MERAKI BACKUP AND RESTORE

Ritchie
Getting noticed

MERAKI BACKUP AND RESTORE

Hi guys,

Good Morning.

 

Just want to hear your unique ways about how to backup your configuration in the dashboard to your local drive.

In my situation i had an MX65W with configurations already and then i will have a new MX65W coming to be use in another organization.

My question first is how can i backup my configuration from my existing MX65W so that i can use it to my new MX65W? (But this is answered already by meraki support so they provide me a link  : https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Cloning_Network_S... ).

In this link i just saw how to clone from network to another network in one organization.

 

Now, i want to hear from you guys if you experience this already and how you tried to backup from one organization to another organization.

 

Thanks in advance.

81 REPLIES 81
PhilipDAth
Kind of a big deal

Thanks @PhilipDAth , i would try this now.

Config Sync and Templates is the native way of replicating configuration from networks which need to be re-used and re-purposed else where.

 

If you're wanting to back-up the configuration to a local file you can do this via scripting and the API. @PhilipDAth has created a script for this purpose. I've tested it and works fantastic!

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

Hey @MilesMeraki or @PhilipDAth  could you pleaes indicate me where is that script ? thanks in advance.

PhilipDAth
Kind of a big deal

Check out the second post.

thanks Philip , good idea about that script btw . Regards

I am getting an error message that I haven't seen in any of the other replies. When I run the backup script I get:

 

Traceback (most recent call last):
File "C:\Users\bry\AppData\Local\Programs\Python\Python38-32\scripts\meraki-backup.py", line 200, in <module>
from dotenv import load_dotenv
ModuleNotFoundError: No module named 'dotenv'

PhilipDAth
Kind of a big deal

I think I missed one step.  Try:

pip install -U python-dotenv

Let me know if that fixes it and I'll update the instructions.

That did get me past that error. Now I am getting this:

 

Processing network correct network name
warning: MX VLANs disabled - wont be able to restore IP addressing
Traceback (most recent call last):
File "C:\Users\bry\AppData\Local\Programs\Python\Python38-32\scripts\meraki-backup.py", line 251, in <module>
write_ssid_settings(file,meraki,row['id'])
File "C:\Users\bry\AppData\Local\Programs\Python\Python38-32\scripts\meraki-backup.py", line 180, in write_ssid_settings
mySSIDs=meraki.ssids.get_network_ssids(networkid)
File "C:\Users\bry\AppData\Local\Programs\Python\Python38-32\lib\site-packages\meraki_sdk\controllers\ssids_controller.py", line 117, in get_network_ssids
self.validate_response(_context)
File "C:\Users\bry\AppData\Local\Programs\Python\Python38-32\lib\site-packages\meraki_sdk\controllers\base_controller.py", line 94, in validate_response
raise APIException('HTTP response not OK.', context)
meraki_sdk.exceptions.api_exception.APIException: HTTP response not OK.

PhilipDAth
Kind of a big deal

That means it is failing to get a list of SSIDs in your network.

 

What kind of WiFi device do you have in your network, and are you an Organisation admin so you have rights to read the properties?

I just have one Ubiquity Unify WAP. I am an organization admin.

PhilipDAth
Kind of a big deal

@Cardinal ,

 

So you don't even see a "Wireless" section in the dashboard, correct?

 

Do you have an ordinary MX (like an MX64) or one with WiFi integrated (such as an MX64W)?

Right, there is no "wireless section". I see an option to set up a wireless concentrator, but I haven't done anything with that. It is an MX 64.

I found this erro when executing. I am not really familiar with python. 

meraki error local backup.PNG

PhilipDAth
Kind of a big deal

Try changing these three lines from:

del mySNMP['v2CommunityString']
del mySNMP['hostname']
del mySNMP['port']

to:

if 'v2CommunityString' in mySNMP:

<tab>del mySNMP['v2CommunityString']

if 'hostname' in mySNMP:

<tab>del mySNMP['hostname']

if 'port' in mySNMP:

<tab>del mySNMP['port']

 

Make sure you replace "tab" with the tab key.  Formatting is very important in Python.  Let me know if it fixes it so I can update the main script.

Thanks @PhilipDAth I will update you once done executing.

C:\Users\Lenovo\Desktop>python meraki-backup.py [API-KEY] "Ardent Network Inc"
Processing network MY NETWORK
Processing network NGKHAI
HTTP Status Code: 404 - No returned data

Traceback (most recent call last):
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 601, in urlopen
chunked=chunked)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 850, in _validate_conn
conn.connect()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connection.py", line 326, in connect
ssl_context=context)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\util\ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 814, in __init__
self.do_handshake()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ConnectionAbortedError: [WinError 10053] An established connection was aborted by the software in your host machine

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\adapters.py", line 440, in send
timeout=timeout
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\util\retry.py", line 357, in increment
raise six.reraise(type(error), error, _stacktrace)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\packages\six.py", line 685, in reraise
raise value.with_traceback(tb)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 601, in urlopen
chunked=chunked)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connectionpool.py", line 850, in _validate_conn
conn.connect()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\connection.py", line 326, in connect
ssl_context=context)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\urllib3\util\ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 814, in __init__
self.do_handshake()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionAbortedError(10053, 'An established connection was aborted by the software in your host machine', None, 10053, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "meraki-backup.py", line 184, in <module>
write_ssid_settings(file,apikey,row['id'],suppressprint)
File "meraki-backup.py", line 121, in write_ssid_settings
myRules=meraki.getssidl3fwrules(apikey, networkid, row['number'], suppressprint)[0:-2]
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\meraki\meraki.py", line 1703, in getssidl3fwrules
dashboard = requests.get(geturl, headers=headers)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\sessions.py", line 640, in send
history = [resp for resp in gen] if allow_redirects else []
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\sessions.py", line 640, in <listcomp>
history = [resp for resp in gen] if allow_redirects else []
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\sessions.py", line 218, in resolve_redirects
**adapter_kwargs
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "C:\Users\Lenovo\AppData\Local\Programs\Python\Python36-32\lib\site-packages\requests\adapters.py", line 490, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionAbortedError(10053, 'An established connection was aborted by the software in your host machine', None, 10053, None))

PhilipDAth
Kind of a big deal

Hi @Ritchie.  Just edit that last post and remove the API key from from the command line.  I'll have a look at the rest.

PhilipDAth
Kind of a big deal

I see it got upset when retrieving the SSID Firewall rules. I haven't tested against a M65W before, so I'll go try that.

 

So the prior change I gave got you past the SNMP issue?

PhilipDAth
Kind of a big deal

I have a couple of thoughts.

 

Are you perhaps using Python V2 instead of Python V3?  To force the version try:

python3 meraki-backup.py <api-key> "Ardent Network Inc"

 

I have also updated the script to include the SNMP fix, and an issue with SSIDs.  So you should download a fresh copy.  You may still get some errors, but you should get a reasonable restore script produced.

python3.6.PNG

 

 

I am using python 3.6

The old script worked with me fine with Python 3.6, all I did was go into my network-wide settings and just enabled SNMP and set anonymous community strings which did the trick.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

I will check that.

I just tried the script and seems to work fine, at least i can not see any errors but where the results are written ??  which folder ?

Thanks

 

PhilipDAth
Kind of a big deal

The results are written to the "current working directory" - so whatever directory you ran the command in, the restore script will be in.

oh ok , sorry Philip, i thougth that the results were written on a file other that the restore script. I see now that the "data" is inside the restore scripts itself. clear.

Thanks again.

Miguel Angel

Tried out the backup script. Had some problems getting it to run at first. Error was: 

TypeError: __init__() got an unexpected keyword argument 'strict'

Reason was an out-of-date requests library. Fixed that by using:

pip install --upgrade requests

 

For testing I had created a dummy network that didn't have actual hardware in it but had some hardware independent settings changed. Had problems creating a backup with that somewhat empty network in my org:

 

HTTP Status Code: 404 - No returned data

Traceback (most recent call last):
  File "meraki-backup.py", line 187, in <module>
    write_ssid_settings(file,apikey,row['id'],suppressprint)
  File "meraki-backup.py", line 124, in write_ssid_settings
    myRules=meraki.getssidl3fwrules(apikey, networkid, row['number'], suppresspr
int)[0:-2]
TypeError: 'NoneType' object is not subscriptable

 

 Although the backup without that network was successful I'm not really willing to try out whether restore works on my real networks.

 

I think that Meraki should allow for some kind of backup natively.

Thanks for the feedback!  I don't think I have tested it out on a network with no devices in it.  I'll give that a try sometime.

@PhilipDAth

Have you considered putting this script under version control on GitHub? Would be a great way to for people to track changes/updates and contribute to the code base.

I hadn't considered it.  I'm not a proper developer ...

I too am receiving errors when running the script. Both on Organizations with and without devices on their network. See below.

 

Python 3.6.5

requests  2.18.4

meraki 0.33

 

HTTP Status Code: 404 - No returned data

Traceback (most recent call last):
  File "meraki-backup.py", line 159, in <module>
    write_admins(file,apikey, orgid, suppressprint);
  File "meraki-backup.py", line 53, in write_admins
    for row in myOrgAdmins:
TypeError: 'NoneType' object is not iterable

 

Hello Team,

 

I am facing below problem,

 
 

PS C:\Users\USER\Documents\Python> python3 meraki-backup.py xxxxxx "xxxxxx"
Traceback (most recent call last):
File "meraki-backup.py", line 142, in <module>
orgid=get_org_id(apikey,args.orgName,suppressprint)
File "meraki-backup.py", line 13, in get_org_id
result = meraki.myorgaccess(apikey, suppressprint)
AttributeError: module 'meraki' has no attribute 'myorgaccess'

 

 

Using python 3.7.5 on windows 10.

 

Sita

I just tried it and it worked for me.

 

If you are on Windows did you do the following from an Administrative prompt?

pip install requests
pip install meraki

 

Are you sure the API key you are using has full administrator access?  It sounds like it does not have rights to access the list of organisations.

Hello Philip,

 

Yes, I have already installed requests and meraki modules using pip.

 

API key that has been generated have full administrative access to only meraki organization we have.

 

 

LOL! You need a python script to half-ass backup the Meraki config?  Cisco you're the best!

>LOL! You need a python script to half-ass backup the Meraki config?  Cisco you're the best!

 

The easiest way to back it up is to just copy it.  However this backup is kept in the cloud.  A small number of people prefer to have an offline backup.

The script made some problems for me, because i have switch or wifi networks without fw rules. So I simply insert a try except block in line 185. Now it works like a charm. Great work so far, hope we can add switch configs and device assignment into the code.

Thanks a lot!

PhilipDAth
Kind of a big deal

Thanks for the feedback and the tip.  That should have worked fine with no firewall rules applied.

 

The whole system need a bits of a refresh.  Perhaps a holiday break project.

Hello Philip, thanks for the script. I tried to backup my conf and it worked well; now I'm trying to restore it and I'm getting this error:

 

Schermata 2019-12-20 alle 12.04.25.JPG

 

 

 

but I'm not confident with python and I can't resolve it

I've released a completely refreshed version of the offline backup/restore system now.

https://www.ifm.net.nz/cookbooks/meraki-backup.html 

 

@DiegoAMorelli this should resolve your issue as well.

I am trying to run the script and getting this.. MerakiBackup.JPG

 

PhilipDAth
Kind of a big deal

Are you sure your API key is correct @AndrewE ?

 

The script is failing at the most basic of levels, finding the orgs that you have access to.

I had placed the api in the wrong location.

Is there a way to target a single network inside an Organization? In some instances there is no Mx so the script fails out and missed around 60 networks.
PhilipDAth
Kind of a big deal

>Is there a way to target a single network inside an Organization?

 

No, but it should not fail.  Can you post an example of the error you get please.

MerakiBackup.PNG

 

I've run it a couple of times and it always seems to hang on a random network at this point.  I don't know if it is the script or what.  

Just for Ref. The site that pops that error has no MX appliance.
PhilipDAth
Kind of a big deal

Thanks for the valuable tip.  I'm not sure I have ever had a network without any MX's.

 

I'll check the network type in that case and conditionally processed based on that.

I added some try except blocks and I also wanted to backup my swatches and all ports:

 

def write_mydevices(file,meraki,networkid):
mydevice=meraki.devices.get_network_devices(networkid)
if mydevice is None:
return
file.write("\t# Devices\n")
file.write("\t# https://developer.cisco.com/meraki/api/#/rest/api-endpoints/devices/update-network-device\n")
for row in mydevice:
file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}}/devices/claim.format(str(networkid))\n")
file.write("\tdashboard = session.put(puturl, json="+str(row['serial'])+", headers=headers)\n")
file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/devices/"+str(row['serial'])+"'.format(str(networkid))\n")
file.write("\tdashboard = session.put(puturl, json="+str(row)+", headers=headers)\n")
if 'switchProfileId' in row:
switchports=meraki.switch_ports.get_device_switch_ports(row['serial'])
for port in switchports:
file.write("\tputurl = 'https://api.meraki.com/api/v0/devices/"+str(row['serial'])+"'/switchPorts/"+str(port['number'])+"'.f...")
file.write("\tdashboard = session.put(puturl, json="+str(port)+", headers=headers)\n")

 

[...]

 

try:
write_mx_vlans(file,meraki, row['id'])
except:
print("no mx VLAN")
try:
write_mx_cellular_fw_rules(file,meraki,row['id'])
except:
print("no mobile firewall rule")
try:
write_mx_l3_fw_rules(file,meraki,row['id'])
except:
print("no MX firewall rule")
try:
write_vpn_settings(file,meraki,row['id'])
except:
print("no VPN")
try:
write_ssid_settings(file,meraki,row['id'])
except:
print("no SSID")
try:
write_qos(file,meraki,row['id'])
except:
print("no QoS")
try:
write_mydevices(file,meraki,row['id'])
except:
print("no devices")

Where does this section belong?

 

try:
write_mx_vlans(file,meraki, row['id'])
except:
print("no mx VLAN")
try:
write_mx_cellular_fw_rules(file,meraki,row['id'])
except:
print("no mobile firewall rule")
try:
write_mx_l3_fw_rules(file,meraki,row['id'])
except:
print("no MX firewall rule")
try:
write_vpn_settings(file,meraki,row['id'])
except:
print("no VPN")
try:
write_ssid_settings(file,meraki,row['id'])
except:
print("no SSID")
try:
write_qos(file,meraki,row['id'])
except:
print("no QoS")
try:
write_mydevices(file,meraki,row['id'])
except:
print("no devices")

At the end, where you call the functions:

 

myNetworks = meraki.networks.get_organization_networks({"organization_id": orgid})
for row in myNetworks:
if row['type'] == 'systems manager':
continue

if row['tags'] is None:
del row['tags']

status="Processing network "+row['name']
print(status)
file.write("# Add Network: "+row['name']+"\n")
file.write("print('"+status+"')\n")

file.write("try:\n")
file.write("\t# https://dashboard.meraki.com/api_docs#create-a-network\n")
file.write("\tposturl = 'https://api.meraki.com/api/v0/organizations/{0}/networks'.format(str(orgid))\n")
file.write("\tdashboard = session.post(posturl, json="+repr(row)+", headers=headers)\n")
file.write("\tdashboard.raise_for_status()\n")

file.write("\tnetworkid=dashboard.json()['id']\n")
file.write("\n")
try:
write_mx_vlans(file,meraki, row['id'])
except:
print("no mx VLAN")
try:
write_mx_cellular_fw_rules(file,meraki,row['id'])
except:
print("no mobile firewall rule")
try:
write_mx_l3_fw_rules(file,meraki,row['id'])
except:
print("no MX firewall rule")
try:
write_vpn_settings(file,meraki,row['id'])
except:
print("no VPN")
try:
write_ssid_settings(file,meraki,row['id'])
except:
print("no SSID")
try:
write_qos(file,meraki,row['id'])
except:
print("no QoS")
try:
write_mydevices(file,meraki,row['id'])
except:
print("no devices")
file.write("except requests.exceptions.HTTPError as err:\n")
file.write("\tprint('Can not add network "+row['name']+" - it probably already exists')\n")
file.write("\n");
file.flush()

moacosta
Conversationalist

taking some of code mentioned in the thread, we did a GUI to schedule the backup file and execute the backup file at the date and time define

 

you can review it here 

 

 

https://github.com/gve-sw/ConfigurationBackupPlanner/blob/master/README.md

 

 

PhilipDAth
Kind of a big deal

Thanks @Fabian1 .

I've taken @PhilipDAth's original script, added @Fabian1 portions as well which has created a Solid Organization level backup. 

 

#!/usr/bin/env python3
#
# Before running this script you need to install these two modules:
# pip install requests
# pip install meraki-sdk
# pip install -U python-dotenv
#
# Before you can use these scripts you need an API key.  Following this guide to create an API key.
# https://documentation.meraki.com/zGeneral_Administration/Other_Topics/The_Cisco_Meraki_Dashboard_API#Enable_API_access
#
# Create a ".meraki.env" file in your home directory (special note for Windows users - the filename is dot meraki dot env).
# This is used to store your sensitive information.  If you are a Windows user and you go Windows+R and type in "cmd" and
# hit return you'll have a command prompt with the current directory equal to your home directory.  From here you can
# go "notepad .meraki.env" to create the file.  A sample might look like:
# x_cisco_meraki_api_key=****************************************
# Alternatively (ie only do this if you don't do the above) you can create a .env (note dot env) file in the same
# directory as the backup script witht the same "x_cisco_meraki_api_key" field.
#
# To run a backup go:
# meraki-backup.py "org name"
# This will create a file called meraki-restore.py.  To do a restore you go:
# meraki-restore.py "org name"
# Note that the store will not overwrite existing networks.  You can either rename an existing network you want to restore
# over or edit meraki-restore.py to restore into a different [new] network.  Also you can edit meraki-restore.py to only
# restore the bits you want.
#
import os
from meraki_sdk.meraki_sdk_client import MerakiSdkClient
from meraki_sdk.exceptions.api_exception import APIException
import argparse
import json

def get_org_id(meraki,orgName):
	result = meraki.organizations.get_organizations()
	for row in result:
		if row['name'] == orgName:
			return row['id']

	raise ValueError('The organization name does not exist')

def write_restore_header(file):
	file.write("#!/usr/bin/env python3\n");
	file.write("#\n");
	file.write("# Search for \"#restored\" and edit below that to control what is restored.\n");
	file.write("#\n");
	file.write("import os\n");
	file.write("import argparse\n");
	file.write("import requests\n");
	file.write("\n");
	file.write("\n");
	file.write("from dotenv import load_dotenv\n");
	file.write("load_dotenv()\n");
	file.write("load_dotenv(dotenv_path=os.path.join(os.path.expanduser('~'),'.meraki.env'))\n");
	file.write("\n");
	file.write("parser = argparse.ArgumentParser(description='Restore a Meraki online config from an offline file.')\n");
	file.write("parser.add_argument('orgName', help='The name of a Meraki organisation')\n");
	file.write("args = parser.parse_args()\n");
	file.write("\n");
	file.write("headers = {\n");
	file.write("\t'x-cisco-meraki-api-key': os.getenv('x_cisco_meraki_api_key'),\n");
	file.write("\t'Content-Type': 'application/json'\n");
	file.write("\t}\n");
	file.write("\n");
	file.write("session = requests.Session()\n")
	file.write("\n");
	file.write("def get_org_id(orgName):\n");
	file.write("\ttry:\n")
	file.write("\t\t# https://dashboard.meraki.com/api_docs#list-the-organizations-that-the-user-has-privileges-on\n")
	file.write("\t\tgeturl = 'https://api.meraki.com/api/v0/organizations'\n")
	file.write("\t\tdashboard = session.get(geturl, headers=headers)\n")
	file.write("\t\tdashboard.raise_for_status()\n")
	file.write("\texcept requests.exceptions.HTTPError as err:\n")
	file.write("\t\tprint(err)\n")
	file.write("\n")
	file.write("\tfor row in dashboard.json():\n");
	file.write("\t\tif row['name'] == orgName:\n");
	file.write("\t\t\treturn row['id']\n");
	file.write("\traise ValueError('The organization name does not exist')\n");
	file.write("\n");
	file.write("orgid=get_org_id(args.orgName)\n");
	file.write("\n");
	file.write("\n");

def write_admins(file,meraki, orgid):
	myOrgAdmins=meraki.admins.get_organization_admins(orgid)
	file.write("# Organisation Dashboard Administrators\n")
	file.write("# https://dashboard.meraki.com/api_docs#create-a-new-dashboard-administrator\n")
	file.write("posturl = 'https://api.meraki.com/api/v0/organizations/{0}/admins'.format(str(orgid))\n")
	for row in myOrgAdmins:
		file.write("dashboard = session.post(posturl, json="+repr(row)+", headers=headers)\n")
	file.write("\n")

def write_mx_l3_fw_rules(file,meraki,networkid):
	myRules=meraki.mx_l_3_firewall.get_network_l_3_firewall_rules(networkid)[0:-1]
	file.write("\t# MX L3 Firewall Rules\n")
	file.write("\t# https://api.meraki.com/api_docs#update-the-l3-firewall-rules-of-an-mx-network\n")
	file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/l3FirewallRules'.format(str(networkid))\n")
	file.write("\tdashboard = session.put(puturl, json="+str({"rules":myRules,"syslogDefaultRule":False})+", headers=headers)\n")
	file.write("\n")

def write_mx_vlans(file,meraki,networkid):
	vlanEnabled=meraki.vlans.get_network_vlans_enabled_state(networkid)

	file.write("\t# MX VLANs\n")
	file.write("\t# https://dashboard.meraki.com/api_docs#enable/disable-vlans-for-the-given-network\n")
	file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/vlansEnabledState'.format(str(networkid))\n")
	file.write("\tdashboard = session.put(puturl, json="+repr(vlanEnabled)+", headers=headers)\n")

	if vlanEnabled['enabled']:
		# VLANS are enabled
		myVLANS=meraki.vlans.get_network_vlans(networkid)

		file.write("\t# https://dashboard.meraki.com/api_docs#add-a-vlan\n")
		file.write("\tposturl = 'https://api.meraki.com/api/v0/networks/{0}/vlans'.format(str(networkid))\n")
		for row in myVLANS:
			file.write("\tdashboard = session.post(posturl, json="+repr(row)+", headers=headers)\n")
		file.write("\n")
	else:
		print("warning: MX VLANs disabled - wont be able to restore IP addressing");
		
def write_mx_cellular_fw_rules(file,meraki,networkid):
	myRules=meraki.mx_cellular_firewall.get_network_cellular_firewall_rules(networkid)[0:-1]
	file.write("\t# MX cellular firewall\n")
	file.write("\t# https://dashboard.meraki.com/api_docs#mx-cellular-firewall\n")
	file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/cellularFirewallRules'.format(str(networkid))\n")
	file.write("\tdashboard = session.put(puturl, json="+str({"rules":myRules,"syslogEnabled":False})+", headers=headers)\n")
	file.write("\n")

def write_mx_vpn_fw_rules(file,meraki,orgid):
	myRules=meraki.mx_vpn_firewall.get_organization_vpn_firewall_rules(orgid)[0:-1]
	file.write("# MX VPN firewall\n")
	file.write("# https://dashboard.meraki.com/api_docs#mx-vpn-firewall\n")
	file.write("puturl = 'https://api.meraki.com/api/v0/organizations/{0}/vpnFirewallRules'.format(str(orgid))\n")
	file.write("dashboard = session.put(puturl, json="+str({"rules":myRules,"syslogEnabled":True})+", headers=headers)\n")
	file.write("\n")

def write_vpn_settings(file,meraki,networkid):
	myVPN=meraki.networks.get_network_site_to_site_vpn(networkid)
	file.write("\t# Network - AutoVPN Settings\n")
	file.write("\t# https://dashboard.meraki.com/api_docs#update-the-site-to-site-vpn-settings-of-a-network\n")
	file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/siteToSiteVpn'.format(str(networkid))\n")
	file.write("\tdashboard = session.put(puturl, json="+str(myVPN)+", headers=headers)\n")
	file.write("\n")

def write_snmp_settings(file,meraki,orgid):
	mySNMP=meraki.snmp_settings.get_organization_snmp(orgid)
	if 'v2CommunityString' in mySNMP:
		del mySNMP['v2CommunityString']
	if 'hostname' in mySNMP:
		del mySNMP['hostname']
	if 'port' in mySNMP:
		del mySNMP['port']
	if mySNMP['v3AuthMode'] is None:
		del mySNMP['v3AuthMode']
	if mySNMP['v3PrivMode'] is None:
		del mySNMP['v3PrivMode']

	file.write("# SNMP Settings\n")
	file.write("# https://dashboard.meraki.com/api_docs#update-the-snmp-settings-for-an-organization\n")
	file.write("puturl = 'https://api.meraki.com/api/v0/organizations/{0}/snmp'.format(str(orgid))\n")
	file.write("try:\n")
	file.write("\tdashboard = session.put(puturl, json="+str(mySNMP)+", headers=headers)\n")
	file.write("\tdashboard.raise_for_status()\n")
	file.write("except requests.exceptions.HTTPError as err:\n")
	file.write("\tprint(err)\n")
	file.write("\n")

def write_non_meraki_vpn_peers(file,meraki,orgid):
	myPeers=meraki.organizations.get_organization_third_party_vpn_peers(orgid)
	file.write("# Non Meraki VPN Peers\n")
	file.write("# https://dashboard.meraki.com/api_docs#update-the-third-party-vpn-peers-for-an-organization\n")
	file.write("puturl = 'https://api.meraki.com/api/v0/organizations/{0}/thirdPartyVPNPeers'.format(str(orgid))\n")
	file.write("try:\n")
	file.write("\tdashboard = session.put(puturl, json="+str(myPeers)+", headers=headers)\n")
	file.write("\tdashboard.raise_for_status()\n")
	file.write("except requests.exceptions.HTTPError as err:\n")
	file.write("\tprint(err)\n")
	file.write("\n")

def write_ssid_settings(file,meraki,networkid):
	mySSIDs=meraki.ssids.get_network_ssids(networkid)
	if mySSIDs is None:
		return
	file.write("\t# SSIDs\n")
	file.write("\t# https://dashboard.meraki.com/api_docs#update-the-attributes-of-an-ssid\n")
	for row in mySSIDs:
		file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/ssids/"+str(row['number'])+"'.format(str(networkid))\n")
		if 'radiusServers' in row:
			print("warning: added dummy radius password for SSID "+row['name'])
			row['radiusServers'][0]['secret']='password'
		file.write("\tdashboard = session.put(puturl, json="+str(row)+", headers=headers)\n")

		myRules=meraki.mr_l_3_firewall.get_network_ssid_l_3_firewall_rules({'network_id':networkid, 'number':row['number']})[0:-2]
		file.write("\t# MR L3 firewall\n")
		file.write("\t# https://dashboard.meraki.com/api_docs#update-the-l3-firewall-rules-of-an-ssid-on-an-mr-network\n")
		file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/ssids/"+str(row['number'])+"/l3FirewallRules'.format(str(networkid))\n")
		file.write("\tdashboard = session.put(puturl, json="+str({"rules":myRules,"allowLanAccess":True})+", headers=headers)\n")
		file.write("\n")

def write_mydevices(file,meraki,networkid):
        mydevice=meraki.devices.get_network_devices(networkid)
        if mydevice is None:
                return
        file.write("\t# Devices\n")
        file.write("\t# https://developer.cisco.com/meraki/api/#/rest/api-endpoints/devices/update-network-device\n")
        for row in mydevice:
                file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}}/devices/claim.format(str(networkid))\n")
                file.write("\tdashboard = session.put(puturl, json="+str(row['serial'])+", headers=headers)\n")
                file.write("\tputurl = 'https://api.meraki.com/api/v0/networks/{0}/devices/"+str(row['serial'])+"'.format(str(networkid))\n")
                file.write("\tdashboard = session.put(puturl, json="+str(row)+", headers=headers)\n")
                if 'switchProfileId' in row:
                        switchports=meraki.switch_ports.get_device_switch_ports(row['serial'])
        for port in switchports:
                file.write("\tputurl = 'https://api.meraki.com/api/v0/devices/"+str(row['serial'])+"'/switchPorts/"+str(port['number'])+"'.f...")
                file.write("\tdashboard = session.put(puturl, json="+str(port)+", headers=headers)\n")
	

from dotenv import load_dotenv
load_dotenv()
load_dotenv(dotenv_path=os.path.join(os.path.expanduser("~"),".meraki.env"))

parser = argparse.ArgumentParser(description='Backup a Meraki config to an offline file.')
parser.add_argument('orgName', help='The name of a Meraki organisation')
args = parser.parse_args()

meraki = MerakiSdkClient(os.getenv("x_cisco_meraki_api_key"))
orgid = get_org_id(meraki,args.orgName)

with open('meraki-restore.py', 'w') as file:
	write_restore_header(file);

	file.write("# Edit script below this line to control what is #restored.\n");
	file.write("\n");

	file.flush()

	write_admins(file,meraki, orgid);
	write_mx_vpn_fw_rules(file,meraki,orgid)
	write_snmp_settings(file,meraki,orgid)
	write_non_meraki_vpn_peers(file,meraki,orgid)

	file.flush()
		
	myNetworks = meraki.networks.get_organization_networks({"organization_id": orgid})
	for row in myNetworks:
                if row['type'] == 'systems manager':
                        continue
                if row['tags'] is None:
                        del row['tags']

                status="Processing network "+row['name']
                print(status)
                file.write("# Add Network: "+row['name']+"\n")
                file.write("print('"+status+"')\n")

                file.write("try:\n")
                file.write("\t# https://dashboard.meraki.com/api_docs#create-a-network\n")
                file.write("\tposturl = 'https://api.meraki.com/api/v0/organizations/{0}/networks'.format(str(orgid))\n")
                file.write("\tdashboard = session.post(posturl, json="+repr(row)+", headers=headers)\n")
                file.write("\tdashboard.raise_for_status()\n")

                file.write("\tnetworkid=dashboard.json()['id']\n")
                file.write("\n")

                try:
                        write_mx_vlans(file,meraki, row['id'])
                except:
                        print("no mx VLAN")
                try:
                        write_mx_cellular_fw_rules(file,meraki,row['id'])
                except:
                        print("no mobile firewall rule")
                try:
                        write_mx_l3_fw_rules(file,meraki,row['id'])
                except:
                        print("no MX firewall rule")
                try:
                        write_vpn_settings(file,meraki,row['id'])
                except:
                        print("no VPN")
                try:
                        write_ssid_settings(file,meraki,row['id'])
                except:
                        print("no SSID")
                try:
                        write_qos(file,meraki,row['id'])
                except:
                        print("no QoS")
                try:
                        write_mydevices(file,meraki,row['id'])
                except:
                        print("no devices")

                file.write("except requests.exceptions.HTTPError as err:\n")
                file.write("\tprint('Can not add network "+row['name']+" - it probably already exists')\n")
                file.write("\n");
                file.flush()

 

PhilipDAth
Kind of a big deal

I've added the try/except blocks now @Fabian1 .  So that should stop the script aborting on more of the corner cases.

Hi,

 

Would you help us to know the native Meraki config rollback options in the dashboard? For instance, we have performed certain misconfiguration and we wanted to rollback to previous last known good configuration on date & time wise

 

Bruce
Kind of a big deal

There is no native rollback in the Meraki Dashboard. The closest option you have is to work backwards through the Change Log (Organization -> Change Log) to undo whatever changes were made.

Thanks for the swift reply.

We tried this option which doesn't help for all the situations. Recently one of our non-Meraki IPSec VPN config were disturbed wherein we couldn't make use this this feature as you suggested.

 

The change log doesn't have required parameters like Peer IP address and other non confidential things to refer back and re-configure...  Can you assist us how to overcome such situation

Nevermind.. I found the error of my ways.. 🙂

Hi Philip, 

I do the steps that you recommended in your link, but if I run the meraki.py xxxx"xxx", does nothing and gives no error also. Can you help please with this? 

PhilipDAth
Kind of a big deal

>I do the steps that you recommended in your link, but if I run the meraki.py xxxx"xxx", does nothing and gives no error also

 

It is unusual to get no output.  It sounds like fundamental is wrong in your environment.  Are you sure you have Python 3.x installed?  Are you able to run other Python scripts ok?

Thanks for the writeup and scripts provided @PhilipDAth this really helps fill a void that should already be present via a "backup config" button somewhere on the dashboard from Meraki out of the box. As user friendly the Meraki line is, one would think this simple option would be made available to satisfy backup config requests from auditors and such for financial institutions and others.

 

I completed the steps and successfully generated the restore file. The only warnings i received referenced MX VLANs disabled - wont be able to restore IP addressing. Does this mean if a restore is actually done, no ip addresses will be restored? Or can you elaborate on the warning message?

 

Also, to avoid overwriting networks, is all that is required to restore to a tentative backup network changing the name of the network referenced (in my case 4 times) to something else and a new network name will appear in the dashboard?

 

Thanks again!

PhilipDAth
Kind of a big deal

>The only warnings i received referenced MX VLANs disabled - wont be able to restore IP addressing. Does this mean if a restore is actually done, no ip addresses will be restored? 

 

Correct.  If you want to be able to restore interface IP addresses then you'll need to enable VLANs on the MX (even if you only have a single VLAN).

 

>Also, to avoid overwriting networks, is all that is required to restore to a tentative backup network changing the name of the network referenced

 

Correct.  That is what I do.  The other option is to delete the bits you don't want to be restored.

Hi @PhilipDAth, trying to run your python script to backup a MS225 and get the follwoing error below, any ideas you can assist me with?

 

LT-APL0062603:~ markibrahim$ python3 meraki-backup.py "Healthcare Network of SW FL"

Traceback (most recent call last):

  File "meraki-backup.py", line 27, in <module>

    from meraki_sdk.meraki_sdk_client import MerakiSdkClient

ModuleNotFoundError: No module named 'meraki_sdk'

Was your pip install meraki-sdk command succesful?

@BrechtSchamp  once I installed "pip install meraki-sdk==1.5.0" it worked.

Hi!

 

I running Python 3.7.3 and have installed meraki sdk 1.5.

 

When I try to run the backup script I get:

Traceback (most recent call last):
File "meraki-backup.py", line 27, in <module>
from meraki_sdk.meraki_sdk_client import MerakiSdkClient
ModuleNotFoundError: No module named 'meraki_sdk'

 

Any Idea? 

PhilipDAth
Kind of a big deal

It means the Meraki SDK is not install.  So something must have gone wrong during that install process.

installed with success. i have also did pip uninstall and install again
BrechtSchamp
Kind of a big deal

What's the output if you execute the following function from within python:

 help("modules")

 

Hi Phillip,

 

I'm facing this issue when starting the script:

 

----------------python3 meraki-backup.py "My Network"

Traceback (most recent call last):
File "meraki-backup.py", line 209, in <module>
orgid=get_org_id(meraki,args.orgName)
File "meraki-backup.py", line 33, in get_org_id
result = meraki.organizations.get_organizations()
File "/usr/local/lib/python3.6/dist-packages/meraki_sdk/controllers/organizations_controller.py", line 50, in get_organizations
self.validate_response(_context)
File "/usr/local/lib/python3.6/dist-packages/meraki_sdk/controllers/base_controller.py", line 94, in validate_response
raise APIException('HTTP response not OK.', context)
meraki_sdk.exceptions.api_exception.APIException: HTTP response not OK.
PhilipDAth
Kind of a big deal

HI @Alex07 .

 

I'm not sure what is causing that.  Perhaps try update your modules:

pip install -U requests
pip install -U meraki-sdk
pip install -U python-dotenv

 

Double-check your API key is correct.