Hi,
I was just wondering if we onboarded our cisco catalyst switches to Meraki dashboard are we still able to access it thru SSH? Will it be still authenticate thru our ISE Radius? Given that the switch will be on Monitor only.
Thank you
With the actual monitor option, the way you manage the device will not change. If later the Management-option on the Dashboard comes available, all these ways go away and there will be no SSH or local GUI.
Hi,I was just finished onboarding our test switch now, and I can't connect thru SSH I am getting authorization failed. Would it be the added config override the previous SSH authentication config?
This page has the config that will be pushed to your switch:
https://documentation.meraki.com/Cloud_Monitoring_for_Catalyst/Onboarding/Cloud_Monitoring_Detailed_...
If necessary try to connect to the switch with a console cable and try to see if you configured your method lists correctly. Since the meraki tool does apply aaa method lists, make sure you have default method lists for your initial vty lines. And of course a user of your own and the enable secret.
All of my previous config are still intact, but the thing is since meraki added additional aaa config it might been conflict with my existing and now i cant access the switch thru SSH. I was able to login thru the console using a local account, but i was authenticated thru ISE so im a bit confused how the aaa process now with meraki in it.
Works definitively with ssh when you chose the monitoring only option for the Meraki dashboard. Otherwise you weren´t able to do any changes on your switch. With the Meraki onboarding tool it´s an easy and guided way to put Catalysts (new Catalysts 9200...) into the Meraki dashboard.
Looks then like this:
Managing via ssh.
We've recently added our core switches into Meraki dashboard (monitor only) via the onbording tool and now can't ssh to them. The authentication is still seen and auth'd by ISE but we get % Authorization failed then disconnected.
Hmm, you'll have to check if your method lists (specifically aaa authorization method lists are still matching).
So check if you still have
aaa authorization exec default group <ISE-group>
yes that worked only just managed to check as in the office so could console on