Missing Clients in client list

BenjaminJ
Here to help

Missing Clients in client list

Hi all, hoping for some help in solving a small mystery. We use Meraki group policies to customize firewall settings and apply VLAN tags, among other things. Right now, I'm using the API to standardize group policies for some networks. I wrote a Python script that removes the current group policies for a network ID I provide it and then it creates the new standard group policies. 

 

The problem I'm running into is that sometimes the removal of the group policy returns a 400 client error, saying basically "You can't delete this group policy because there are N clients assigned to it." So, I thought I'll add a function to my script that gets the list of clients and then checks to see if their policy is set to one of the policies being deleted, and if so, make a put request to change that client's policy to "Normal" (aka no policy). 

 

And this works fine except in a couple of annoying cases where for some reason, certain clients don't show up in the list of clients! I think this happens because we've cloned a few of our networks, and basically that client's mac address was coded to have that group policy on the original network. So basically, I have group policies with clients assigned, but those clients don't exist in the network, so I can't reassign those clients. Hence, I can't remove the group policy. Well, I CAN remove it, manually, but where's the fun in that?

 

Endpoints for reference:

Client list: /networks/{networkId}/clients

Client policy: /networks/{networkId}/clients/{clientId}/policy

Group policy: /networks/{networkId}/groupPolicies/{groupPolicyId}

11 Replies 11
PhilipDAth
Kind of a big deal
Kind of a big deal

Unfortunately, correct - the API does not allow you to get every client using a group policy - only recent clients.

 

You used to be able to list them in the dashboard, but I believe this approach is now broken, and it will only list clients within the timeframe given.

PhilipDAth_0-1698976836027.png

 

 

Maybe try using this type of filter:

PhilipDAth_1-1698976939809.png

You could also add a filter for Status=Offline to try and only display the older entries.

I was able to get them to show up by toggling the "all clients in the dashboard" option in your screenshot. So now I see the devices and MAC addresses. When I click on the client, the Dashboard says "Sorry, we couldn't find that client. Please go back and try again." However, the URL bar appears to have what I think is the client ID: 

BenjaminJ_0-1699017655922.png

I thought I'd made a breakthrough, but unfortunately when I try to use that client ID in my API endpoint URL, it returns a JSON error: 

{
"errors": [
"Client not found"
]
}

RaphaelL
Kind of a big deal
Kind of a big deal

Are you using proper pagination and proper timestamps ?

 

Because by default https://developer.cisco.com/meraki/api/get-network-clients/ will only collect clients from the last day and 10 clients per page. 


I have yet to find a discrepencies between the API and the dashboard. I will triple check tomorrow morning

I'm setting the amount clients to return as the maximum, 1000. Is there a way to show older clients in the API?

RaphaelL
Kind of a big deal
Kind of a big deal

https://developer.cisco.com/meraki/api/get-network-clients/

 

timespan (number)

The timespan for which the information will be fetched. If specifying timespan, do not specify parameter t0. The value must be in seconds and be less than or equal to 31 days. The default is 1 day.

Got it. Tried that out, but unfortunately if the client has never connected, it still doesn't show in the client list.

PhilipDAth
Kind of a big deal
Kind of a big deal

The API does not allow you to fetch clients with a group policy that has never been seen (such as manually created entries).

Check out my post here

WillSora
Conversationalist

I've encountered the same issues as the OP

Did notice this though

WillSora_0-1699829691096.png


Ticking the box and proceeding with deletion removes the policy. So is there an API Endpoint that can send that instruction/tick?

John-K
Meraki Employee
Meraki Employee

Try this API: https://developer.cisco.com/meraki/api-v1/get-organization-policies-assignments-by-client/

 

And use this query param: includeUndetectedClients

That worked! Now the last piece is there any way to do a put, post, or delete to get rid of those undetected clients? According to the documentation, get is the only HTTP method allowed for that endpoint, so this might be a dead end anyway.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.