Getting started: Cisco Catalyst 9300 Management with Meraki Dashboard
Overview
Cisco supports the ability to migrate a Catalyst 9300 to become Meraki Dashboard managed. This functionality migrates the switch or switch stack to become fully controlled by Meraki Dashboard. This means that upon migration there will no longer be console access to the switch and all configuration and monitoring will be performed in Dashboard or via the Local Status Page when trying to troubleshoot or configure connectivity.
During the migration process the switch's configuration, flash, USB-flash, and all storage will be formatted and reconfigured to the Meraki runtime.
Prerequisites
To manage the Catalyst 9300 operating in the Meraki-managed mode, you would need access to the Meraki Dashboard. Please refer to our Getting Started guide for details on setting up a Meraki account.
In order to add devices to your network, you would require their Meraki IDs. These Meraki IDs can be obtained by completing the Registration process explained below.
Once migrated to Meraki management mode, a C9300 can be used in any Meraki Dashboard network running cloud-managed Catalyst Switch firmware version, minimum CS 15.21.1+. Dashboard will not let you add the C9300 to a network if it does not meet the minimum firmware requirement. It is recommended to use current CS16GA firmware or newer for C9300 deployments.
Migrating from Monitored to Managed mode: If a Catalyst 9300 is already enrolled into Cloud Monitoring for Catalyst on the Meraki Dashboard, it must be removed from the Dashboard network and "unclaimed" from the Organization's inventory. It can then be "claimed" again, using the Meraki ID obtained using the registration process described below and onboarded into the Meraki-managed mode.
Migration is available for the following C9300 models
| 24 port models | C9300-24P, C9300-24T, C9300-24U, C9300-24UX, C9300X-24HX, C9300L-24T-4X, C9300L-24P-4X, C9300L-24UXG-4X |
| 48 port models | C9300-48P, C9300-48T, C9300-48U, C9300-48UN, C9300-48UXM, C9300X-48TX, C9300X-48HX, C9300X-48HXN, C9300L-48T-4X, C9300L-48P-4X, C9300L-48PF-4X, C9300L-48UXG-4X |
| Fiber models | C9300-24S, C9300-48S, C9300X-12Y, C9300X-24Y |
The following network modules are compatible with the migration process.
| C9300-NM | C9300-NM-2Q, C9300-NM-8X, C9300-NM-2Y* |
| C9300X-NM | C9300X-NM-2C, C9300X-NM-8Y |
| C3850-NM | C3850-NM-2-40G, C3850-NM-4-10G, C3850-NM-8-10G |
Additionally, Meraki modules MA-MOD-2X40G, MA-MOD-4X10G and MA-MOD-8X10G are also compatible with migrating C9300 switches.
*NOTE: The C9300-NM-2Y module requires CS16.8 firmware for support in dashboard. The exception to this is Fiber C9300-24S/48S which supports the C9300-NM-2Y in CS16.7
The system will not allow migration to proceed if an incompatible network module is plugged into a switch(es) being migrated. If your module isn't supported in the migration step, you can un-seat the module prior to migration and re-install after migration.
Migrating to Meraki-managed mode
For migration for all C9300X, C9300, 9300L switches requires* the switch to be on a special IOS-XE release (cat9k_iosxe.17.09.03m3.SPA.bin), in INSTALL mode. This special firmware release can be download using this link.(updated 2/29/24)
Instructions for INSTALL mode upgrades can be found in the corresponding Catalyst 9300 Firmware Upgrade guide.
*strongly encouraged. Other firmware versions may work.
Step 1: Validate Compatibility
To validate that your Catalyst switch has the hardware and software configuration compatible with the Meraki-managed mode, run the following command from the IOS-XE CLI.
show meraki compatibility
Switch#show meraki compatibility ================================================== Compatibility Check Status -------------------------------------------------- Boot Mode INSTALL - Compatible Stackwise Virtual Disabled - Compatible -------------------------------------------------- ------------------------------------------------------------------------------------------- Switch# SKU Bootloader Version Network Modules ------------------------------------------------------------------------------------------- 1 C9300-48U - Compatible 17.10.1r - Compatible C9300-NM-8X - Compatible ---------------------------------------------------------------------------------------------------------------------- Compatible SKUs: C9300-24P, C9300-24T, C9300-24U, C9300-24UX, C9300-48P, C9300-48T, C9300-48U, C9300-48UN, C9300-48UXM Compatible NMs : C3850-NM-2-40G, C3850-NM-4-10G, C3850-NM-8-10G, C9300-NM-2Q, C9300-NM-8X, MA-MOD-2X40G, MA-MOD-4X10G, MA-MOD-8X10G ----------------------------------------------------------------------------------------------------------------------
If you attempt to migrate an incompatible switch or compatible switch with an incompatible network module, the process will fail with an error message.
If your module is NOT supported in the pre-migrated IOS-XE firmware, you can un-seat the module during migration. Installing the module after migration and firmware upgrade.
Step 2: Register the switch / switch stack with the Meraki Dashboard
Ensure that the Catalyst switch is able to connect to the internet and resolving dashboard.meraki.com
To resolve DNS names and communicate with the Meraki Dashboard, the Catalyst switch will need the following configuration.
- A layer 3 interface, such as an SVI or routed interface, with an IP address that has connectivity to the internet.
- A next-hop or default gateway IP which the switch can use to send traffic to the internet.
- A DNS server which can resolve dashboard.meraki.com.
- "internet bound" vlan configured as http client source-interface
Example script while in global configuration mode:
vlan {vlan used for cloud connectivity}
exit
!
interface vlan {VLAN where DHCP is present}
ip address dhcp
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 dhcp
ip http client source-interface {vlan-interface}
!
ip name-server 8.8.8.8
You can check whether the switch is configured correctly by pinging dashboard.meraki.com
NOTE:
-Do not use the OOB port (Gig0/0) management port on the rear of the switch for internet connectivity. Front facing ports only
-SVIs only, no routed-port support at this time
Once you have validated that the switch can reach the Meraki Dashboard, use the following command to register the switch(es) unit or stack member with dashboard:
Single Member:
service meraki register
Stack:
service meraki register switch {member number}
During the registration process, the switch will communicate with the Meraki Dashboard to register itself and receive its Meraki ID. Each switch, including switches in a stack will receive and individual Meraki ID. The Catalyst serial number and Meraki ID mapping, along with the registration status, will be displayed on the CLI terminal, as shown below.
Device Registration Status: --------------------------- Switch Serial Migration Num PID Number Meraki ID Mac Address Status Mode -------------------------------------------------------------------------------- 1 C9300-48U FCWxxxxxxxx XXZZ-XXZZ-XXZZ 70xx.79xx.5axx Registered C9K-C
The output above highlights each switch in the stack, the chassis serial, Meraki ID from the registration process, the system MAC address that will be visibile in Dashboard, and the current operating mode which should always be C9K-C (DNA mode) at this step in the process.
Step 3: Initiating migration to Meraki-managed mode
Once the switch or switch switch stack has been registered with the the Dashboard, it can be migrated to the Meraki-managed mode using the following command.
service meraki start
The migration process is catastrophic to all onboard and connected storage devices. Device configuration and files stored on locally, or on any attached USB devices will be deleted.
Please be sure to back up all necessary data from the local or connected storage, prior to initiating the migration. It is recommended that USB storage devices be disconnected, as they will not be operational in the Meraki-managed mode.
Once this command is issued the switch will for confirmation before initiating a factory reset procedure and setting the console to read-only mode. The switch may take up to 15 minutes to factory reset, and reboot in the Meraki-managed mode.
Please DO NOT power cycle the switches during the factory factory reset process. The console connection remains in the read-only mode and can be used to monitor the process.
During migration, the switch or switch stack may reboot one or more times to enable 802.3bt.
Once the switch has rebooted console access will be turned down to only showing log events. The switch will boot up with default configurations as per the out-of-box behavior of the MS390. Please see the documentation here for more information on how zero-touch works and the best practice configurations.
Migrating to DNA or CLI managed mode
To migrate your Catalyst switch(es) to DNA or CLI mode, please contact Meraki Support. To be migrated, a switch must be online and connected to the Meraki dashboard.
Migration will factory default the switch and all configuration.
When operating in the Meraki-managed mode, Catalyst switches use firmware customized for cloud connectivity.
Once the migration to DNA or CLI managed mode is complete, please be sure to install a supported IOS-XE software version on the switches before deploying them in production networks.