UPDATE: this challenge has ended. Thanks to everyone who submitted their ideas! Our randomly selected winners are: @SeaTec and @r_timmons. Congrats!
Blake here, giving this month’s Community Challenge!
Here’s the scenario: you’ve been hired by Meraki to develop new features within the dashboard. What features would you add or adjust first? These can be anything from how the dashboard interacts with Meraki hardware to 3rd party services such as Apple VPP / DEP or even just the admin side of the dashboard i.e. users, licensing or inventory. The cloud’s the limit!
Describe a feature or features in the dashboard that you would take in your own direction in a comment on this post before 11 a.m. PST on Friday, December 13th, 2019. Comments will be public throughout the contest.
There will be two winners for this challenge. Once the submission period ends, we will randomly select 2 winners from all of the respondents. Winners will receive one of these Osprey Ultralight Stuff Packs!
Terms & conditions
Hah! Nice. I'm going to stay away from VPN client and IPv6. It's getting old.
How about a built in survey mode showing something like the location heatmap but with estimations of the coverage based on the signal seen from the other access points.
Or something like Cisco's path trace. Love that concept too.
Real Time Syslog data and Hardware data points.
The ability to see what is going through my appliances without the need for 3rd party software would be really helpful. Also hardware information like up-time and real-time CPU utilization.
Meraki support engineer's have the ability to see a column in the AP list view, called 'UPTIME'. I want to be able to see that also. Basically that and maybe some other sort of 'event view' stating loud and clear that AP-XYZ rebooted or lost power at X time frame on Y date. I really hate that we don't have any visibility into this and I have to rely on syslog for the port the AP is connected to, in order to see if the port went up/down.
I also want alerting for WAN2, not just WAN1
Aside from wishing we had an SSL client vpn:
Compare a site with another site, compare KPI values with peers in your network, and compare the APs in network heatmaps to spot trends and gain insights.
First: an undo button
Second: a multi VLAN bridging between MR accesspoints.
I will appreciate it if Cisco gives me the ability to limit the encryption domains my MX is advertising to Non-Meraki Peers
I'd like advanced features of the MX BGP. And to run BGP, the MX has to be in one-arm mode, which has a lot of limitations. Some improvement of that would be great!
1. Add basic support for Windows 10 devices in Systems manager, for example password/pincode enforcement.
2. Fix OpenID connect integration and add SAML as authentication option for WiFi and MDM enrollment.
3. Add CRL (Certificate Revokation List) feature to Systems Manager and expose it via API.
a small panel visible on any page on the dashboard (and dismissable) with key issues and vulnerabilities/offline devices that you can click on and go straight to a specific location to fix
Like an MX device that hasn't reported in a few hours
or an MR device that's offline
A global Admin User interface for MSPs and anyone who has the ability to see multiple Meraki Organizations.
If, as an admin for my company, I hire a new engineer or tech, I cannot globally assign them access to all of our customer networks (more than 60 orgs at this time). The same goes for losing employees, we have to visit all of the Orgs to remove them. I do understand this can be done through the API, however, it should really be available in the web UI.
Better integrations and more info for the syslog servers.
Logs to include users and data for Microsoft 365 Cloud App Security. Meraki - URLs log log format does not contain the following data attributes:
Because of this, these attributes will not be available in Cloud Discovery data.
Creating a reporting engine with the option for custom reports and better export options. CSV is great, but for a quick report PDF would be easier.
Topology History would be nice. even if it only showed the last 1 or 2 topology changes for a given network and the date time they changed.
I'm with KRobert. I would like the ability to see real time hardware statistics in the dashboard without having to go through the API. It's handy to be able to see if a device(s) is getting near a certain threshold of hardware utilization at any given point in time.
MV - it would be great in camera list to:
a) Have a small thumb besides each camera name
b) Be able to hover over camera same and see a thumbnail be displayed.
b) would be the best. When you have a good number of cameras in a single network, sorting through them to find a specific view is not ideal.
a searchable list of known bugs (not just a summary of items against the release notes for a particular device family)
Also an indication of whether the issue is actively being researched by developers.
Similar to the 365 admin portal, I would like to see a feature that customizes the portal for individual clients. Branding such as a wallpaper background and a place for their logo. In cases where there are multiple admins touching into multiple clients it would be a good visual reminder of who’s portal you’re working in.
I would like to know to SPAN traffic to a specific VLAN because when you are trying to analize traffic from one VLAN you have to analize all traffic from all you preconfigured VLANs.
This is really nice initiative.
- Currently when the MX replacement is made it doesnt download same config as old.. Like it doesnt add TAG, Address and Cellular APN name automatically in the New Device.
- Also, we would love to see detail syslog during the time when Meraki Device stops communicating with the Cloud.
- Adding VLAN tagging from the dashboard rather then changing from Local Status Page.
I would like if the search dashboard function was able to actually search all settings and fields in dashboard, for when you are looking for a specific setting or button and can't find it. Similar to how in macOS if you go to the Help tab in the menu bar for an application, you can search for something, and it will show you exactly where the setting is. I spent like 15 minutes the other day just trying to find where the grant support access to MV's button went.
1. Add comments to the WAN interface to add circuit information that can be sent when an alert is sent out. Right now we use notes for this but would like it on the uplink tab under the interface.
2. Thinking of this I went to look for what I sent as a wish list item and unless I am missing something I can't find it, so showing the history of my wish list requests.
3. Control over client VPN settings. We had to adjust for PCI audit but had to call support. Then an update broke client VPN and we had to call back again to adjust. I would like the control please.
In System Manager I would like to improve the Remote desktop function by being able to expand to a new window or browser tab. Additionally better compatibility with newer version of the MacOS.
After that, I would like to improve the Client VPN to support Multi-factor authentication natively, with Duo perhaps.
I believe the adoption of an Ai based recommendation system that helps users further configure devices for optimal performance. There are so many posts on the forums around "how should I configure X" or "how do I get the best performance? etc", surely the dashboard could review configurations, associated data and start providing recommendations on fine tuning, similar to that how Azure works with its recommendation system.
I want to customize the portal.
And real-time hardware statistics
(and client trafic view/MDM Device view/syslog...etc)
Functions that can be arranged on the panels.
I would like to see a little more Template flexibility for some options, such as location, the ability to perform single device upgrade.
1. Monitoring status for the resources of CPU and Memory.
I want to see that resource status.
2. App for Client VPN.
At this time, It is not easy to set for each clients.
3. More detail protocal and application.
At this time, When I see the protocol and application in the summary, that is not enough.
There are a lot of useful thoughts already commented, but personally I would love to have;
A "Assign IP Address" button a feature on the list-view screen of devices right next to "Edit" , It would make the job of assigning the IP address to devices so much easier, it was there for a while when I requested it from support and it was really helpful.
Under Security & SD-WAN / Addressing & VLANs, Per Port VLAN settings should move to a new page called Appliance Ports. The behavior of Appliance Ports should mimic the Switch / Switch Ports page in functionality.
Along the same lines, there should be a Ports tab under Appliance Status that works like the Ports tab under Switch Status.
I wold like to have the functionality of SEIM built into the dashboard with at least a year of logging.
This could be a configurable interface with 3rd party APIs supported or Meraki's own solution.
Juste would like to make my message more readable :
1. Port Security for All MS
Add the possibility to have a Real Port security like we can have in CLI cisco devices.
Authorize dynamiclly only 1 MAC adresse by port and flush the table when the device is disconnected. Why ? Because Meraki hasnt got any solution to have a minimal protection for block undesirable device like Dumb Switch Instead of Port Security
a new feature who can detect this kind of devices and Block it With port security on CLI with only 1 MAC adresse authorised if a second MAC is detected the port is block and autmaticcly unblock when only one mac adress is detected. It’s not perfect but it permit to limit dumb switch
2. Rules And Authorizations for user on the dashoard
Add more possiblity to show/bloc/authorize some functionnality for rules in the dashboard like a complete customizable permissons with groups etc …
In some cas we would like to grant access to some user for troubleshoot etc but we can’t block the « reboot » function for example
3. Tool for save and import configuration
for anetwork when we need to transfer the network between 2 template. A lot of configuration are deleted when we switch the template on a network, like VLAN adressing, Wireless pass, DHCP exclusion, Traffic shaping, etc …. We need to reconfigure each time !!!!! A lot of waste time
4. More personnalization on the dashboard
Summary of problem for example. (WAN status, devices etc …) possibilty to aknowledge the problem
Global personnal view for device to see just what see need to see (moovable block)
5. MX ports Possibilty to disable Port on MX even if they are bind to a template direclty on the dashboard (overwrite configuration) ans not in the local configuration page
Also ability to configure PPPOE WAN INTERFACE form the dashboard and not from the local status page Possibility to see what Meraki Device is connected on MX ports. Actually we can just see there is something connected to it. Yes fine ! But what network device ?
6. Per Wan firewall rules
Add LDAP support to System Manager Owners, so Cloud base Identity systems like JumpCloud can sync it's users with System Manager Owners.
I think it would be great if you can have the option to upload AP configuration (name, ip address etc) from a batch file. Sometimes you have to change parameters of APs in large network and can be a little time consuming.
I'd love to see a Dashboard for specific client event log tracking with filters on network traffic: Applications/Ports/Services/VPN connection/Security/Web pages visited/ and so on. That would make monitoring a specific user or device very handy!
AutoVPN across Orgs so there isnt so many steps to setup.
Add MX cable test feature
Add ability to schedule a call back from support via the dashboard
If I could get a Change to add a Function to the Dashboard i would add that if you have a MV Camera and a Area of interest it could be used true mqtt so realtime Alerting is possible with Meraki MV Cameras without need of detection of Person!!!
This would be a great step forward to add a simple function all other Camera vendors have by standard.
Regards Michel Rueger
More on the SM side:
Zero-touch deployment, users don't need to authenticate when setting up a computer remotely, they just switch it on for the first time, get notified that this computer gets managed remotely and get taken to the wifi/account creation part of the setup process.
i want to see the cpu of the unit and i reallly want to use api for firmware upgrades
I know this might be coming already, but I would love to see a "combined" ACL for VPN and Firewall in the MXs.
That way you would not need to go to multiple pages to do ACLs.
Now that we have the new switch, I would love to see "vrf lite" under "Routing and DHCP" in the switch section.
And then have a nice graphical overview of "vrf routers" next to each other, with attached interfaces and names.
That would look so good and be a super nice feature.
(My ascii skills are unfortunately not good enough to do a drawing 🙂 )
And I would also love to see SSL VPN in AutoVPN instead of IPsec. (Not much of a "Dashboard change" but more of a technical change).
There are already lots of alerts that can be triggered but what is not possible is to set an alert if a backup-internet line goes dead. We have a lot of customers were there are 2 internet lines. should the main line fail, we get an alert; but while the main line is active, there is no indication or alert if the secondary line goes down or is having problems. the way we have to solve it now is by having a device that only uses the backup and if the backup goes down we get an alert from the device.
Also it would be very nice if they added the option to customize the dashboard per organization or even per network. A lot of customers have an IT-manager that has acces to the dashboard of their company. it would be a nice feature if we could show their logo or something on the dashboard, create a custom background,...
Ofcourse these options would not be useful for everyone but these are small additions that would make a very nice product even nicer.
IPSK without a local RADIUS server 🙂
I have the old one of a real vpn client like anyconnect or make anyconnect avaiable for the meraki cloud
I have two things that are interesting:
Technically, I would like to be able to do more organization wide. For instance, alerts and SSID's. Now you can only set alerts per network. If you manage several networks you have to make the same configuration for each network. The same for SSID's and Access policies. Please let us be able to get more things centrally managed.
Also Licenses: When a license is activated, the order number is removed from the inventory information. Can this be kept? This would be more easy keeping track of our devices.
Thanks for your positive response and kudo's.
Hi, I'd love to see a improvement on the videowalls for the MV Cameras, ideas:
- Hide cameras if the user doesn't has access to it.
- Hide or show Layouts depending the permission of the user
- Access to the videwall "easily" from tv monitors
- An application for android or apple tv to show the videowalls
- Videowall with cameras from different network
Dear Santa Meraki
we would like to have a menu under the Camera setting or Network setting where It is possible to set a predefined retention policy of the video recording based on the country regulations
I can't begin to tell you how frustrating it is that I can see what port a device is connected to and have a port description in a Meraki MS switch but cannot add a description or see in connected clients any port information on devices connected to MX ports!! This is frustrating at remote sites when a cable is moved and you have VLANs configured and no way to tell what port it's connected to??? Even just a mac address table identifying the port would be helpful in the MX's!!
Ok. That's my Christmas wish ☃️☃️
Switch Port Templates: it would be great to have specific port settings as a template and to be able to apply that template to selected switch ports, even based on port tags.
I would build a graphical representation of what's going over the wire at a given moment for the MX devices. Sure, I can look at the packet data, but I'd like to know, at a glance, who's using bandwidth and what sites and or applications are consuming that bandwidth per host in real time or near real time, not just for the last two hours.
A sort of AI that studies/checks your network from the switch, ap, and mx. It will let you know of cable errors, loops, etc. Basically what the Meraki Wireless Health is but fused together with all network hardware.
As a network consultant who installs/troubleshoots Meraki equipment, it would be very handy to get access to all the logging/debugging.
Now when a network goes down, you have no insight. If it would be possible to see some more detailed logs on the dashboard, or even better, on the device itself, that would be great!
Also it would be helpful if the dashboards has a faster update period. Here i'm talking about some "error" messages which stay on the dashboard for way longer (sometimes up to an hour) when the issue is already resolved.
Something I always thought would be nice to have is that the last known connection port was displayed in the dashboard.
Say for instance you have an access point.(or any other port connected device) I can go into that access point and see what switch/port it is connected to. If that AP were to go offline or stop responding for whatever, I no longer have that information available to me. Maybe I want to troubleshoot/cable test the port, reset settings, cycle the port, etc, but I do not remember what the reporting port was it was connected to.
Seems there should be a way that the dashboard record/report the last known attached switchport for a device after it goes offline.
Lot of good ideas getting generated in the thread. Keep it up!
* Native Multi factor support would be huge for us.
* Better MacOs VPN Support. Clients with same subnet have trouble accessing local shares when client subnet is same as target subnet
We desperately need more real time data in terms of hardware utilization and client bandwidth consumption on the MX.
Client VPN needs development - maybe SSL VPN option?
SSL packet inspection
*Oh! And make the "inbound firewall" under site to site VPN ACTUALLY work! Why is it in the GUI if is non-functional? (reference note here: https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior)
I would like to see realtime stats of the device like CPU, Memory, Fans are all working correctly. I've been asking for this for years!
How about a quick Chat as a addon, it could be a Bot.
I'd add a documentation tab for each network/site. Give the option to upload Visios, rack photos, etc. Then a section to type in notes/leave comments about the current state of the network.
I wish that when whitelisting a client, some sort of time-out choice could be offered.
-Do you want to whitelist this client for all eternity (until I change it back)?
-Do you want to whitelist this client for an hour?
The ability to have a template copy only selected items instead of overwriting everything in an existing network. For example, if I want a template only for firewall rules I should be able to apply only those rules and not overwrite the entire local config. Same goes for content filters and a few other items. I realize you can use Node Red and Python, but I personally work in a undersized department and rarely have time to stop and look at these things. I also don't know JS and I've been learning Python but it's slow going. The option of using the dashboard would make things easier for me personally and I imagine many others.
Some of the wishes I have:
-SAML for 802.1x authentication rather than relying on AD or kerberos.
-Like others have mentioned, real time statistics of CPU, Memory, and other hardware related stats.
-More visibility between Meraki and non-Meraki VPN.
-CDP/LLDP on MX. More specifically, who and what is connected to each port on the MX.
-Integrated DNS server within the MX as opposed to using some external server.
-Multiple WAN IP support to NAT data out separately over different circuits.
It will be nice for clients to have the freedom of enable the hidden features only Meraki support can enable, or at list have an easy access to the list of all features to know what to ask for when contact support
More Orchestration and Automation options are really the way to go for me. It would allow me to do more with less.
Having a Meraki Connector in Azure Logic Apps can be a real benefit. IMHO. It would allow deeper integration with Microsoft Sentinel or other SIEMs where processes can be started which change the Meraki environment on detected security events; for instance.
I would add the ability to configure the MX LAN ports and MR30H LAN ports just like the MS ports. Including supporting CDP/LLDP, LACP, port tagging, etc. No more "wired SSIDs" 🙂
Oh boy . . . here we go . . .
SSL VPN client and/or WireGuard VPN client and/or Cisco AnyConnect VPN client.
IPv6 on WAN and LAN.
The ability to split out client VPN logs from Site to Site VPN logs.
The ability to assign a group policy to a static route. not just a VIF.
The ability create aliases for objects and assign firewall rules to those objects, not just IPs.
The ability to set up more than 2 WAN connections.
and for the things that can actually be implemented:
Layer 7 firewall allow rules, eg. deny all video and streaming but allow youtube.
Configuration changes backup and restores.
Alert when the secondary WAN is down, not just the primary.
1 - When viewing "All Networks", on the Device tab, be able to show the public IP of each uplink port. (i.e. display Uplink IP (Port 1), Public IP (Port 1), Uplink IP (Port 2), Public IP (Port 2)
2 - PER-VLAN Content filter
3 - Wildcard for content filter
I'll just through this one here.
More control on Admin rule, maybe Admin groups and what each group can do.
This is one of many that I have on the top of my head now, been working very closely with Meraki systems for three years now.
We would love more information about the workstation in Systems Manager, specifically year of workstation and model. We have clients that would love to use Systems Manager to inventory their devices and keep track of which ones need updating next, etc.
We are driven by statistics. I would love to be able to mine all the data available via custom build reporting. I think we could beef up of infrastructure with a more visible way of documenting our usage.
1 - I would add the ability to create a test organisation with test networks and test devices which don't physically exist. This would allow you to test the API as well as other features without the financial commitment of buying hardware.
2 - MX Cable test
3 - Change Log 'undo' button or show a command to reverse changes if done by the API
4 - More granular control of permissions. Being able to allow permission to Wireless but not Switch for example
Ok, so this is something that will probably only affect a small amount of people, but is totally frustrating with me an my ISP's...
So here is the scenario... we have a fibre based ISP that will not 'update' the arp table when it sees a packet coming with the IP address if it has a secondary IP address.
The first IP always works, but in order for me to have additional IP addresses (secondary on the Cisco router), then I run a Linux server (which is what the Meraki MX is), and send an 'arping' while spoofing the mac address. This is a pretty crappy workaround, and of course on my switch I get error logs indicating that the mac address is flapping between ports.
This is a 5 minute fix... any 1:1 or 1:many nat IP's should do this automatically, and maybe once an hour or something like that.
Easy to implement
Risk to implement low
This is low hanging fruit
Cisco AnyConnect Support for the MX's
Topology snapshot history
The ability to see what devices are connected into the ports of my MX devices (non Meraki)
Confirmation that a device has successfully upgraded it's firmware or whether the firmware install has hung but appearing as been successfully completed
Custom build reporting
Alerting for WAN 1 and WAN 2
A color change to graphs/stats for summary/uplink tabs as it is very hard especially under the loss area to determine between the two
Layer 7 firewall allow rules - would like to deny things but allow youtube
most of my feature requests are pretty similar to everyone else's here.
Top of the list is Cisco Anyconnect support and topology snapshot history
I would really like the ability to have a shell on any Meraki device. This would give me access to troubleshoot so much more when it comes to any network issue in addition to a Meraki issue. I feel like the "Tools" tab is too limited to basic network connectivity tests.
It would be great to have IPsec VPNs with IKEv2 and modern crypto algorithms. DH1, 2 and 5, MD5 and SHA1 are not recommendable. It would be useful for site-to-site and client VPN, too. Maybe it's useful, supporting AnyConnect for client VPN, additional to the existing support for native clients.
I would love to have something that shows my AP coverage so I know if I am good or not. I know most of the functions I want are there somewhere I just can't find them, so maybe a better UX on the dashboard side. I know I am not as proficient as some but that is what brought me to Meraki it was something I could help manage and I didn't have to run to the big techs for everything, especially a reboot, and that is what I talk up the most to others thinking about moving to Meraki is that you don't always need all those letters after your name to get a AP up and working or to find and fix easy stuff like bad cables. But that GUI could use some TLC.
For folks running Advanced Security Licenses on their MX Devices:
1. Ability to send certain issues directly to SMS, like Malware, etc. My email tends to find ways to eat my many Meraki Notifications.
2. More analytics regarding utilization. For example, I know sometimes my MX Devices seem to just stop logging and get overloaded. You are tracking all our usages and data, and know way more about our devices capabilities then we do, so it would be nice if you gave us weekly or monthly updates like, "hey your device can't keep up with your FiOS 1G Connection your client just upgraded to, time to upgrade", or "hey, your customer just grew 200% and this MX68 isn't cutting it for 120 users, time to upgrade". All things that would help sell more Meraki Equipment. Especially if it rolled everything up in to a nice online report we could share with the customers.
3. There should be a picture of a unicorn somewhere that you can click on. That would clearly be something no competitors have.
Under the maps tab under markers it would be nice to be able to see current channels each AP is on.
I would list needed info on certain screens.
The feature I wish to have is the ability to create multiple VPN hub groups. With that, I can have a group of hubs for our own datacenters, and have a different group for our partner's datacenters, so that we have a clearer separation.
Access to Spare device via interlink or downlink.
Most of my customers are concerned about device accessibility when spare device's uplink is gone bad.
For now, there is no way to access spare device's local status page without Internet connection.
But sometimes, I have to access to it in order to check status and change uplink configuration to bring it back up.
Please add some nice realtime live-logging of the firewall like the Sophos UTM has.
That would be really great to do troubleshooting
I would also like to see better features on the uplink tab. I want to be able to see if sites are maxing out uploads consistently.
maybe have live data, then data previous day, 1 month, and 1 week for uplink traffic
One of the many things that would be very helpful is the real time application monitor, by user, device, IP, etc. and to have the option to differentiate the device type in general and not only over the Meraki APs.
Integration with Cisco Threat Response Dashboard.
make it a advanced sec license feature
A profile Menu Icon on the dashboard to view and edit account information (and add or remove customers from it) etc.
At present I see the list of organisations under my account, but not a global account profile (without having to re-login elsewhere).