Assuming its the same fields you want every time, here's a simple way to do it: response = dashboard.switch.getDeviceSwitchPort('####-####-####',1) attribs = ['portId','name','tags','enabled','poeEnabled','type','vlan'] for _key, _value in response.items(): if _key in attribs: print('{}: {}'.format(_key,_value)) would give you this portId: 1 name: None tags: [] enabled: True poeEnabled: True type: trunk vlan: 1
... View more
It is also spelled out in Meraki's documentation. Yes Meraki is meant to be "simple"(ish) but this is still business-grade networking, and I don't really buy that one extra dot of documentation is making their firmware upgrades unusable, it is just a benefit to certain people and meaningless to others.
... View more
This isn't just a developer thing though, and they don't make it more complex as long as you know what the four columns in the spec mean. I would argue it actually makes it simpler, because now at a glance you can see more than just that it went up a number, which number went up has much more significance and tells you at an immediate glance what to expect. In this case I see a dot hotfix and that tells me based on semantic versioning that the only change they've made is probably this exact bugfix, so I have a lot more confidence that I can safely try to apply it right away, whereas I would be much more wary of a patch with the usual dot increments that Meraki would use because it could contain other code that we don't know about and needs testing...such as 18.2.210 -> 211 somehow breaking all inter-VLAN traffic with a QOS rule.
... View more
They did the right thing using that extra digit here like they should be doing because that's how you use the Semantic Versioning specification, we should be encouraging them to do that more often because it makes the version numbers more meaningful and and tells you (in theory) how much or little has changed and what kind of changes were made from the version number, which is very helpful for testing and phased deployment.
... View more
Mobile device fingerprinting is difficult for any platform, because it relies on how the mobile device works and in the case of some vendors like Apple they are often taking steps to prevent this sort of fingerprinting because it is a privacy risk. What I would recommend instead is whitelisting your approved enterprise devices and blocking other devices by default
... View more
To get exactly what you want you'd need to use the API to get info from the uplink statistics, but if you have an Insight or SD-WAN+ license, the WAN Health section can show you a graph of loss, latency and jitter per uplink which may be enough?
... View more
While I haven't tried it myself, the Configuration Sync menu in Organizations claims that it supports group policies, so you would in theory set them up the way you want on one network and then sync them to all the target networks. It only supports uncombined networks though, so if you are using combined networks you will have to split them to do this.
... View more
Chatter on the Cisco forums alleges that the geoblocking you are looking for may be coming this summer, however I think you would be much happier overall if you were to pair Anyconnect with an MFA provider that has conditional access policies that allow geoblocking. Cisco discussion: https://community.cisco.com/t5/network-security/cisco-ftd-vpn-access-geolocation-block-for-control-plane/td-p/4858687 Conditional Access policy providers: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-location https://duo.com/blog/easily-enable-conditional-access-by-country-with-duo https://developers.onelogin.com/quickstart/geoblock https://jumpcloud.com/support/configure-a-conditional-access-policy
... View more
Is the IPSK update the only call you are making here? Can you test this again, but after the password change add a tag to the AP, and then remove it? Curious to see if a different change will trigger a configuration update here.
... View more
Ok, that makes much more sense, though I still seriously doubt the legitimacy of this reboot requirement. Two fairly simple options that involve slightly more downtime but should work even with your older APs: 1) If these sites can be down for ~30 minutes instead of the length of a reboot, I would simply use Port Schedules to disable the ports with access points for 30 minutes every night, which should then show up on the Device Connectivity bar if you want to double check it visually. This has the added benefit of being entirely done in the Meraki dashboard and not needing your batch script any longer. https://documentation.meraki.com/MS/Access_Control/Port_Schedules 2) You could reduce this to ~5-10 minutes by having your script disable PoE on the switch ports, then 5 minutes later enable PoE on the switch ports, this would still bring it down long enough where it should show up on the connectivity bar.
... View more
So your access points are being restarted weekly, but you don't know when it happens? Why isn't this simply automated, or given to the same person every week as a checklist/runbook item? Have you tried troubleshooting at all with support as to why you "need" these weekly restarts?
... View more
I would very much recommend against attempting to block instant messaging outright, for two reasons. 1) Telegram by itself does not expose students to adult content any more than Whatsapp, Discord, Facebook Messenger, or any other instant messaging platform. 2) In my experience, when you get heavy-handed with network restrictions in this manner you will not actually prevent the behavior you are trying to stop, you will instead push clients to download sketchy alternative apps that are less safe/less moderated or to VPNs, or they will just switch to cellular data. It is my belief in general that you are much better off having the apps allowed but categorizing the traffic with NBAR and having some record that the clients were using the app if an incident occurs (in case they delete the app/wipe their phone, etc to try to pretend they weren't part of some incident)
... View more
The library will retry 5XX errors every 1 second until the number of retries specified is exhausted. Exponential backoff would likely be better, but there is -something- # 5XX errors
elif status >= 500:
if self._logger:
self._logger.warning(f'{tag}, {operation} - {status} {reason}, retrying in 1 second')
time.sleep(1)
retries -= 1
if retries == 0:
raise APIError(metadata, response)
... View more
I don't believe there is a good way to do this through the Meraki API, I would recommend instead looking at doing this through Event Viewer logs with AD and/or NPS or integrating a SAML authentication solution like Azure AD that would give you this visibility plus extra security features.
... View more
Just like how your script can enable and disable them despite that not being in the dashboard, you can tag them with the API. On an MS410, the stack ports are 19 and 20 so.... >>> dashboard.switch.updateDeviceSwitchPort('Q***-****-****',20,tags=['no_auto_shut'])
... View more
What I would do personally is use a tag on the port to exclude them, personal preference I find tags a bit cleaner, more portable and they help me remember what automations are running or not running on a port/device/network. if total_usage_kb == 0: x = dashboard.switch.getDeviceSwitchPort(serial,port_id) if "no_auto_shut" in x['tags']: print('Port {} on {} tagged with no automatic shutdown, skipping'.format(serial,port_id)) else: dashboard.switch.updateDeviceSwitchPort(serial, port_id,enabled=False)
... View more
Who will be using this automation? Just you? Your team? Other teams within the business? If you are exposing it to others, how will you manage access to this solution? What automations are being created (config changes, monitoring etc.), how frequently will they need to be ran, and what types of user inputs are you expecting to handle? Is CLI an option, or is a web GUI required? The moment you introduce a web GUI you are significantly upping the complexity of the solution. Do you need any specific outputs, such as CSV/PDF/email reports etc? Roughly how large is your environment?
... View more
I'm fairly confident this is because the MX platform does not have this capability at all right now. Try to get uptime via an snmpget or Cacti or some other SNMP monitoring tool, it will work for MS but for MX it just isn't there.
... View more
Assuming you have the Advanced Security license, SNORT + Content Filtering will be your friends here. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering
... View more
How many sites are we talking here? Also, the point of Meraki is to make things like this "easy", you are largely defeating the point of it with these custom solutions of yours. Performance-based routing with a vMX in AWS/Azure would give you by far the best failover experience and is very set-and-forget, SD-internet after that is not bad but pricey, or for little/no cost you could run an API script somewhere constantly monitoring the connection stats for the MXs and fail over the WAN uplinks as you please.
... View more
//
//
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_802db73bf91e14","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_802db73bf91e14_0","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_802db73bf91e14_1","feedbackSelector":".InfoMessage"});
LITHIUM.InformationBox({"updateFeedbackEvent":"LITHIUM:updateAjaxFeedback","componentSelector":"#informationbox_802db73bf91e14_2","feedbackSelector":".InfoMessage"});
LITHIUM.AutoComplete({"options":{"autosuggestionAvailableInstructionText":"Auto-suggestions available. Use Up and Down arrow keys to navigate.","triggerTextLength":4,"autocompleteInstructionsSelector":"#autocompleteInstructionsText_802db734b4bafd","updateInputOnSelect":true,"loadingText":"Searching...","emptyText":"No Matches","successText":"Results:","defaultText":"Enter a search word","autosuggestionUnavailableInstructionText":"No suggestions available","disabled":false,"footerContent":[{"scripts":"\n\n;(function($){LITHIUM.Link=function(params){var $doc=$(document);function handler(event){var $link=$(this);var token=$link.data('lia-action-token');if($link.data('lia-ajax')!==true&&token!==undefined){if(event.isPropagationStopped()===false&&event.isImmediatePropagationStopped()===false&&event.isDefaultPrevented()===false){event.stop();var $form=$('