Meraki MX device scheduled, delayed, and timed factory reset and reboot feature

MerakiJockey505
Building a reputation

Meraki MX device scheduled, delayed, and timed factory reset and reboot feature

On several different occasions my team has had to remotely cutover sites utilizing on-site help and we are usually limited by the availability of physical bodies in the room make configuration changes.  It would be great to have the ability to set a timed or delayed factory reset reboot on our security devices in the event that we make an error in configuration and lose access to the device.  Has anyone else had this or a smiliar issue?

5 REPLIES 5
MRCUR
Kind of a big deal

Are you thinking of changes that would cut off the device's Internet connectivity? Typically the devices won't actually apply the new config unless it successfully gets out to the Internet with the updated settings (although it may just be doing a simple ARP check which wouldn't necessarily indicate Dashboard connectivity). 

MRCUR | CMNO #12
BHC_RESORTS
Head in the Cloud


@MRCUR wrote:

Are you thinking of changes that would cut of the device's Internet connectivity? Typically the devices won't actually apply the new config unless it successfully gets out to the Internet with the updated settings (although it may just be doing a simple ARP check which wouldn't necessarily indicate Dashboard connectivity). 


I too am curious about the use case here. The only config change, like you mentioned, that I could see being a problem would be the WAN connection(s). I'm not sure a watchdog timer or something similar would be a good idea - if you had an outage, it might get stuck rebooting a million times thinking it was "offline".

 

You could always ship devices with 4G USB, for out of band management. Or, if you have another method for out of band management, use the management port.

BHC Resorts IT Department

@MRCUR I am aware of Meraki's "self healing" abilities, however in practice I have had issues as @BHC_RESORTS mentioned where the device either gets stuck trying to phone home to the cloud whereas the previous configuration stayed connection.  Something like a watchdog timer absolutely would work.  I think having the option or even a service that could be toggled that would allow the user to shut off the "self healing" ability would be a step towards a fail safe remote configuration solution.   Using proper OSPF settings and port controls can do things like keep switches online in the event of a configuration change taking the device offline, however the MX devices don't really have a way, remotely, to revert configuration effectively in the event that a power cycle option is not available. 

Almost all of the Meraki sites I support have 0 IT staff.  1 big factory in that choice is we are able to ship Meraki gear direct to the site and configure it will very little help from on site staff. 

 

I would find the ability to remotely factory reset the devices very useful, if it could be put on a timer that would be even better. 

 

 

I would also like to see something similar to the "reload in" command which is seen on cisco devices. I would prefer to see this as "confirm in", my thoughts are that you would set the timer then make your configuration changes. If you dont confrim those changes within the timer window you set the Meraki device would roll that configuration change back out. I think this would be an extremly helpfel feature across the Meraki platform. 

 

@bholmes12, I really like the idea of a "confirm in."  I get that Meraki tries to do something similar in their self heal, but having a timed window to confirm changes is an excellent idea!  I can think of several instances where remote decisions were made hastily and configurations went in incorrect or erroneous.  Having that window would all even the most hesitant of operators some room for patience and adjustment.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels