Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Guillaume6hat
Guillaume6hat
Here to help
Member since Mar 5, 2019
Monday
Community Record
18
Posts
21
Kudos
0
Solutions
Badges
Jan 22 2024
1:37 AM
Hello. I received the same email. I tried to look for any v0 call in my code, but nothing. Then I used the API call "getOrganizationApiRequests" , with option version = 0, to check any usage with this version. Surprisingly, I have a lot ! But it seems it's a mistake : {
"adminId": "xxxxxxxxxxxx",
"method": "GET",
"host": "nxxx.meraki.com",
"path": "/api/v1/organizations/xxxxxx/appliance/trafficShaping/vpnExclusions/byNetwork",
"queryString": "perPage=1000&startingAfter=xxxxxxxxx",
"userAgent": "python-requests/2.31.0",
"ts": "2024-01-22T01:44:45.110913Z",
"responseCode": 200,
"sourceIp": "xx.xx.xx.xx",
"version": 0,
"operationId": "getOrganizationApplianceTrafficShapingVpnExclusionsByNetwork"
} Apparently, every "getOrganizationApplianceTrafficShapingVpnExclusionsByNetwork" call is categorized as version 0, even if in the path we clearly see it's v1. I'm wondering if there are other calls impacted, and maybe Meraki checks for each Org if there is any v0 call the same way, and as there are some wrong categorization, that's why we receive these emails ?
... View more
Jan 8 2024
11:32 PM
Hello, We already use action batches when possible, and also, we monitor API usage vs response codes, we have reports for this. This is what allowed us to found out that we needed to optimize and limit unnecessary calls. Again, today, it seems ok, and doing these 1000+ calls is not a problem, but if we just thought "Ok, limit rate is high, we will not face any issue", we would definitely face many issues by now, this is why we prefer to optimize every usage. And even if there would be a "no limit rate", I think it's always better to optimize when possible. If I can do 1 call instead of 1000+, that's easier to code, faster (for the user), less CPU time on both sides (Green IT and scalability), etc. Better for everyone 🙂 Anyone on Meraki side to check feasability to return full firmware version info in the Org Wide API call ?
... View more
Jan 8 2024
12:24 AM
Problem is that this is only one org, as this is for SDWAN, so it could impact the rate limit 😕 When I told about teams all around the world, it was to mention that all day long there are home made tools used with API calls, and so it's better to limit when possible. Right now, we can use your AsyncIO solution, but yes, a single org wide call would be way better. If for each need we have to do that amount of calls, we definitely will face issues. And on top of that, I think it's better when returning the firmware to give the exact version instead of just the main version, everyone gets what needed, full version, or main version by splitting. Thank you
... View more
Jan 5 2024
7:13 AM
Thank you for your quick reply. That works great, we got everything in 2:30min way less than before ! 😍 But that is still more than 1000 calls, where it could be 1 or 2 with paging if info was directly available 😅. I try my best to avoid unecessary calls, as we have automation everywhere and teams all around the world, this can have impact if multiple people want to deploy something at the same time with APIs. For now, I'll use your method, thank you again, but that would be great if on Meraki side there was a possibility to get this information in the Organization Devices endpoint.
... View more
Jan 5 2024
1:12 AM
Hello team, I want to improve compliance on my networks, and so, I want to check firmware versions configured on devices/networks. I found the Organization call : https://developer.cisco.com/meraki/api-v1/get-organization-devices/ , with it, I can get all devices information, with firmware, except that firmware info is not complete. It only returns the "main version", not patches. Example : On a MX network configured with 18.107.4, I get : "firmware": "wired-18-1-07", As I want to check the exact version, and validate it upgrades are necessary, this is not what I need. I found that I can get the correct information with the call : https://developer.cisco.com/meraki/api-v1/get-network-firmware-upgrades/ . This time I get the correct info : "currentVersion": { "id": "2591", "firmware": "wired-18-1-07", "releaseType": "stable", "releaseDate": "2023-08-09T00:34:30Z", "shortName": "MX 18.107.4" } Firmware value is the same, the "main version", but with id or shortName, I get what I want. Problem is that this is at network level, and so, I need to do one call per network. With more than 1000 networks, this takes a long time. Is there any other option ? Is it possible to have the exact version information in the Organization Devices call ? Thank you
... View more
Nov 29 2023
1:56 AM
Hello @John_on_API , I have some doubts regarding some options, not sure to understand correctly. I have a list of actions, that I then split in different batches per network. For example, per network : Create Vlan Change DHCP option Activate VPN I want : - each batch to run as asynchonous, because each action depends on the previous one, and if there is an error, it must be canceled. - batches to run all at the same time, to make it faster, as there are not dependant on each other. I use : batch_helper.BatchHelper(dashboard, orgID, batch_action_list,actions_per_new_batch=3,synchronous_new_batches=True) linear_new_batches is set to False by default, so batches should run at the same time ? confirmed_new_batches is set to True by default. It means that as soon as the batch is submitted, it is started, right ? If I set to False, it will instead wait for all my batches to be submitted to start them ? With the limit of 5, better to let it to True I guess. Is it right ? Thank you for your time
... View more
Aug 9 2023
1:22 AM
1 Kudo
Hi @John_on_API This was really helpful to make everything faster. To explain the initial need, we have a tool, working with API, to do Third Party VPN Reset. As this is not available through the dashboard (well, just a button would work, but... still nothing), and not available through APIs, we do some basic thing such as : remove the VPN tag from the network, wait 60 seconds for the change to be pushed on the device, and then add the VPN tag back. This works, and is in place for some years now. Lately, we had some issues with the VPN partner, and we, sometimes, have to do a reset on multiple sites. So we needed a massive VPN Reset. First, I wanted to do the classic VPN reset, site by site, but it would have took the time to send an API call for each site, then wait 60 seconds, and then send again an API call for each site. Meaning, if we want to do it on 200 or 300 sites, it would take way longer than 60 seconds, and having a true impact on sites. Then, I remembered the idea of action batches, but then, I realized using it was not that hard, but that I would need to split in multiple action batches, manage them, get the responses... because there could be more than 100 actions. With the helper, well, I just had to create my list of actions, create the helper, prepare and execute, and voila 🙂 Next step, I want to simplify the DRP, making it way faster. Having it integrated would mean that it would be maintened, documented on the meraki.io page, also, no need to add another package, and I would be sure to be at the last version. Thank you
... View more
Aug 1 2023
6:38 AM
3 Kudos
Great work, thank you ! I was interested in action batches, but at large scale, and it would have needed a lot of work to manage this on our side. This is exactly what I wanted, and after a few tests, it seems to work as expected, and really simple. Any update during the last 2 years ? Any plan to include in the python SDK ? Thank you again
... View more
Feb 14 2022
12:11 AM
You're right. That is also not perfect 😅 If there could be an option on the dashboard to have an exact match as well, like putting in double quotes for example, that would be awesome.
... View more
Feb 11 2022
7:36 AM
2 Kudos
Hello, I discovered (while having an issue), that the result of Filtering was not what I wanted. I wanted to get all networks having the tag "MYTAG" So, I used https://developer.cisco.com/meraki/api-v1/#!get-organization-networks , using the tags filter, it worked like a charm. Then one day, I realized I had more networks than expected. Indeed, it also contained sites with the tag MYTAG-NEW. It was for future migrations, so bad surprise. It seems the check on tags is done with "contains". Should not the call return only exact tag match, with a full string compare ? Maybe add an option, like for tagsFilterType : tagsFilterMethod, could be "exactMatch" or "contains". Or by default to be exact match, and using a '*' char if we want to match something else. Thank you
... View more
Jun 19 2020
1:25 AM
1 Kudo
I needed to test third party VPN to DataCenter ASA from a MX remote site, as workaround solution. As the encryption domain for 3rd Party VPN was the same as the MX in DC, I was stuck, it was not possible to do it on the same organization without impacting all sites. Another idea came to me. I had a MX cluster for tests purpose, with MS behind, and a computer. But as it was the Covid lockdown, I was not able to do any change physically. I first disabled and changed the Vlan Id on the Switches for ports connected to the MX2, then removed MX2 from network and unclaimed it from Prod Organization. Then claimed it and added it on another network, in a Preprod Organization. MX2 came back up in seconds, with new config, new subnet, and configured 3rd party VPN was UP. I was then able to change the switch port connected to my remote computer to the new Vlan Id, and activate the MX2 LAN ports. I found the DHCP IP of the computer in the Dashboard, and I did all the tests I wanted with VNC. As tests were successful, I then switched back to the normal state, disabled LAN ports and changed Vlan Id, removed and unclaimed MX2 on Preprod Organization, claimed it on Prod Organization, added as Warm Spare, activated LAN ports, switched back Vlan Id for the computer. Again, my cluster was 100% functional in a few seconds. From a MX Cluster, to 2 differents MX, in different networks, in different Organizations, testing on a computer, and then back to a MX Cluster, without any physical intervention, that was awesome ! 😁
... View more
Jun 10 2020
2:29 AM
1 Kudo
This is strange, I downloaded it yesterday, and no sign of MG icon. Just checked again in the zip, nothing. I just downloaded it again, and now it's ok. Well, thank you, I now have what I need 🙂
... View more
Jun 10 2020
1:12 AM
Hi Community ! I found this set of icons : https://meraki.cisco.com/blog/2018/12/our-topology-icons-speak-volumes/ This is really nice to do some Meraki style schemes, but it's missing the MG icon. Is there an updated set ? Is it possible to get this missing icon somewhere ? That would allow me to have all the Meraki devices with the same type of icons. Thank you
... View more
May 14 2020
5:28 AM
I'm in ! I'm folding as: gsauvage6hat
... View more
Dec 18 2019
3:16 PM
1 Kudo
You can create empty networks 😉 Just create one, and then you can assign tags. I met a limit, if I remember correctly, this is 256 char limit, for all tags on a network. Then I created a second fake site for tags
... View more
Dec 18 2019
1:44 PM
Hi I had the same issue, you have to assign the tag before to a network. As a workaround I created a network : Z_FakeSite_For_Tags, on which I added all tags I needed. It should help you I think. Don’t hesitate if you need more details
... View more
Apr 26 2019
2:42 AM
Hi, I saw that errors 2 and 3 were corrected on the online documentation, good to see it's useful to participate 🙂 There is still the line 12 regarding WAN1. It should be "==" not "!=" , otherwise it will skip all WAN1 checks and only check WAN2, if existing. -> if network['ip'] != '8.8.8.8' and network['uplink']=="wan1": It could also be done directly in the API URL, line 4 : url = 'https://api.meraki.com/api/v0/organizations/<org_ID>/uplinksLossAndLatency?uplink=wan1
... View more
Apr 15 2019
6:34 AM
12 Kudos
Hi all ! Sharing experience with community regarding a specific case ! We needed a failover solution for Zscaler VPN tunnel, in case of connectivity issue on primary Zscaler node. Meraki provided this solution, based on Tags : https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover At first, it was a little difficult to understand, but then I realized there was some errors in the documentation. I may be wrong, but here is what I think : Line 12 : uplink must be equal to wan 1, not different. We'll see later, but for that, we can also specify it in the URL requested. Line 26 : There are brackets missing for print function : print("Need to change VPN, recent loss - "+str(iteration['lossPercent'])) In the site to site configuration screenshot, both tags must be Up. The script change tags on Networks, Always one UP and one DOWN, not on VPN tunnels. If one is UP and the other is DOWN, the network will match both, it will not work. That was very useful, and provided a quick solution. But then, I had a lot of limitations with this script, so I enhanced it : There can only be those tags on network, in positions 1 and 2. When a Swap occurs, all other tags are lost. I used an array to keep all tags except Zscaler related, to add them again after. In HA, the two devices are processed. So in the event of a slight difference between metrics, we could have issues. I had this case : Issue on Primary Zen, so Swapped to Backup Zen. After 5minutes, all results for member 1 are ok, so it swapped back to Primary, and then, going through member 2, which still has a metric above the threshold, which resulted in a Swap again to Backup Zen. Example, loss results returned by API : Member1 : Loss = 29 (Below threshold, Swap back to Primary) Loss=0 Loss=0 Loss=0 Member2 : Loss = 31 (Above Thresholh, Swap again to Backup) Loss=0 Loss=0 Loss=0 Solved by keeping the last Network processed in a variable, and to skip if it is the same. -> I didn't found a solution to get "Master/Slave" status with API, so I could check only the Master. Is it possible ? It only skips if monitored IP is 8.8.8.8. Added an array with IPs we want to skip. Could also do the opposite, by specifying Monitored IP in a ipToInclude for example. Added "Latency" metric check in addition of "Packet Loss" Added a ZEN_Forced tag part, to have the possibility to force a ZEN in the dashboard. In case this tag is added, the script will skip the checks for this network. One of the most problematic part was that this script needed to run permanently, and in case of issue, we would lose the "Network Down" information, and then, after another run, there would be no Swap back to Primary. I added a "ZEN_Swapped" tag, to keep information. Script can then be run on one time basis by removing the While loop and sleep. I'm sure it's not perfect, and needs more improvements, but if it can help someone... 🙂 It could be good also to update the Meraki Documentation with corrections, and why not some of these changes to the code. Regards, import requests, json, time
api_key = ''
org_id = ''
#Specify monitored IPs to exclude from the script, typicaly all non Zscaler IPs you monitor
ipToExclude = ['8.8.8.8','8.8.4.4','208.67.220.220','208.67.222.222']
url = 'https://api.meraki.com/api/v0/organizations/'+org_id+'/uplinksLossAndLatency?uplink=wan1'
header = {"X-Cisco-Meraki-API-Key": api_key, "Content-Type": "application/json"}
previousNetwork = ""
while True:
response = requests.get(url,headers=header)
for network in response.json():
tagsAfter = [] #Array with final tags
tagsString = "" #String with final tags
if network['ip'] not in ipToExclude and network['networkId'] != previousNetwork:
skipNetwork = False
network_info = requests.get("https://api.meraki.com/api/v0/networks/"+network['networkId'], headers=header)
print("-------------------------------------")
print("Network Name : "+network_info.json()['name'])
print("Network Id : "+network['networkId'])
print("Device Serial : "+network['serial'])
print("Monitored IP : "+network['ip'])
loss=False
tagsBefore = network_info.json()['tags'].split(' ')
swapped = False
#We get all tags of Network, and specificaly Primary and Backup ZENs. If there is a ZEN_Forced tag, we stop
for tag in tagsBefore:
if "ZEN_Forced" in tag:
skipNetwork = True
if "ZEN_Primary" in tag:
primary = tag
print("Primary ZEN : " + primary)
elif "ZEN_Backup" in tag:
backup = tag
print("Backup ZEN : " + backup)
elif tag == "ZEN_Swapped":
swapped = True
else:
tagsAfter.append(tag)
if skipNetwork:
print("ZEN Forced, skip network")
break
#We then check connectivity Health, and if conditions are not met, we Swap Backup and Primary, and add a ZEN_Swapped tag
for iteration in network['timeSeries']:
if iteration['lossPercent'] >= 30 or iteration['latencyMs'] >= 100:
loss=True
if swapped == True:
print("VPN already swapped")
break
else:
print("Need to change VPN, recent loss - "+str(iteration['lossPercent'])+"% - "+str(iteration['latencyMs'])+"ms")
tagsAfter.append(primary.split("_Up")[0]+"_Down")
tagsAfter.append(backup.split("_Down")[0]+"_Up")
tagsAfter.append("ZEN_Swapped")
for tag in tagsAfter:
tagsString+= tag + " "
print("New List of Tags : "+tagsString)
payload = {'tags': tagsString.strip()}
new_network_info = requests.put("https://api.meraki.com/api/v0/networks/"+network['networkId'], data=json.dumps(payload), headers=header)
break
#If connectivity Health is back to normal on Primary we swap back
if loss==False and swapped == True:
print("Primary VPN healthy again..Swapping back")
tagsAfter.append(primary.split("_Down")[0]+"_Up")
tagsAfter.append(backup.split("_Up")[0]+"_Down")
for tag in tagsAfter:
tagsString+= tag + " "
print("New List of Tags : "+tagsString)
payload = {'tags': tagsString.strip()}
new_network_info = requests.put("https://api.meraki.com/api/v0/networks/"+network['networkId'], data=json.dumps(payload), headers=header)
previousNetwork = network['networkId']
print("Sleeping for 30s...")
print("#####################################")
print("#####################################")
time.sleep(30)
... View more
Labels:
- Labels:
-
Code Sample
-
Dashboard API
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 12 | 9420 | |
| 3 | 3414 | |
| 2 | 1371 | |
| 1 | 3310 | |
| 1 | 12280 |
© 2024 Cisco Systems, Inc.
