s possible to disable IPv6 over PPPoE by using the magic keyword “disabled” in the “IPv6 link-local address” field.

Refer to the main document: IPv6 Support on MX Security & SD-WAN Platforms [Core Fundamentals]