Meraki

Community

Cisco Catalyst 9300 convert to Meraki management

Christianjosias
Here to help
‎Jul 6 2023 4:04 AM
‎Jul 6 2023 4:04 AM

Cisco Catalyst 9300 convert to Meraki management

Hi

 

I want to convert Cisco Catalyst 9300 to Meraki management.

 

But i get this error when i try to do: service meraki register

 

Switch#service meraki register

Starting to register switch 1

Converting catalyst.meraki.com to 209.206.49.184

Successfully connect to Meraki Dashboard

resp_msg len: 439

Error: Received failed respose from Meraki Dashboard!!!

(Message Response: HTTP/1.1 400 Bad Request

title 400 No required SSL certificate was sent /title

Failed to register switch 1

 

And i can ping: dashboard.meraki.com

 

Switch(config)#do ping dashboard.meraki.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.206.49.184, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/160/162 ms

 

 

KR Christian Josiassen

Labels:
0 Kudos
11 Replies 11
alemabrahao
Kind of a big deal
‎Jul 6 2023 6:55 AM
‎Jul 6 2023 6:55 AM

I think you cannot manage it yet, just monitor.

 

https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_for_Catal...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Christianjosias
Here to help
‎Jul 6 2023 7:01 AM
‎Jul 6 2023 7:01 AM

Hi

 

You can manage it.

 

https://www.youtube.com/watch?v=6rtN32atB2Y

 

https://documentation.meraki.com/MS/Deployment_Guides/Getting_started%3A_Cisco_Catalyst_9300_with_Me...

 

KR Christian Josiassen

GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 6 2023 9:52 AM
‎Jul 6 2023 9:52 AM

The error says the meraki dashboard did not provide a certificate for your TLS session.
I guess this is a case for support!

 

Please let us know how that went!

In response to GIdenJoe
Christianjosias
Here to help
‎Jul 7 2023 1:07 AM
‎Jul 7 2023 1:07 AM

Hi GldenJoe

 

I have a case with Meraki, but the supporter just said that the Development Engineering team is looking on it, it has been 3 weeks now.

 

KR Christian Josiassen

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Jul 6 2023 12:14 PM
‎Jul 6 2023 12:14 PM

@Christianjosias what firmware are the 9300s running?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Jul 6 2023 4:57 PM
‎Jul 6 2023 4:57 PM

The certificate error seems like an odd one.

Double check your pre-requisites (firmware version etc).

I'd also check if the upstream firewall is performing SSL inspection/proxy services. If it is, disable it for that rule:

 

  • HTTPS proxy servers that modify the certificate in transit are not currently supported

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 6 2023 5:26 PM
‎Jul 6 2023 5:26 PM

Is it running a support version of IOS-XE?  If not - it doesn't work.  Try using 17.9.3 or better.

 

IMHO, you should consider "management" a beta feature at this stage.  It is much safer to just use Meraki to perform the monitoring.

0 Kudos
Christianjosias
Here to help
‎Jul 7 2023 12:49 AM
‎Jul 7 2023 12:49 AM

Hi

 

I know it's a pretty new feature, but i want to try it.

 

It's running IOS-XE 17.11.1:

 

Switch#sh meraki compatibility

===========================================================================================

Compatibility Check     Status

-------------------------------------------------------------------------------------------

Boot Mode               INSTALL  - Compatible

----------------------------------------------------------------------------------------------

Switch#  SKU                                Bootloader Version              Network Modules

----------------------------------------------------------------------------------------------

1        C9300-48P          - Compatible    17.11.1r[FC1]   - Compatible    C9300-NM-8X    - Compatible 

----------------------------------------------------------------------------------------------------------------------

Compatible SKUs: C9300-24P, C9300-24T, C9300-24U, C9300-24UX, C9300-48P, C9300-48T, C9300-48U, C9300-48UN, C9300-48UXM

Compatible NMs : C3850-NM-2-40G, C3850-NM-4-10G, C3850-NM-8-10G, C9300-NM-2Q, C9300-NM-8X, MA-MOD-2X40G, MA-MOD-4X10G,

                 MA-MOD-8X10G

----------------------------------------------------------------------------------------------------------------------

 

I have also factory reseted it and now i get this error when i try to register it:

 

Switch#service meraki register

% Health Check Warning: Uptime is less than 15 minutes.

% Are you sure you want to continue? [no]: yes

Starting to register switch 1

ip http client source-interface is not configured

Failed to register switch 1

 

KR Christian Josiassen

In response to Christianjosias
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 7 2023 9:21 AM
‎Jul 7 2023 9:21 AM

Because you can have multiple IP interfaces on a switch you have to tell it what interface to use to reach for an http service.  So if you have a vlan interface that is meant to reach the internet you can add it as your ip http client source-interface by using the command that is in the error message.

Let's say you are using vlan 20 as your management interface to reach the internet.

interface vlan 20
 no shutdown
 ip address 10.1.0.20 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip name-server 8.8.8.8
ip http client source-interface vlan 20

Edit: this example is using a fixed address, however a dhcp pool should also be available on that subnet so when the switch fact defaults it can actually reach dashboard again.

In response to GIdenJoe
Christianjosias
Here to help
‎Jul 31 2023 11:37 PM
‎Jul 31 2023 11:37 PM

Hi

 

Sorry for the late reply, it's because i've been on vacation.

 

I have set the ip http client source-interface now, and then i get this error:

 

Switch#service meraki register

Starting to register switch 1

Converting catalyst.meraki.com to 209.206.49.184

Successfully connect to Meraki Dashboard

resp_msg len: 439

Error: Received failed respose from Meraki Dashboard!!!

(Message Response: HTTP/1.1 400 Bad Request

title>400 No required SSL certificate was sent</title

Failed to register switch 1

 

KR Christian Josiassen

0 Kudos
In response to Christianjosias
TejS
Conversationalist
‎Jan 9 2024 11:41 AM
‎Jan 9 2024 11:41 AM

We have Same issue. after upgrading to 17.12.91 (cat9k_iosxe.17.12.01.SPA.bin) it's working as expected. 

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.