Meraki Community

Christianjosias · ‎Jul 6 2023

Hi

I want to convert Cisco Catalyst 9300 to Meraki management.

But i get this error when i try to do: service meraki register

Switch#service meraki register

Starting to register switch 1

Converting catalyst.meraki.com to 209.206.49.184

Successfully connect to Meraki Dashboard

resp_msg len: 439

Error: Received failed respose from Meraki Dashboard!!!

(Message Response: HTTP/1.1 400 Bad Request

title 400 No required SSL certificate was sent /title

Failed to register switch 1

And i can ping: dashboard.meraki.com

Switch(config)#do ping dashboard.meraki.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.206.49.184, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/160/162 ms

KR Christian Josiassen

alemabrahao · ‎Jul 6 2023

I think you cannot manage it yet, just monitor.

https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Christianjosias · ‎Jul 6 2023

Hi

You can manage it.

https://www.youtube.com/watch?v=6rtN32atB2Y

https://documentation.meraki.com/MS/Deployment_Guides/Getting_started%3A_Cisco_Catalyst_9300_with_Me...

KR Christian Josiassen

GIdenJoe · ‎Jul 6 2023

The error says the meraki dashboard did not provide a certificate for your TLS session.
I guess this is a case for support!

Please let us know how that went!

Christianjosias · ‎Jul 7 2023

Hi GldenJoe

I have a case with Meraki, but the supporter just said that the Development Engineering team is looking on it, it has been 3 weeks now.

KR Christian Josiassen

cmr · ‎Jul 6 2023

@Christianjosias what firmware are the 9300s running?

Brash · ‎Jul 6 2023

The certificate error seems like an odd one.

Double check your pre-requisites (firmware version etc).

I'd also check if the upstream firewall is performing SSL inspection/proxy services. If it is, disable it for that rule:

HTTPS proxy servers that modify the certificate in transit are not currently supported

PhilipDAth · ‎Jul 6 2023

Is it running a support version of IOS-XE? If not - it doesn't work. Try using 17.9.3 or better.

IMHO, you should consider "management" a beta feature at this stage. It is much safer to just use Meraki to perform the monitoring.

Christianjosias · ‎Jul 7 2023

Hi

I know it's a pretty new feature, but i want to try it.

It's running IOS-XE 17.11.1:

Switch#sh meraki compatibility

===========================================================================================

Compatibility Check Status

-------------------------------------------------------------------------------------------

Boot Mode INSTALL - Compatible

----------------------------------------------------------------------------------------------

Switch# SKU Bootloader Version Network Modules

----------------------------------------------------------------------------------------------

1 C9300-48P - Compatible 17.11.1r[FC1] - Compatible C9300-NM-8X - Compatible

----------------------------------------------------------------------------------------------------------------------

Compatible SKUs: C9300-24P, C9300-24T, C9300-24U, C9300-24UX, C9300-48P, C9300-48T, C9300-48U, C9300-48UN, C9300-48UXM

Compatible NMs : C3850-NM-2-40G, C3850-NM-4-10G, C3850-NM-8-10G, C9300-NM-2Q, C9300-NM-8X, MA-MOD-2X40G, MA-MOD-4X10G,

MA-MOD-8X10G

----------------------------------------------------------------------------------------------------------------------

I have also factory reseted it and now i get this error when i try to register it:

Switch#service meraki register

% Health Check Warning: Uptime is less than 15 minutes.

% Are you sure you want to continue? [no]: yes

Starting to register switch 1

ip http client source-interface is not configured

Failed to register switch 1

KR Christian Josiassen

GIdenJoe · ‎Jul 7 2023

Because you can have multiple IP interfaces on a switch you have to tell it what interface to use to reach for an http service. So if you have a vlan interface that is meant to reach the internet you can add it as your ip http client source-interface by using the command that is in the error message.

Let's say you are using vlan 20 as your management interface to reach the internet.

interface vlan 20
no shutdown
ip address 10.1.0.20 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip name-server 8.8.8.8
ip http client source-interface vlan 20

Edit: this example is using a fixed address, however a dhcp pool should also be available on that subnet so when the switch fact defaults it can actually reach dashboard again.

Christianjosias · ‎Jul 31 2023

Hi

Sorry for the late reply, it's because i've been on vacation.

I have set the ip http client source-interface now, and then i get this error:

Switch#service meraki register

Starting to register switch 1

Converting catalyst.meraki.com to 209.206.49.184

Successfully connect to Meraki Dashboard

resp_msg len: 439

Error: Received failed respose from Meraki Dashboard!!!

(Message Response: HTTP/1.1 400 Bad Request

title>400 No required SSL certificate was sent</title

Failed to register switch 1

KR Christian Josiassen

TejS · ‎Jan 9 2024

We have Same issue. after upgrading to 17.12.91 (cat9k_iosxe.17.12.01.SPA.bin) it's working as expected.

Meraki Community

Cisco Catalyst 9300 convert to Meraki management

Cisco Catalyst 9300 convert to Meraki management