Cisco Meraki is an amazing cloud-managed IT solution, simplying network, security, security cameras and IoT infrastructure. However, even the most intelligent AI/ML driven solution is still volunerable to users misconfiguring various options (usually without reading the documentation). Misconfiguration can result in an outage, or poor user experience (if you will limit user's traffic to 1Mbps - things will work slowly.. AI won't help there as it's the admin's "intent").
This script will leverage the Meraki API to compare an organization's settings and status against a set of best practices and thresholds - uncovering configurations that should be changed.
Summary tab:
Channel utilization tab: RF Profile tab: Switchport counters tab:- Network heath alerts: gathering all health alerts from all of the organization's networks.
- Multiple adminstrator users: verifying the organization has more than one admin with full control (per best practices).
- Admin 2FA: checks which admin users have 2FA enabled, and which admins do not (per best practices).
- API calls: present whether Dashboard API is being used, and by which admin usesr.
- API v0 usage: The Dashboard API v0 is being deprecated, and integrations should be updated to API v1.
- Firmware checks: compares the firmware versions of each network and device types to the latest stable release.
- Channel utilization (for 5GHz only, 2.4GHz is beyond saving...)
- RF Profile check:
- Configured Minimum Tx power (usually mistaken with EIRP, resulting to too high Tx power).
- Configured minimum Bitrate (see best practices).
- Configured channel Width.
- Manually configured RX-SOP (most won't configure it right, and it's better left at "auto").
- Number of enabled SSIDs (see best practices).
- Are jumbo-frames enabled, by checking the MTU (see best practices).
- Is RSTP enabled? (best of luck handling loops without it.. see best practices)
- Port counters:
- CRC errors.
- Collisions.
- Broadcasts exceeding threshold.
- Multicasts exceeding threshold.
- Topology changes (TCNs) exceeding threshold.
Convinced the health-check is worth 5 minutes of your time? let's do this!
- Access the Meraki dashboard.
- For access to the API, first enable the API for your organization under Organization > Settings > Dashboard API access.
ALWAYS keep your API key safe as it provides authentication to all of your organizations with the API enabled.
If your API key has been compromised - revoke it immediately through the dashboard, and generate a new API key.
pip install -r requirements.txt
You don't have to store the API key, as the script will ask you to enter it. However, it would be more covenient to store it instead of typing each every time.
Linux:
export MERAKI_DASHBOARD_API_KEY = <YOUR MERAKI API KEY>
Windows:
set MERAKI_DASHBOARD_API_KEY = <YOUR MERAKI API KEY>
python async_run.py
Feedback is a gift
- The script helps? I'd love to hear.
- You think the script sucks? Let's make it better!
- Have suggestions to additional common problems that should be included? Open an issue, I'd love to hear that too.
Installing the Meraki Python SDK
pip install -r requirements.txt
Set as an environment variable with API KEY for testing
export MERAKI_DASHBOARD_API_KEY=d03190ff333a3c7feaed89fec5b3b2529f59e8ec
Run the following command
python async_run.py
Expected output
Fetching organizations...
Meraki Organizations
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Organization # ┃ Org Name ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 0 │ DeLab │
│ 1 │ DevNet Test Org │
│ 2 │ DevNet Test Org │
│ 3 │ DevNetAssoc │
│ 4 │ DevRelations │
│ 5 │ DevRelx23 │
│ 6 │ Forest City - Other │
│ 7 │ GGTEST_MyOrg1 │
│ 8 │ Hi Cory │
│ 9 │ Hi Cory │
│ 10 │ Jacks_test_net │
│ 11 │ MARYDALKO_HOME │
│ 12 │ MARYDALKO_HOME │
│ 13 │ MARYDALKO_HOME │
│ 14 │ My Org │
│ 15 │ My organization │
│ 16 │ My organization │
│ 17 │ My organization │
│ 18 │ My organization - clone │
│ 19 │ New Meraki Org │
│ 20 │ PM_Test │
│ 21 │ Personal.Lekhnath │
│ 22 │ SVR │
│ 23 │ Sample Org │
│ 24 │ TNF - The Network Factory │
│ 25 │ Wild Willys Org │
│ 26 │ Wils Test Creation │
│ 27 │ Wotan │
│ 28 │ Your Organization │
│ 29 │ abcdefg │
│ 30 │ changetest │
│ 31 │ gk │
│ 32 │ helloworld │
│ 33 │ organization with name changed │
│ 34 │ sample_network │
│ 35 │ thienbao │
└────────────────┴────────────────────────────────┘
Kindly select the organization ID you would like to query:
Type in 1
and press Enter
As a result of the running script, a related report file was created. In the current case file DevNet Test Org.xlsx
was created.
Sample Screenshots from the report
- The script intentionally ignores the 2.4GHz spectrum, as it is beyond salavion. It can be altered, if needed, in the
check_wifi_channel_utilization
function. - The SSID amount check counts every enabled SSIDs, even if the SSID is limited to certain APs or to a certain band. You may have three ssids on 2.4GHz and three different SSIDs on 5GHz, but the check will fail as it counts six SSIDs.
- The API usage is checking the last 5,000 API calls. It can be changed in the code, more API calls being examines = longer run time for the script (The async version checks up to 10,000 API calls per admin user).
Copyright (c) 2022 Cisco and/or its affiliates.
This software is licensed to you under the terms of the Cisco Sample Code License, Version 1.1 (the "License"). You may obtain a copy of the License at
https://developer.cisco.com/docs/licenses
All use of the material herein must be in accordance with the terms of the License. All rights not expressly granted by the License are reserved. Unless required by applicable law or agreed to separately in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.