Hello Community,
I'm writing a Powershell script to automate the migration of my company's SSIDs from their old RADIUS servers to new ones that I setup. I'm coming up against a hurdle that neither my network admin nor I can seem to pin down.
When attempting to PUT a new config on an SSID I receive the error:
{"errors":["Could not find a default vlan id for all other APs."]}
The request body is (edits have been made for privacy):
{
"ipAssignmentMode": "Bridge mode",
"wpaEncryptionMode": "WPA2 only",
"useVlanTagging": true,
"radiusServers": [
{
"port": 1812,
"secret": "presharedkey1234",
"host": "10.0.0.222"
},
{
"port": 1812,
"secret": "presharedkey1234",
"host": "10.0.0.111"
}
],
"radiusFailoverPolicy": "Deny access",
"name": "Unconfigured SSID TEST",
"enabled": true,
"defaultVlanid": 24,
"splashPage": "None",
"authMode": "8021x-radius",
"radiusLoadBalancingPolicy": "Round robin"
}
I've tried splitting up the config changes into two separate PUT requests (i.e. apply a simple config, then go back and apply one with more details) with the same error.
I've searched the forum for every similar-looking issue, but haven't come across anything that moved me forward.
I'd appreciate any and every effort that'd assist me in resolving the issue.
Thanks!
Let me give you a different approach. Lets pretend you are using Microsoft NPS, which most people are.
Typically I use the "netsh nps export" and "netsh nps import" commands to move the RADIUS configuration from the old to the new server.
Then you just need to update the RADIUS server IP addresses on the Meraki side.
@PhilipDAth wrote:Typically I use the "netsh nps export" and "netsh nps import" commands to move the RADIUS configuration from the old to the new server.
Can we all just take a moment to appreciate netsh as a utility, especially how surprisingly powerful it is?
We can?
Awesome.
On a useful comment front, I very frequently extract the JSON of "thing that's configured right", then modify as necessary to put wherever I'm copying it too. Used that on a bunch of APs yesterday, for example. You have to match your body against whatever the PUT/POST command will take, since e.g. GET switchport will return null lines that PUT switchport throws errors at.
And Micrsoft are deprecsting netsh! Annoying.
I will let netsh be discontinued as soon as the new integrated pcap-taker is available on all my clients' environments.
Also when using the API, you might find it easiest to read the existing json from the API, update that, and then post the whole thing back again (I tend to do that).
Yeah, I tried that with no success. I also used the tool at https://developer.cisco.com/meraki/api/#/rest/api-endpoints/ssids/update-network-ssid to create a CURL one-liner that would accomplish my desired outcome. I received the same "Could not find a default vlan id for all other APs." error that way as well.
In my testing, I came across some surprising and unexpected behavior: I can successfully PUT the desired configuration to an SSID but only if the VLAN settings on it have been manually changed at some point.
Case 1:
An Unconfigured SSID has never been touched by a human. I manually modify the VLAN settings on it and save. I remove the settings programmatically by applying the base configuration you can GET from any other Unconfigured SSID. I apply my desired configuration to the Unconfigured SSID that I've edited and reverted edits on without error.
Case 2:
An Unconfigured SSID has never been touched by a human. I apply my desired configuration to the Unconfigured SSID with consistent error.
The reason it's important to apply a configuration to an Unconfigured SSID is that there's little to no consistency in the naming of SSIDs across our 100+ branches. This way we can both ease the load onto our RADIUS servers and of support calls that may come into the servicedesk.
Just wondering,....
What device are you configuring this on... MX84 or Z3 or.....
Some devices can not be configured using the API... depends on the chipset of the devices
@Edgar-VO wrote:Just wondering,....
What device are you configuring this on... MX84 or Z3 or.....
Some devices can not be configured using the API... depends on the chipset of the devices
This is not correct.
What you can configure depends on functionality of the device and the network. I.E. If I try to getMalwareSettings on an appliance without an advanced security license, I get an error 400 Bad Request, "Advanced Malware Protection (AMP) is not supported by this network"
If I have both an MX64W and actual APs in a network, I can't reach the MX64W's SSIDs via API once the APs are setup.
The whole point of the API is to work across the entire range of a given device type, within licensing parameters or potentially specifically noted exceptions.
***************************
* Just discard my reply on this...
* I guess i was not reading the problem properly 😉
***************************
In Python,
Just what the other say Copy the SSID, change the name... Write it back to the proper port.