Meraki

Community

Missing Clients in client list

BenjaminJ
Here to help
‎Nov 2 2023 2:49 PM
‎Nov 2 2023 2:49 PM

Missing Clients in client list

Hi all, hoping for some help in solving a small mystery. We use Meraki group policies to customize firewall settings and apply VLAN tags, among other things. Right now, I'm using the API to standardize group policies for some networks. I wrote a Python script that removes the current group policies for a network ID I provide it and then it creates the new standard group policies. 

 

The problem I'm running into is that sometimes the removal of the group policy returns a 400 client error, saying basically "You can't delete this group policy because there are N clients assigned to it." So, I thought I'll add a function to my script that gets the list of clients and then checks to see if their policy is set to one of the policies being deleted, and if so, make a put request to change that client's policy to "Normal" (aka no policy). 

 

And this works fine except in a couple of annoying cases where for some reason, certain clients don't show up in the list of clients! I think this happens because we've cloned a few of our networks, and basically that client's mac address was coded to have that group policy on the original network. So basically, I have group policies with clients assigned, but those clients don't exist in the network, so I can't reassign those clients. Hence, I can't remove the group policy. Well, I CAN remove it, manually, but where's the fun in that?

 

Endpoints for reference:

Client list: /networks/{networkId}/clients

Client policy: /networks/{networkId}/clients/{clientId}/policy

Group policy: /networks/{networkId}/groupPolicies/{groupPolicyId}

0 Kudos
11 Replies 11
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 7:02 PM
‎Nov 2 2023 7:02 PM

Unfortunately, correct - the API does not allow you to get every client using a group policy - only recent clients.

 

You used to be able to list them in the dashboard, but I believe this approach is now broken, and it will only list clients within the timeframe given.

PhilipDAth_0-1698976836027.png

 

 

Maybe try using this type of filter:

PhilipDAth_1-1698976939809.png

You could also add a filter for Status=Offline to try and only display the older entries.

In response to PhilipDAth
BenjaminJ
Here to help
‎Nov 3 2023 6:22 AM
‎Nov 3 2023 6:22 AM

I was able to get them to show up by toggling the "all clients in the dashboard" option in your screenshot. So now I see the devices and MAC addresses. When I click on the client, the Dashboard says "Sorry, we couldn't find that client. Please go back and try again." However, the URL bar appears to have what I think is the client ID: 

BenjaminJ_0-1699017655922.png

I thought I'd made a breakthrough, but unfortunately when I try to use that client ID in my API endpoint URL, it returns a JSON error: 

{
"errors": [
"Client not found"
]
}

RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 2 2023 7:44 PM
‎Nov 2 2023 7:44 PM

Are you using proper pagination and proper timestamps ?

 

Because by default https://developer.cisco.com/meraki/api/get-network-clients/ will only collect clients from the last day and 10 clients per page. 


I have yet to find a discrepencies between the API and the dashboard. I will triple check tomorrow morning

In response to RaphaelL
BenjaminJ
Here to help
‎Nov 3 2023 6:09 AM
‎Nov 3 2023 6:09 AM

I'm setting the amount clients to return as the maximum, 1000. Is there a way to show older clients in the API?

0 Kudos
In response to BenjaminJ
RaphaelL
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 6:20 AM
‎Nov 3 2023 6:20 AM

https://developer.cisco.com/meraki/api/get-network-clients/

 

timespan (number)

The timespan for which the information will be fetched. If specifying timespan, do not specify parameter t0. The value must be in seconds and be less than or equal to 31 days. The default is 1 day.

In response to RaphaelL
BenjaminJ
Here to help
‎Nov 3 2023 6:35 AM
‎Nov 3 2023 6:35 AM

Got it. Tried that out, but unfortunately if the client has never connected, it still doesn't show in the client list.

0 Kudos
In response to RaphaelL
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 5 2023 10:53 AM
‎Nov 5 2023 10:53 AM

The API does not allow you to fetch clients with a group policy that has never been seen (such as manually created entries).

In response to PhilipDAth
John_on_API
Meraki Employee
Meraki Employee
‎Nov 13 2023 3:39 PM
‎Nov 13 2023 3:39 PM

Check out my post here

0 Kudos
WillSora
Conversationalist
‎Nov 12 2023 2:55 PM
‎Nov 12 2023 2:55 PM

I've encountered the same issues as the OP

Did notice this though

WillSora_0-1699829691096.png


Ticking the box and proceeding with deletion removes the policy. So is there an API Endpoint that can send that instruction/tick?

0 Kudos
John_on_API
Meraki Employee
Meraki Employee
‎Nov 13 2023 3:38 PM
‎Nov 13 2023 3:38 PM

Try this API: https://developer.cisco.com/meraki/api-v1/get-organization-policies-assignments-by-client/

 

And use this query param: includeUndetectedClients

In response to John_on_API
BenjaminJ
Here to help
‎Nov 15 2023 12:19 PM
‎Nov 15 2023 12:19 PM

That worked! Now the last piece is there any way to do a put, post, or delete to get rid of those undetected clients? According to the documentation, get is the only HTTP method allowed for that endpoint, so this might be a dead end anyway.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.