I can't find the Onboarding Tool. Where can I download it from?
Hi Matt, you can download the onboarding application from Meraki Dashboard. To access it, go to Network-wide > Add Devices from the navigation on the left side. In this section, click on the link to add Catalyst switches to Dashboard.
Then select your operating system from the list to download the version for your computer.
Can you check the type of network you are using at Organization > Overview in Dashboard?
You may need to create a new "switch" or "combined" network if your current one is wireless only. This is explained more at: https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal...
Trying to onboard a 9300 switch and I keep getting "Device is not eligible for onboarding. Reason: Unable to connect to TLS" is there an option I'm missing to see more log information to try and figure out what's going on? I've gone through the checklist a few times and no issues there, default route, using front-panel ports, etc. so I'm a bit lost. I've even tried debugging crypto tls-tunnel on the switch and I get no messages at all which is just adding to the confusion.
The logs are available in the bottom right corner of the onboarding application. This error generally means that the switch cannot successfully access the cloud gateway on TCP 443. This is a pre-check before onboarding continues prior to creating the TLS tunnel. One way to verify the connection is by testing
telnet us.tlsgw.meraki.com 443
from the switch CLI and confirming the connection completes without timing out (though there will not be any specific text displayed). The gateway address may vary depending on the region where you are. See https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal... for more information.
I have the same issue "Device is not eligible for onboarding. Reason: Unable to connect to TLS" with a Catalyst 9300 switch using the management interface for onboarding. On this platform, the management interface is stuck in the Mgmt-vrf VRF. Is this setup supported for onboarding or do I need to use another interface that's not in a VRF?
Management interface/VRF connections are not supported. A front panel port is required. The pre-onboarding checklist includes additional information.
Trying to onboard a 9200L and I am getting the error 'Device is not eligible for onboarding. Reason: Device SUDI was not found'. I've tried 3 different IOS versions and all give the same result. The device has a DNA Adv license. Any suggestions as to how to fix please? Thanks.
We will need to have some more specific information from your switches to determine next steps on this one. Please open a support case if you have not already and include the log files (link in the bottom right corner of the onboarding application).
I have managed to onboard a C9200L-24P-4G, however the switch is reporting as no telemetry, with the following alerts:
There are no ACLs or firewall rules applied to affect this traffic
We will need to have some more specific information including your specific Dashboard network link to investigate this. Please open a support case if you have not already and include the log files (link in the bottom right corner of the onboarding application).
I get this error from the onboarding tool when inputting my API Key:
6/28/2022, 9:10:18 AM: CLIENT_EVENT :: User initiated login...
6/28/2022, 9:10:18 AM: Server handle login with token
6/28/2022, 9:10:18 AM: API_CALL :: GET https://api.meraki.com/api/v1/organizations
6/28/2022, 9:10:19 AM: API_ERROR :: GET https://api.meraki.com/api/v1/organizations undefined undefined
6/28/2022, 9:10:19 AM: Error validating token: self signed certificate in certificate chain
I assume our proxy is not allowing this traffic and it that reads to be one of the requirements : "HTTPS proxy servers that modify the certificate in transit are not currently supported."
Will I be able to onboard my 9300 in the future based on my environment?
I tested off my corporate network and I the API key works and I start down the onboarding process.
Based on the log provided, it is likely the proxy issue you identified is related. The onboarding application does not support this setup, as it prevents validation of the expected domain for the cloud side of the connection.
As a workaround, you may be able to configure your proxy settings to allow an exception to api.meraki.com on TCP 443 from the computer where you are onboarding so that the certificate provided from the API server is sent to your computer unchanged.
In order to ensure clarity and ease of finding information, I am now closing this topic to further replies. Feel free to create a new topic with any additional questions.