- Last updated
- Save as PDF
This guide is for Cloud Monitoring for Catalyst Switches. SeeConnecting Catalyst 9800 Wireless Controller to Dashboardfor details on how to connect Catalyst 9800 wireless controllers to dashboard andAdding Catalyst 9800 Wireless Controller and Access Points to Dashboardto add them to the Meraki dashboard.
Onboarding is the process of enabling cloud-monitoring functionality for an existing Catalyst switch. For background information regarding cloud monitoring for Catalyst, please refer toCloud MonitoringOverview andFAQ.
Learn more with these free online training courses on the Meraki Learning Hub:
Sign in with your Cisco SSO or create a free account to start training.
Eligible Catalyst Devices
Cloud monitoring for Catalyst currently supports the following hardware and software:
-
Catalyst 9200 seriesswitches (including 9200L and 9200CXmodels).
-
Catalyst 9300 series switches (including 9300L and 9300X models).
-
Catalyst 9500 seriesswitches.
-
The full list of supported Catalyst switches is available atSupported Catalyst 9000 Series Switches (Cloud Monitoring).
-
IOS-XE 17.3 - 17.10.1 (if an upgrade is needed, download is available at Cisco Software Downloadspage).
To enable cloud monitoring for Catalyst, the Catalyst device must be connected to,registered and provisioned by the Meraki dashboard. The Cloud Monitoring Onboarding application was created tofacilitate this process. This application will help configure yourCatalyst device to establish a TLS connectionto the Cisco cloud infrastructure and register itto your dashboard organization.To utilize Cloud Monitoring, all Catalyst switches that will be added to the dashboard must have an active DNA Essentials or DNA Advantage license. From there, dashboard will configure the necessary serviceson your Catalyst device to enable cloud monitoring. SeeCloud Monitoring Detailed Device Configurationsfor additional details.
Pre-Onboarding
-
Confirm that the switch(es) designated for onboarding are one of the following:
-
Catalyst 9200, 9300, or 9500 series hardware.
-
Running IOS-XE 17.3 - 17.10.1
IOS-XE upgrade instructions and release notes:Release Notes for Cisco Catalyst 9300 Series Switches
Current recommended IOS-XE release information can be found at:Recommended Releases for Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms
A full list of supported hardware can be found at:Supported Catalyst 9000 Series Switches (Cloud Monitoring)
- Have access to the Merakidashboard:
-
Verify the abilityto log in to thedashboard.
-
Or create a free account. Instructions are available at:Creating a dashboard Account and Organization.
-
In Organization > Configure >Settingsverify that the checkbox for Dashboard API Accessis selected and saved in the Dashboard API accesssection.
-
From My Profile,chooseGenerate new API keyor use an existing key. Note that a full admin account must be used. SAML log-in is not supported for API key creation.
- The API keymusthave full read/write access for the organizationto which switches will be onboarded.
- Additional documentation regarding enabling API access is available at Cisco Meraki Dashboard API: EnableAPI Access.
If an "invalid API key" error message appears, confirm the key and try again. API keys may take up to 15 minutes to become active in the onboarding application after creation.
-
The computer from which the onboarding application is run must be able to reach api.meraki.com and meraki-cloud-monitoring-onboarding-app.s3.amazonaws.com on TCP port 443.
-
Version updates for the application are automatically checked atmeraki-cloud-monitoring-onboarding-app.s3.amazonaws.com.
-
The onboarding application is a stand-alone executable file; security settings on your local device must permit running this application and accessing the indicated hostnames above.
-
HTTPS proxy servers that modify the certificate in transit are not currently supported.
-
-
The Catalyst devices to onboard needaccess to the Cisco cloud:
-
Ensure any firewall rules in place allow communication with the gateway corresponding with the dashboard region on TCP port 443:
-
Americas: us.tlsgw.meraki.com.
-
EMEA: eu.tlsgw.meraki.com.
-
Asia Pacific andJapan: ap.tlsgw.meraki.com.
-
When translating ports through a firewall, the connection to the TLS gateway must be sourced fromephemeral portsTCP 1024 and above.
-
-
-
Telnet required for connectivity pre-check:
-
The onboarding application will test connectivity to the regional gatewayon TCP 443 using a Telnet connection from the switch CLI, for example telnetus.tlsgw.meraki.com 443.
-
This requires that the "line vty" section of the configuration allows outgoing Telnet connections from the switch. The "transport output" line must contain "telnet" or "all" to allow this check to succeed.
-
- HTTPS proxies to access the API endpoint and the TLS gateway are not currently supported. If necessary, ensure rules are in place to allow direct HTTPS connections to each.
- Connectivity must be via a front-panel port (not the management interface).
- Only the default VRF is supported.
- Ensure routes are in place to reach external addresses including a default route(use of ip default-gateway is not supported).
- IP routing (ip routing) must be enabled on the switch or will be enabled as part of onboarding.
- Ensure DNS is enabled on the switch (ip name-server {DNS server IP} configured).
- Ensure DNSlookup is enabled (ip domain lookup).
- NTP needs to be enabled on the switch (ntp server {address}), and the switch clock must reflect the correct time.
- AAA on the switch must be configured using aaa new-model.
- RADIUS authentication is not currently supported.
- SSH access to the switch CLI must be enabled and accessible via the computer used for onboarding.
- The user account for onboarding must have privilege-15 level access on the switch.
- Determine which dashboard networks toput onboarded switches into:
- The network must be "switch" or "combined" type (Note: if "combined" then itmust already include a"switch" network).
- If not already configured as such, the onboarding process will automatically enable"Unique Client Identifier" tracking method for that network.
Information about creating a new network is available at: https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Creating_and_Deleting_Dashboard_Networks#Creating_a_Network
When the tracking method is changed, clients may appear to be duplicated until previously collected data ages out and is no longer valid. For more information, see: https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client-Tracking_Options.
- Back up the current running configuration on the switch prior to beginning onboarding (i.e.,copy run flash:config-backup.txt).
Downloading the Onboarding Application
The onboarding application can be downloaded from the following links:
Alternatively, the onboarding application is also available for download through the dashboard. To access it, go to Network-wide > Configure > Add Devices from the navigation on the left side. In this section, click on the link to add Catalyst switches to the dashboard.
From the pop-up select your operating system to download the version for your computer.
Onboarding
In order for a Catalyst device to be recognized and added to dashboard, that device must go throughonboarding. The Onboarding application will assist in verifyingdevice compatibility and connectivity,configure thedevice to build a secure TLS tunnel connection to the Ciscocloud infrastructure, and initiate registration to your dashboard organization.Once registeredon dashboardall further configuration and updatesto support cloud monitoring functions will be managed by dashboard and communicated to the device through the secure tunnel. See the sectionOnboarding Configuration Changes for additional details.
Note, once onboarded and as long as that device has an active TLS connection to the Cisco Meraki cloud infrastructure, itno longer needs the Onboarding application. Additional changes,features, or fixeswill be managed by dashboard through the secure tunnel. Only if the TLS configurationwere modified will you need to re-onboard that device.
Using the Onboarding Application
The onboarding tool is a stand-alone application that runs natively on Windows, MacOS, or Linux. If running on Linux, note that this is a GUI application, and a CLI version is not currently available.
Werecommend making a backup of your existing running configuration on switches before making any changes.
Upon launching the onboarding application,it will automatically check and download the latest version. First-time users will also need to read and accept the terms and conditions for this cloud service.
On the main page, paste in the API key that you previously copied from the dashboard (refer to the checklist above if you do not have this saved).
To continue, a valid dashboard API key from an account with write access must be entered.
Step 1: Confirm the organization associated with the API key the switch(es) should be added to. The link can be used to access the dashboard for that organization. If you have multiple organizations you wish to onboard switches to, you will need to run the app separately for each organization.
Step 2: Enter the IPv4 address of the switch(es) to be onboarded. This should be the local address that is accessible from the computer on which the onboarding tool is run. A port number can be specified if other than the default (TCP 22). For example: 192.168.1.10:3421.
Note: As Cisco stacks share the same IP address across all members, the single IPshould be entered which will onboard the entire stack.
Step 3: Enter the SSH credentials of the switch(es) to be onboarded. The credentials must be the same for all switches. If different credentials are required, the onboarding process must be restarted after completion.
Step 4: Pre-checks will be completed to verify that the hardware, software, and configuration is eligible for cloud monitoring.
Note that at this time, only "password"authentication is supported, to verify that connectivity is not using pubkey as the authentication type, verify you can SSH with ssh -o PubkeyAuthentication=no -p <port> <username>@<ip>
Step 5: The user is provided a list of networks in their organization and can select which one they would like to use for onboarding. Note that a switchingnetwork or combined network including switching must be used and a different network can be selected per switch being onboarded.
Step 6: The proposed configuration changes are presented to the user for review. The user must check the box next to each switch to confirm they would like to make the change.
Additional detail on the configurations that will be applied is available at:Cloud Monitoring Required Configuration.
Details of all changes can be seen using the “show details” link.
Step 7: The configuration is applied.
After completion, the switch may take a few minutes to appear in the dashboard. Additional data will take time to populate.
Dashboard page after onboarding:
Offboarding/Removing Switches from Cloud Monitoring
To remove a switch from the dashboard and cloud monitoring, follow the standard process for removing a device from a Meraki network seen in the article,Adding and Removing Devices from Dashboard Networks.
From the switches page, select the checkbox next to the desired switch(es) and then click Edit > Remove from network.You will be asked to confirm the removal of the selected switch(es). Once confirmed, this action will trigger an Embedded Event Manager (EEM) script on each affected switch. The script is designed to automatically clear all configurations previously applied for integration with the dashboard. This effectively severs any active tunnel connections to the cloud, ensuring that the switch(es) will no longer be managed by the Meraki Cloud.
For full details on the EEM script go toDashboard Configuration Clean Up EEM Script
Cloud Monitoring Onboarding Error Messages
Invalid API key. A full (read/write) key is required.The API key is validated by the onboarding application by connecting to the API server at api.meraki.com.
This message indicates that the API key could not be validated with the server. Check that the key is entered correctly. If this still does not work, a new API key must be created following the instructions in our Dashboard API article.
Note that a full admin account is required and that the key must be read/write (not read-only). Accounts using SAML are unable to generate API keys, and a dashboard account with Meraki credentials should be used instead.
Unable to validate your API key. A full (read/write) key is required. Please try again.
Ensure connectivity from the local computer to api.meraki.com on TCP 443. HTTPS proxies in the path are not currently supported.
If connectivity has been validated and this error is still seen, a new key can be generated following the instructions above.
Error: Timed out while waiting for handshake. Confirm you can reach the switch via SSH from this computer.
The onboarding application will attempt to connect via SSH on the IP address and port provided. Confirm that the switch can be reached from the same computer using a terminal connection on the same IP address and port. Ensure there are no firewall rules in place preventing connections from the onboarding application.
Error: All configured authentication methods failed. Confirm your username and password are correct.
The credentials provided are returned as invalid from the switch. Ensure that the username and password are correct. If an enablepassword is required to have elevated rights (privilege level 15), this must be provided as well.
Device is not eligible for onboarding. Reason: [reason]
Review the reason shown. Confirm that the hardware, IOS-XE version, and DNA license are supported according to the onboarding documentation.
Error checking device [configuration]
Ensure the switch is reachable on the IP address and port provided. Confirm that the credentials provided have privilege level 15 to read all information from the switch.
The credentials you provided do not have permission to proceed with the onboarding process. Please provide an enable password.
An enable password must be provided if the username/password do not provide privilege level 15 rights.
A device with specified serial number and model already exists and is in use by different account.
Remove the switch from the existing dashboard network. Steps are available in theOffboarding/Removing Switches from Cloud Monitoringsection of this article above.
It’s taking longer than usual to confirm your device is ready. Onboarding will continue in the cloud. Please check your dashboard later.
The onboarding process on the switch has been completed, but additional back-end processing in the cloud is required. The switch should be available in the dashboard after 15 minutes. If it does not appear after one hour, attempt onboarding again or contact support.
Device has not established a TLS connection to the cloud.
The TLS connection for the encrypted tunnel could not be established between the switch and the cloud. Review "Ensure reachability" in the pre-onboarding checklist.
Device tried to connect, but the tunnel did not stay up.
The tunnel was established successfully but disconnected before communication could be established. Review the switch log for additional information.
Cloud is not able to connect to the device through the tunnel.
The cloud has attempted to initiate a connection to the device over the tunnel but is unable to establish communication. Review the switch log(show log) on the switch for additional information.
Cloud is not able to login to device.
The cloud is not able to authenticate with the switch using the meraki-user account (MERAKImethod list). AAA settings on the switch must permit the meraki-user account to authenticate. Additional information may be available in the switch log.
Cloud is not authorized to access the device.
The cloud has been able to authenticate with the switch using the meraki-user account (MERAKI method list)but is not authorized to access information needed for Cloud Monitoring. AAA authorization settings must allow the meraki-user account to run required commands. Review switch logs for additional information.
Device is connected, but remote access has not been verified.
Review the switch log for additional errors. Onboarding can be attempted again. Contact support if this error does not resolve.
Dashboard Error Messages
It’s taking longer than usual to confirm your device is ready. Onboarding will continue in the cloud. Please check your dashboard later.
The onboarding process on the switch has been completed, but additional back-end processing in the cloud is required. The switch should be available in the dashboard after 15 minutes. If it does not appear after one hour, attempt onboarding again or contact support.
Known Issues/Caveats for Onboarding
AAA/TACACS
-
Configuration of “aaa new-model” must be implemented in configuration prior to running onboarding. This will not be added automatically by the onboarding tool in order to prevent unexpected changes in the authentication process on the network.
-
RADIUS authentication is not currently supported (yields error 'Device auth mode is not supported')
-
For authorization only (not authentication), local must be first in the list to allow the local Meraki user to have sufficient permissions to establish the tunnel and connect.
-
This change will be presented for review prior to application in the onboarding tool
-
If command authorization is used (via "aaa authorization commands <level> ..."), authorization commands will be added to the cloud connection VTY line:authorization commands <level>MERAKI, where <level> is 0-15 inclusive.
-
HTTPS proxy
-
HTTPS proxies that perform TLS decryption are not currently supported. Both the onboarding tool and the switches enabled for cloud monitoring require direct access to the respective resources on TCP 443. For more detail, review the Cloud Monitoring Overview andFAQ.
Cisco DNA Center deployments
-
Cloud monitoring is not currently supported on switches attached to a Cisco DNA Center appliance. The additional telemetry feeds required for cloud monitoring may conflict with those needed for DNA Center. The onboarding tool will not prevent switches attached to DNA Center from being added for cloud monitoring. However, this configuration has not been fully tested and is not officially supported at this time.
Stealthwatch or other pre-existing NetFlow destination
-
To avoid conflicts or issues when onboarding a switch that has a pre-existing NetFlow configuration, the cloud monitoring NetFlow configuration will not be applied to the device. This means that traffic and application data will not be available in the dashboard.
Onboarding configuration changes
Once the tunnel is established, the cloud back end adds additional configuration to the switch to receive telemetry information. This process occurs automatically and does not require user intervention.
An example of the added IOS-XE configuration is:
! Clean up pre-existing configurationno crypto tls-tunnel MERAKI-PRIMARYno crypto pki trustpoint MERAKI_TLSGW_CAyesno interface Loopback55yes! Removing existing Line VTY Using Same Rotaryno line vty 16 17! Certificates to trust for Cloud Connectivitycrypto pki trustpoint MERAKI_TLSGW_CAenrollment terminalcrypto pki authenticate MERAKI_TLSGW_CA-----BEGIN CERTIFICATE-----ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697EA7sKPPcw7+uvTPyLNhBzPvOk…-----END CERTIFICATE-----quityes! Set trustpoint storage location and turn off certificate revocation checkcrypto pki trustpoint MERAKI_TLSGW_CA enrollment url flash://MERAKI_TLSGW_CA revocation-check none! Create Loopback interface for TLS tunnel overlayinterface Loopback55description Meraki TLS Connectionexit! Enable routing (required for Netconf)ip routingip route 18.232.x.x 255.255.255.255 Null 0! Create local auth groupaaa authentication login MERAKI_VTY_AUTH_N localaaa authorization exec MERAKI_VTY_AUTH_Z local! Create ACL for cloud SSH ingressip access-list extended MERAKI_VTY_IN10 permit tcp host 18.232.x.x any eq 222220 deny tcp any any! Create ACL for cloud telemetry egressip access-list extended MERAKI_VTY_OUT10 permit tcp any host 18.232.x.x eq 202220 deny tcp any any! Enable SSH to VTY linesline vty 16 17 access-class MERAKI_VTY_IN in access-class MERAKI_VTY_OUT out authorization exec MERAKI_VTY_AUTH_Z login authentication MERAKI_VTY_AUTH_N rotary 50 transport input ssh exit! Configure SSH v2 with publickey authenticationip ssh version 2ip ssh server algorithm authentication publickey password keyboardip ssh port 2222 rotary 50! Configure a user for SSH and Netconf accessusername meraki-user privilege 15 secret 9 $9$1XUfj8vd…ip ssh pubkey-chainusername meraki-userkey-stringAAAAB3N…exitexitexit! enable NETCONF YANG globallynetconf-yang! enable LLDP for non-CDP network discoverylldp run! Configure a TLS tunnel for Cloud Connectivity! Using GigabitEthernet1/0/1 as the preferred source based on the current default routecrypto tls-tunnel MERAKI-PRIMARY server url us.tlsgw.meraki.com port 443 overlay interface Loopback55 local-interface GigabitEthernet1/0/1 priority 1 pki trustpoint CISCO_IDEVID_SUDI sign pki trustpoint MERAKI_TLSGW_CA verify no shutexit
Example of full change in configuration following onboarding:
aaa authentication login MERAKI local aaa authorization exec default local aaa authorization exec MERAKI local ! ! ! aaa session-id common ! ip routing ! device-tracking policy MERAKI_POLICY security-level glean no protocol udp tracking enable ! ! flow record MERAKI_AVC_HTTP_SSL_IPV4 match application name match connection client ipv4 address match connection server ipv4 address match connection server transport port match flow observation point match ipv4 protocol match ipv4 version collect application http host collect application ssl common-name collect connection client counter bytes network long collect connection client counter packets long collect connection initiator collect connection new-connections collect connection server counter bytes network long collect connection server counter packets long collect datalink mac source address input collect datalink mac source address output collect flow direction collect timestamp absolute first collect timestamp absolute last ! ! flow exporter MERAKI_AVC destination local file-export default export-protocol ipfix option interface-table timeout 300 option application-table option application-attributes ! ! flow monitor MERAKI_AVC_IPV4 exporter MERAKI_AVC cache timeout inactive 60 cache timeout active 300 cache entries 65536 record MERAKI_AVC_HTTP_SSL_IPV4 ! flow file-export default destination 18.232.x.x transport http dest-port 18088 upfile max-size 10 file max-count 2 file max-create-interval 5 crypto pki trustpoint MERAKI_TLSGW_CA enrollment url flash://MERAKI_TLSGW_CA revocation-check none quit crypto pki certificate chain MERAKI_TLSGW_CA certificate ca 06D8D904D5584346F68A2FA754227EC4 308204BE 308203A6 A0030201 02021006 D8D904D5 584346F6 8A2FA 0D06092A 864886F7 0D01010B 05003061 310B3009 06035504 06130 13060355 040A130C 44696769 43657274 20496E63 31193017 06035... quit ! username meraki-user privilege 15 secret 9 $9$lQXSZ...$lldp run ! ! ! crypto tls-tunnel MERAKI-PRIMARY server url us.tlsgw.meraki.com port 443 overlay interface Loopback1000 local-interface GigabitEthernet1/0/1 priority 1 pki trustpoint CISCO_IDEVID_SUDI sign pki trustpoint MERAKI_TLSGW_CA verify interface Loopback1000 description Meraki TLS Connection ip address 20.0.x.x 255.255.255.255 ! device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output ! device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output ! device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY |ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output ! device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY | ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output ! device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output device-tracking attach-policy MERAKI_POLICY ip flow monitor MERAKI_AVC_IPV4 input ip flow monitor MERAKI_AVC_IPV4 output ip route 18.232.x.x 255.255.255.255 Null0 ip ssh port 2222 rotary 50 ip ssh version 2 ip ssh pubkey-chain username meraki-user key-hash ssh-rsa 8CDF9A4C836A3D74673... ip ssh server algorithm authentication publickey password key! ip access-list extended MERAKI_VTY_IN 10 permit tcp host 18.232.x.x any eq 2222 20 deny tcp any any ip access-list extended MERAKI_VTY_OUT 10 permit tcp any host 18.232.x.x eq 2022 20 deny tcp any any logging host 18.232.x.x ! snmp-server enable traps smart-license snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server host 18.232.x.x version 2c public ! > login local > login localline vty 16 17 access-class MERAKI_VTY_IN in access-class MERAKI_VTY_OUT out rotary 50 transport input ssh line vty 18 19 access-class MERAKI_VTY_IN in access-class MERAKI_VTY_OUT out authorization exec MERAKI login authentication MERAKI rotary 50 transport input ssh ! netconf-yang telemetry ietf subscription 1001 encoding encode-tdl filter tdl-uri /services;serviceName=sman_oper/control_procestream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1002 encoding encode-tdl filter tdl-transform MERAKI_INTF_STATS_DELTA stream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1003 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_dstream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1004 encoding encode-tdl filter nested-uri /services;serviceName=sman_oper/control_prstream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1007 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/platform_compostream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1011 encoding encode-tdl filter tdl-uri /services;serviceName=smevent/sessionevent stream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1012 encoding encode-tdl filter tdl-uri /services;serviceName=sessmgr_oper/session_costream native update-policy periodic 360000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1013 encoding encode-tdl filter tdl-uri /services;serviceName=iosevent/sisf_mac_oper_stream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1014 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/sisf_db_wired_stream native update-policy periodic 360000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1015 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/poe_port_detaistream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1016 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/poe_module stream native update-policy periodic 60000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1018 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/cdp_neighbor_dstream native update-policy periodic 360000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1020 encoding encode-tdl filter tdl-uri /services;serviceName=stkmevent/stkmevent stream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1021 encoding encode-tdl filter tdl-uri /services;serviceName=ios_oper/switch_oper_instream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1030 encoding encode-tdl filter tdl-uri /services;serviceName=iosevent/platform_compostream native update-policy on-change receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 1031 encoding encode-tdl filter tdl-uri /services;serviceName=ios_emul_oper/entity_instream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry ietf subscription 2002 encoding encode-tdl filter tdl-transform MERAKI_PORTCHANNEL_STATS_DELTA stream native update-policy periodic 30000 receiver ip address 18.232.x.x 25103 protocol cloud-natitelemetry transform MERAKI_INTF_STATS_DELTA input table tbl_interfaces_state field ipv4 field name field speed field if_index field description field oper_status field admin_status field phys_address field interface_type field statistics.rx_pps field statistics.tx_pps field statistics.in_octets field statistics.out_errors field ether_state.media_type field statistics.in_errors_64 field statistics.out_discards field statistics.in_crc_errors field statistics.out_octets_64 field intf_ext_state.error_type field statistics.in_discards_64 field statistics.in_unicast_pkts field statistics.out_unicast_pkts field ether_stats.in_jabber_frames field statistics.in_broadcast_pkts field statistics.in_multicast_pkts field statistics.out_broadcast_pkts field statistics.out_multicast_pkts field ether_stats.in_fragment_frames field ether_stats.in_oversize_frames field ether_stats.in_mac_pause_frames field statistics.in_unknown_protos_64 field ether_stats.out_mac_pause_frames field intf_ext_state.port_error_reason field ether_state.negotiated_port_speed field ether_state.negotiated_duplex_mode field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 field ether_stats.dot3_counters.dot3_error_counters_v2.dot3 join-key name logical-op and type mandatory uri /services;serviceName=ios_emul_oper/interface operation 1 output-field 1 field tbl_interfaces_state.name output-field 2 field tbl_interfaces_state.if_index output-field 3 field tbl_interfaces_state.interface_type output-field 4 field tbl_interfaces_state.description output-field 5 field tbl_interfaces_state.admin_status output-field 6 field tbl_interfaces_state.oper_status output-field 7 field tbl_interfaces_state.speed output-field 8 field tbl_interfaces_state.ipv4 output-field 9 field tbl_interfaces_state.phys_address output-field 10 field tbl_interfaces_state.statistics.in_unknown_protos_64 output-field 11 field tbl_interfaces_state.statistics.in_octets output-field 12 field tbl_interfaces_state.statistics.out_octets_64 output-field 13 field tbl_interfaces_state.statistics.in_errors_64 output-field 14 field tbl_interfaces_state.statistics.out_errors output-field 15 field tbl_interfaces_state.statistics.in_unicast_pkts output-field 16 field tbl_interfaces_state.statistics.out_unicast_pkts output-field 17 field tbl_interfaces_state.statistics.in_multicast_pkts output-field 18 field tbl_interfaces_state.statistics.out_multicast_pkts output-field 19 field tbl_interfaces_state.statistics.in_broadcast_pkts output-field 20 field tbl_interfaces_state.statistics.out_broadcast_pkts output-field 21 field tbl_interfaces_state.statistics.in_discards_64 output-field 22 field tbl_interfaces_state.statistics.out_discards output-field 23 field tbl_interfaces_state.statistics.tx_pps output-field 24 field tbl_interfaces_state.statistics.rx_pps output-field 25 field tbl_interfaces_state.ether_state.media_type output-field 26 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 27 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 28 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 29 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 30 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 31 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 32 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 33 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 34 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 35 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 36 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 37 field tbl_interfaces_state.ether_stats.dot3_counters.dot3_ output-field 38 field tbl_interfaces_state.ether_stats.in_mac_pause_frames output-field 39 field tbl_interfaces_state.ether_stats.out_mac_pause_frame output-field 40 field tbl_interfaces_state.ether_stats.in_oversize_frames output-field 41 field tbl_interfaces_state.ether_stats.in_jabber_frames output-field 42 field tbl_interfaces_state.ether_stats.in_fragment_frames output-field 43 field tbl_interfaces_state.ether_state.negotiated_duplex_m output-field 44 field tbl_interfaces_state.ether_state.negotiated_port_spe output-field 45 field tbl_interfaces_state.statistics.in_crc_errors output-field 46 field tbl_interfaces_state.intf_ext_state.error_type output-field 47 field tbl_interfaces_state.intf_ext_state.port_error_reasospecified telemetry transform MERAKI_PORTCHANNEL_STATS_DELTA input table tbl_interfaces_state field ipv4 field name field speed field if_index field description field oper_status field admin_status field phys_address field interface_type field interface_class field statistics.rx_pps field statistics.tx_pps field statistics.in_octets field statistics.out_errors field statistics.in_errors_64 field statistics.out_discards field statistics.out_octets_64 field statistics.in_discards_64 field statistics.in_unicast_pkts field statistics.out_unicast_pkts field statistics.in_broadcast_pkts field statistics.in_multicast_pkts field statistics.out_broadcast_pkts field statistics.out_multicast_pkts field statistics.in_unknown_protos_64 join-key name logical-op and type mandatory uri /services;serviceName=ios_emul_oper/interface operation 1 filter 1 condition operator eq condition value INTF_CLASS_UNSPECIFIED field tbl_interfaces_state.interface_class logical-op and logical-op next and filter 2 event on-change field tbl_interfaces_state.name logical-op next or logical-op or output-field 1 field tbl_interfaces_state.name output-field 2 field tbl_interfaces_state.if_index output-field 3 field tbl_interfaces_state.interface_type output-field 4 field tbl_interfaces_state.description output-field 5 field tbl_interfaces_state.admin_status output-field 6 field tbl_interfaces_state.oper_status output-field 7 field tbl_interfaces_state.speed output-field 8 field tbl_interfaces_state.ipv4 output-field 9 field tbl_interfaces_state.phys_address output-field 10 field tbl_interfaces_state.statistics.in_unknown_protos_64 output-field 11 field tbl_interfaces_state.statistics.in_octets output-field 12 field tbl_interfaces_state.statistics.out_octets_64 output-field 13 field tbl_interfaces_state.statistics.in_errors_64 output-field 14 field tbl_interfaces_state.statistics.out_errors output-field 15 field tbl_interfaces_state.statistics.in_unicast_pkts output-field 16 field tbl_interfaces_state.statistics.out_unicast_pkts output-field 17 field tbl_interfaces_state.statistics.in_multicast_pkts output-field 18 field tbl_interfaces_state.statistics.out_multicast_pkts output-field 19 field tbl_interfaces_state.statistics.in_broadcast_pkts output-field 20 field tbl_interfaces_state.statistics.out_broadcast_pkts output-field 21 field tbl_interfaces_state.statistics.in_discards_64 output-field 22 field tbl_interfaces_state.statistics.out_discards output-field 23 field tbl_interfaces_state.statistics.tx_pps output-field 24 field tbl_interfaces_state.statistics.rx_pps specified
