I'm just trying to use the new MV Sense API via MQTT and the works well. I have only one problem with authenticated MQTT server, I know I can put a CA Certificate but I need to specify username/password.
Someone knows if there is a plan to add this feature?
I'm trying to use cloud based MQTT for the same, but I cannot add my credentials to Meraki MQTT connection configuration.
Were you able to authenticate with username and password?
Well I haven't got any response yet, and I was asking about this on March. =/
Let's hope that your question triggers this at Meraki side.
The Meraki MV MQTT does not currently support username/password authentication. As noted, for secure connections, the only approach is by using a certificate. The feature to add user/pass auth has been submitted to the product team.
As a workaround....
I typically use a local MQTT broker to handle the high volume of local traffic. I then could forward all or a subset of that to an upstream broker. With this method, you could have different security types for each connection and just bridge the links. I do this on a basic Raspberry Pi with Node-RED running. I used the Mosca broker node, but mosquitto would do.
Hope this helps!
In the spirit of Meraki, I'm hopeful that the product team can come to a solution for leveraging cloud based brokers as I believe that a cloud based solution is what my customers are looking for as well as myself as an end user. The cloud based broker would eliminate the need for on premise equipment which is exactly why customers and myself love Meraki!
@TheChad , the Meraki MV Sense MQTT does support cloud brokers. The issue was that this particular cloud service charges you for the security mechanism that Meraki utilizes. Instead, CloudMQTT relies on a less secure alternative of username/password for their free service.
Here's a good article from HiveMQ that explains some of these details, and might be an alternative solution.
Thanks @DexterLaBora . I was utilizing the user/pass combo of CloudMQTT as this is for a lab environment along with just a proof of concept and I didn't want to go down the path of getting a certificate. I realize CloudMQTT, HiveMQ, and other cloud based brokers all utilize TLS/SSL but as I mentioned, I didn't want to go through the trouble of getting a certificate for a lab and/or POC only to have it torn down in a couple of months.
I can't speak to what @TMD and @webfrank use case(s) are, but my use case may be a very corner case. Ultimately, having the option of user/pass for me would still be invaluable for any lab/POC that I want to attempt to show any potential customers the power of Meraki. I can always mention that this is not the most secure way and using the TLS/SSL option is the best.
The problem here is that Meraki permit only the use of one CA certificate for all the cameras.
If one needs to setup different certificate for different camera is not possible.
Is not possible to specify the client is neither a custom prefix for the topic.
All these end up to configure a different broker for different set of cameras as is not possible to segregate the messages.
In my opinion this is a great limitation and is feasible only for small deploy.
@webfrank +100 for the topic/prefix option as well on the client side for the MV. I was only concerned at the moment of trying to get one camera to work. Imagine to my chagrin if I were to enable more cameras only to run in to the exact same issue you are alluding to. The same goes for the certificate concern as well.
@DexterLaBora can these things (user/pass; topic/prefix; certificates) be considered as well?