But when are we going to be able to actually view the passwords in dashboard again? This has been broken for months.

I don't get the idea or impression it is coming back (could be wrong).  I gather the way forward is to set or in some cases, enter a new password if not done so already. 

Seems like it's set this way by design - hence even support does not have access to the password.

I have to imagine part of the theory is, if you are in a situation where you have to access the device via the local status and it's offline, you can just factory reset it and if it's online you can just change it.

The inconvenience is slight for the situations where it's necessary. I'm sure there are corner cases but I have to guess that's the line of thinking

The reset deletes the Support Data Bundle, which in most cases is requested by Meraki Support when a device is down on our side. The new handling of the LSP creates a huge workload for me and I expect Meraki to make the password visible in the dashboard again.

You make it sound like it has definitely been removed from the GUI on purpose? I have a support ticket open where they are still "trying to fix it" ... am I being lead down a dead-end path here?🤔

Support told me this:
Unfortunately the behavior with the new implementation changed and it is not possible to view the existing password in Dashboard. You can have more details in the document below: https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

Sigh ... what's my support guy trying to fix then? 🤣 I will ask them now and see if they give me the same response. Not sure why there is so much smoke and mirrors around it all - if you are removing a feature from the dashboard just come out and say it.

I have now had a similar update from support, that we will never be able to view the passwords in the GUI again.

Hello

Following up on this case, to ensure the highest level of security and meet evolving regulatory requirements, neither Meraki nor the customers can see the password.

The network settings page will no longer have the ability to display a network’s LSP password.

It will be on the customer to save their password in a separate secure location for future reference.

The goal (and EU RED requirement) is for the customer to go and set it themselves. The intent of the auto-generated password is to act as a soft-block to customers to set their passwords themselves the first time.

Please check the document in the link below for more information.

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

Please let me know if you have further questions.

Kinds Regards

Tony,

It sounds like there are 2 scenarios I am concerned about:

1) Device is online.  You can choose to set a password and then track that with some kind of password manager or spreadsheet.  Or you could just reset the password every time and don't bother tracking it.  Is that accurate?

2) The second situation is the device is offline but a password has been set.  Are you saying a reset wipes the password?  Just thinking of situation where the device has been statically set so you can't get it back online.

Thanks in advance.

@Tony - What in your mind is best practice in handling this change for an MSSP with 100s of service desk agents managing a Meraki dashboard with 100s of orgs, thousands of networks, and tens of thousands of devices?

If I were to manage such MSP, I would seriously evaluate a corporate password manager. Assuming MSP has it's own Directory Service (MS Active Directory or any other), it's key that the password manager solution accepts logins from your Directory Service. This would allow you to disable just one login in case an employee leaves MSP.

For extra security, you may rotate device's local password by using API calls in all managed orgs. 😄 Don't ask me exactly how to do it. I just know that this API exists.

Thanks Tony!  Unfortunately that is not a great solution.  Even if you wanted to spend the money to do that, you have to make sure 100s of agents across the globe are using it correctly.  It is just not feasible.  Unfortunate that Meraki is doing things that nobody wants.  

Hi, @Mr_Meraki ,

It's a hard reality in computing: you add complexity every time you tighten security.

As you know from @EAzevedo reply, this change was made to comply with EU RED standard.

I'll say it again and you can see it in my earlier reply "I feel your pain. I also miss that old feature". I'm not just saying.

I'd better stop here before I start getting off topic while I runt about the good old days... And then someone will post that meme "Old man yells at cloud" making fun of me.

Anyhow, I'm not trying to convince you that the new local password feature is good or using a centralised password management solution is a great solution.

I'm here to help, just like you. Those are my insights on how We can adapt to that new regulation. The dashboard can change if enough people make feature request and We find a way to still comply with EU RED.

Thanks for your insights and thanks for understanding, @Mr_Meraki .

@Mr_Meraki  I'm really curious how often are you accessing the local status page (to the point where you have to login) and what are the use cases besides initial setup (no password set yet) or outage recovery (factory reset adds maybe a couple of minutes to the process IF you don't know the password)?

I manage ~100 orgs with over 1000 MXs and 7000 MR/MS and I can think of very few cases where we access these past initial setup.

The only downsides to those are your RO admins could see the info, but if you are small enough to not have any background api tools where you could add password management and your password system not have an API where you could easily keep things in sync, that is less likely to matter, certainly seems like a usable workaround. Run your script 1x a week or similar.