Getting Started: Cloud Monitoring Onboarding

Jeff-L
Meraki Employee
Meraki Employee

Getting Started: Cloud Monitoring Onboarding

To get started with Cloud Monitoring, check out the Onboarding Guide.

19 REPLIES 19
MattAhlenius
Conversationalist

I can't find the Onboarding Tool. Where can I download it from?


@MattAhlenius wrote:

I can't find the Onboarding Tool. Where can I download it from?


Hi Matt, you can download the onboarding application from Meraki Dashboard. To access it, go to Network-wide > Add Devices from the navigation on the left side. In this section, click on the link to add Catalyst switches to Dashboard.

 

Screen Shot 2022-06-14 at 4.10.07 PM (1).png

 

Then select your operating system from the list to download the version for your computer.

 

Screen_Shot_2022-06-14_at_4.11.03_PM.png

It is not there.

Capture.PNG

Can you check the type of network you are using at Organization > Overview in Dashboard?

 

You may need to create a new "switch" or "combined" network if your current one is wireless only. This is explained more at: https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal...

MattAhlenius
Conversationalist

That was the answer. Thank you!

Lurick
Getting noticed

Trying to onboard a 9300 switch and I keep getting "Device is not eligible for onboarding. Reason: Unable to connect to TLS" is there an option I'm missing to see more log information to try and figure out what's going on? I've gone through the checklist a few times and no issues there, default route, using front-panel ports, etc. so I'm a bit lost. I've even tried debugging crypto tls-tunnel on the switch and I get no messages at all which is just adding to the confusion.

Jeff-L
Meraki Employee
Meraki Employee

The logs are available in the bottom right corner of the onboarding application. This error generally means that the switch cannot successfully access the cloud gateway on TCP 443. This is a pre-check before onboarding continues prior to creating the TLS tunnel. One way to verify the connection is by testing

telnet us.tlsgw.meraki.com 443

from the switch CLI and confirming the connection completes without timing out (though there will not be any specific text displayed). The gateway address may vary depending on the region where you are. See https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal... for more information.

Lurick
Getting noticed

Aha! My VTY lines had transport output ssh but once I set it to transport output ssh telnet it worked 🙂

JustinB
Comes here often

I have the same issue "Device is not eligible for onboarding. Reason: Unable to connect to TLS" with a Catalyst 9300 switch using the management interface for onboarding. On this platform, the management interface is stuck in the Mgmt-vrf VRF.  Is this setup supported for onboarding or do I need to use another interface that's not in a VRF?

 

-Justin

Jeff-L
Meraki Employee
Meraki Employee

Management interface/VRF connections are not supported. A front panel port is required. The pre-onboarding checklist includes additional information.

dmbooth
Here to help

Trying to onboard a 9200L and I am getting the error 'Device is not eligible for onboarding. Reason: Device SUDI was not found'. I've tried 3 different IOS versions and all give the same result. The device has a DNA Adv license. Any suggestions as to how to fix please? Thanks.

Jeff-L
Meraki Employee
Meraki Employee

We will need to have some more specific information from your switches to determine next steps on this one. Please open a support case if you have not already and include the log files (link in the bottom right corner of the onboarding application).

Thanks for responding Jeff, case is open and have just sent screenshot, logs, etc.

MWakefield
Comes here often

I have managed to onboard a C9200L-24P-4G, however the switch is reporting as no telemetry, with the following alerts:

mars_capabilities_issue, mars_no_telemetry

There are no ACLs or firewall rules applied to affect this traffic

Senior Wireless Engineer
CCNA, CCNP Enterprise, ECSE Design

We will need to have some more specific information including your specific Dashboard network link to investigate this. Please open a support case if you have not already and include the log files (link in the bottom right corner of the onboarding application).

RomanMD
Building a reputation

wondering if this issue has been solved and how as I do experience the same issue on some switches...

Mikesisav
Comes here often

I get this error from the onboarding tool when inputting my API Key:

 

6/28/2022, 9:10:18 AM: CLIENT_EVENT :: User initiated login...
6/28/2022, 9:10:18 AM: Server handle login with token
6/28/2022, 9:10:18 AM: API_CALL :: GET https://api.meraki.com/api/v1/organizations
6/28/2022, 9:10:19 AM: API_ERROR :: GET https://api.meraki.com/api/v1/organizations undefined undefined
6/28/2022, 9:10:19 AM: Error validating token: self signed certificate in certificate chain

 

I assume our proxy is not allowing this traffic and it that reads to be one of the requirements : "HTTPS proxy servers that modify the certificate in transit are not currently supported."

 

Will I be able to onboard my 9300 in the future based on my environment?  

 

I tested off my corporate network and I the API key works and I start down the onboarding process.  

Based on the log provided, it is likely the proxy issue you identified is related. The onboarding application does not support this setup, as it prevents validation of the expected domain for the cloud side of the connection.

 

As a workaround, you may be able to configure your proxy settings to allow an exception to api.meraki.com on TCP 443 from the computer where you are onboarding so that the certificate provided from the API server is sent to your computer unchanged.

Jeff-L
Meraki Employee
Meraki Employee

In order to ensure clarity and ease of finding information, I am now closing this topic to further replies. Feel free to create a new topic with any additional questions.

Get notified when there are additional replies to this discussion.