cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MV Sense MQTT Connection

Highlighted
Here to help

MV Sense MQTT Connection

Hi,

   I'm just trying to use the new MV Sense API via MQTT and the works well. I have only one problem with authenticated MQTT server, I know I can put a CA Certificate but I need to specify username/password.

 

Someone knows if there is a plan to add this feature?

11 REPLIES 11
TMD
Conversationalist

Re: MV Sense MQTT Connection

Hi Webfrank, 

 

I'm trying to use cloud based MQTT for the same, but I cannot add my credentials to Meraki MQTT connection configuration. 

Were you able to authenticate with username and password?  

Here to help

Re: MV Sense MQTT Connection

/bump

 

I sent in the exact same question to my Meraki engineer as well.  Hoping to find a response.

TMD
Conversationalist

Re: MV Sense MQTT Connection

Hi TheChad!

 

Well I haven't got any response yet, and I was asking about this on March. =/ 

Let's hope that your question triggers this at Meraki side. 

Here to help

Re: MV Sense MQTT Connection

@TMD Just out of curiosity, are you looking at CloudMQTT?

Here to help

Re: MV Sense MQTT Connection

@webfrank @TMD Just letting you guys know, I'm still waiting to hear back from my Meraki SE.  I also opened a Meraki case and pointed them to this thread as well.  Will continue to keep you posted.

 

FYI, the cloud broker that I am trying to utilize is https://www.cloudmqtt.com

 

Meraki Employee

Re: MV Sense MQTT Connection

The Meraki MV MQTT does not currently support username/password authentication. As noted, for secure connections, the only approach is by using a certificate. The feature to add user/pass auth has been submitted to the product team.

 

As a workaround....

I typically use a local MQTT broker to handle the high volume of local traffic. I then could forward all or a subset of that to an upstream broker. With this method, you could have different security types for each connection and just bridge the links. I do this on a basic Raspberry Pi with Node-RED running. I used the Mosca broker node, but mosquitto would do.

 

Screen Shot 2019-08-07 at 2.56.26 PM.pngScreen Shot 2019-08-07 at 2.56.10 PM.pngScreen Shot 2019-08-07 at 2.55.51 PM.png

 

Hope this helps!

Cory

Here to help

Re: MV Sense MQTT Connection

Thanks @DexterLaBora

 

In the spirit of Meraki, I'm hopeful that the product team can come to a solution for leveraging cloud based brokers as I believe that a cloud based solution is what my customers are looking for as well as myself as an end user. The cloud based broker would eliminate the need for on premise equipment which is exactly why customers and myself love Meraki!

Meraki Employee

Re: MV Sense MQTT Connection

@TheChad , the Meraki MV Sense MQTT does support cloud brokers. The issue was that this particular cloud service charges you for the security mechanism that Meraki utilizes. Instead, CloudMQTT relies on a less secure alternative of username/password for their free service.

Here's a good article from HiveMQ that explains some of these details, and might be an alternative solution. 
https://www.hivemq.com/blog/mqtt-security-fundamentals-tls-ssl/ 

Here to help

Re: MV Sense MQTT Connection

Thanks @DexterLaBora .  I was utilizing the user/pass combo of CloudMQTT as this is for a lab environment along with just a proof of concept and I didn't want to go down the path of getting a certificate.  I realize CloudMQTT, HiveMQ, and other cloud based brokers all utilize TLS/SSL but as I mentioned, I didn't want to go through the trouble of getting a certificate for a lab and/or POC only to have it torn down in a couple of months.

 

I can't speak to what @TMD and @webfrank use case(s) are, but my use case may be a very corner case.  Ultimately, having the option of user/pass for me would still be invaluable for any lab/POC that I want to attempt to show any potential customers the power of Meraki.  I can always mention that this is not the most secure way and using the TLS/SSL option is the best.

Here to help

Re: MV Sense MQTT Connection

The problem here is that Meraki permit only the use of one CA certificate for all the cameras.

 

If one needs to setup different certificate for different camera is not possible.

 

Is not possible to specify the client is neither a custom prefix for the topic. 

 

All these end up to configure a different broker for different set of cameras as is not possible to segregate the messages. 

 

In my opinion this is a great limitation and is feasible only for small deploy.

Here to help

Re: MV Sense MQTT Connection

@webfrank +100 for the topic/prefix option as well on the client side for the MV.  I was only concerned at the moment of trying to get one camera to work.  Imagine to my chagrin if I were to enable more cameras only to run in to the exact same issue you are alluding to.  The same goes for the certificate concern as well.

 

@DexterLaBora can these things (user/pass; topic/prefix; certificates) be considered as well?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.