Support Store Sign In
Overview
System
Network
Services
Identities
Policies
Billing
Archives
Instruments
Installation
Lab Manual
Portal Customization
RESTful API
Miscellaneous
View as one page

Meraki MS Switches

Cisco Meraki MS switches are cloud-managed enterprise switches providing simplified network management through the Meraki Dashboard. The rXg integrates with Meraki switches via the Meraki Dashboard API, enabling configuration synchronization, VLAN management, and 802.1X/MAB authentication through Access Policies.

Supported Models

Model/Series Notes
MS120 Series Cloud-managed access switches
MS125 Series Cloud-managed access switches with mGig
MS210 Series Cloud-managed aggregation switches
MS225 Series Cloud-managed aggregation switches
MS250 Series Cloud-managed aggregation switches
MS350 Series Cloud-managed aggregation switches
MS390 Series Cloud-managed stackable switches
MS410 Series Cloud-managed aggregation switches
MS425 Series Cloud-managed aggregation switches
MS450 Series Cloud-managed aggregation switches

All Meraki MS switches with Dashboard API access are supported.

Features Supported

Feature Supported Description
Config Sync Yes Configuration via Meraki Dashboard API with Action Batches
Auto Bootstrap No Cloud-managed; requires Meraki Dashboard setup first
SNMP Monitoring Yes Community string synced from Meraki Dashboard
Switch Port Import Yes Automatic import via API
Port Enable/Disable Yes Enable/disable ports via API
Port Names Yes Sync port names via API
PoE Control Yes Enable/disable PoE per port
802.1X Authentication Yes Via Access Policies with RADIUS
MAC Authentication Bypass (MAB) Yes Via Access Policies with RADIUS
Hybrid Authentication Yes Combined MAB + 802.1X via Access Policies
Dynamic VLAN Assignment Yes Via RADIUS with Access Policies
RADIUS CoA Support Yes Change of Authorization enabled on Access Policies
DHCP Snooping No Not supported via API
Firmware Management N/A Managed automatically by Meraki cloud
SPB-m Fabric No Not supported

Prerequisites

Licensing Requirements

  • Valid Meraki license for each switch
  • API access enabled in Meraki Dashboard
  • Enterprise or Advanced license recommended for full feature support

API Requirements

  • Meraki Dashboard API key with appropriate permissions
  • Organization ID (auto-detected from API key)
  • Network ID (auto-detected from device serial)

Network Requirements

  • Internet connectivity for cloud management
  • Switch must be online in Meraki Dashboard
  • HTTPS access to api.meraki.com (TCP port 443)
  • RADIUS connectivity (UDP ports 1812, 1813) - for 802.1X/MAB

Onboarding Process

Cloud-Based Onboarding

Meraki switches are managed through the Meraki Dashboard. The rXg integrates via the Dashboard API.

Prerequisites for Integration:

  1. Switch must be claimed and online in Meraki Dashboard
  2. API access enabled in Organization settings
  3. API key generated with appropriate permissions

Onboarding Process:

  1. Claim Switch in Meraki Dashboard:

    • Log into Meraki Dashboard
    • Navigate to Organization Inventory
    • Claim switch using serial number and order number

  2. Configure Network in Dashboard:

    • Create or select network for the switch
    • Assign switch to the network
    • Configure basic network settings

  3. Enable API Access:

    • Navigate to Organization Settings Dashboard API access
    • Enable API access
    • Generate API key (My Profile API access)

  4. Enable SNMP (Optional but Recommended):

    • Navigate to Network-wide General SNMP
    • Enable "Allow SNMP v1/2c"
    • Configure community string

  5. Add Switch to rXg:

    • Create switch record in Network::Wired::Switches
    • Enter switch serial number (as the identifier)
    • Enter API key as the password
    • Enter Organization ID in Domain Filter (optional, auto-detected)
    • Save and import ports

Bootstrap Configuration

The rXg displays a reminder for SNMP configuration:

Configure the SNMP Community in `Network Wide Settings` => `General` => `SNMP` => 'Allow SNMP v1/2c' and provide a community string

Configuration

Connection Settings

Configure the switch in the Network::Wired::Switches scaffold with:

  • Serial Number: Meraki switch serial number (required)
  • Password: Meraki Dashboard API key
  • Domain Filter: Organization ID (optional, auto-detected)
  • Host: Auto-populated with switch LAN IP from API
  • MAC Address: Auto-populated from API
  • SNMP Community: Auto-synced from Meraki Dashboard

RADIUS / AAA Configuration

When a RADIUS Server Option is active in rXg, the system automatically creates Access Policies in the Meraki Dashboard:

Access Policy Types Created:

Policy Name Authentication Type Description
rxg-<ip>-eap 802.1X Standard 802.1X EAP authentication
rxg-<ip>-mac MAC authentication bypass MAC-based authentication
rxg-<ip>-maceap Hybrid authentication MAB first, then 802.1X fallback

Access Policy Configuration:

  • RADIUS server: rXg IP address
  • RADIUS auth port: From RADIUS Server Option
  • RADIUS secret: From RADIUS Server Option
  • Host Mode: Single-Host
  • RADIUS CoA: Enabled
  • RADIUS Testing: Enabled
  • Increase Access Speed: Enabled (for Hybrid authentication only)

Note: Meraki Dashboard allows a maximum of 8 Access Policies per network.

Port Authentication Configuration

Ports are configured for authentication via Access Policies:

  • Open: No authentication (accessPolicyType: "Open")
  • Custom access policy: Use assigned Access Policy for authentication

VLAN Configuration

VLANs are automatically managed through Switch Port Profiles:

  • Access ports: Single untagged VLAN (type: access, vlan: <id>)
  • Trunk ports: Tagged VLANs with native VLAN (type: trunk, allowedVlans: <list>, vlan: <native>)

VLAN Format:

  • Trunk ports can use all for all VLANs or comma-separated list
  • VLAN ranges supported in format 100-200
  • Native VLAN defaults to 1 if not specified

Port Management

Port settings managed via API:

Setting API Field Description
Port Name name Descriptive name for the port
Enabled enabled Enable/disable port (true/false)
Port Type type access or trunk
Native VLAN vlan Untagged/native VLAN ID
Allowed VLANs allowedVlans Tagged VLANs for trunk ports
PoE poeEnabled Enable/disable Power over Ethernet
Access Policy accessPolicyNumber Access Policy for authentication

Monitoring Capabilities

Metric Collection Method Notes
Port Status API Connected/Disconnected state
Port Speed API Negotiated link speed
Port Enabled API Admin enabled/disabled state
Port Type API Access or trunk mode
VLAN Configuration API Current VLAN assignments
Device Info API Model, firmware, LAN IP, MAC
SNMP Community API Configured community string
Access Policies API Configured authentication policies

Note: The Meraki API does not provide real-time port statistics like traditional SNMP. Use SNMP monitoring with the community string from Dashboard for detailed statistics.

Action Batches

The rXg uses Meraki Action Batches for efficient configuration:

  • Batch Size: Up to 20 actions per synchronous batch
  • Concurrent Batches: Maximum 5 concurrent batches
  • Synchronous Mode: Waits for completion before proceeding

Action Batches are used for: - Port configuration updates - Access Policy creation - Bulk VLAN changes

Troubleshooting

Common Issues

Issue: API connection fails

Symptom: Unable to communicate with Meraki switch Cause: Invalid API key, network ID, or permissions Resolution: - Verify API key is valid and has not expired - Check API key has access to the organization - Verify switch is online in Dashboard - Check Organization ID if specified

Issue: 401 Unauthorized error

Symptom: Authentication failed during API calls Cause: Invalid or revoked API key Resolution: - Generate new API key in Meraki Dashboard - Update API key in rXg switch record - Verify API access is enabled for organization

Issue: 429 Too Many Requests error

Symptom: API calls being rate limited Cause: Exceeding Meraki API rate limits Resolution: - Reduce sync frequency - Use Action Batches for bulk changes - Wait for rate limit window to reset

Issue: Access Policy creation fails

Symptom: Cannot create authentication policies Cause: Maximum 8 Access Policies reached Resolution: - Remove unused Access Policies in Dashboard - Consolidate policies if possible - Verify rXg-created policies exist

Issue: Port configuration not applying

Symptom: Port settings in rXg don't match Dashboard Cause: Conflicting settings or validation errors Resolution: - Check Action Batch results for errors - Verify port type supports configuration - Ensure VLANs exist in Dashboard - Check for port-specific restrictions (stack ports excluded)

Issue: SNMP monitoring not working

Symptom: No SNMP statistics collected Cause: SNMP not enabled in Dashboard Resolution: - Enable SNMP v1/2c in Network-wide General SNMP - Configure community string - Wait for rXg to sync community string from API

Diagnostic Steps

Via Meraki Dashboard:

  1. Verify switch is online (green status)
  2. Check port status in Switch Ports
  3. Review Access Policies in Switch Access policies
  4. Check SNMP settings in Network-wide General

Via rXg:

  1. Check sync log for API errors
  2. Verify API key and serial number
  3. Review port import results
  4. Check Access Policy creation status

Known Limitations

  • Requires active Meraki license for switch operation
  • Maximum 8 Access Policies per network
  • No real-time port statistics via API (use SNMP)
  • No direct CLI access - all configuration via API
  • Stack ports automatically excluded from port list
  • Firmware managed by Meraki cloud (not configurable)
  • DHCP snooping not available via API
  • Some features require specific license tiers

Operational Caveats

  • Cloud Dependency: Meraki switches require internet connectivity to Meraki cloud for management. Local switching continues if cloud is unreachable, but configuration changes require connectivity.
  • API Rate Limits: Meraki enforces API rate limits. The rXg uses Action Batches to minimize API calls and respect limits.
  • Organization Auto-Detection: If Domain Filter (Organization ID) is not specified, the rXg uses the first organization associated with the API key.
  • Network Auto-Detection: Network ID is automatically determined from the switch serial number via device lookup.
  • LAN IP Sync: The switch's LAN IP is automatically synced to the Host field from the API response.
  • MAC Address Sync: The switch's MAC address is automatically synced from the API response.
  • SNMP Community Sync: The SNMP community string is automatically synced from Dashboard settings.
  • Access Policy Naming: rXg creates Access Policies with names in format rxg-<ip>-<type> for identification.
  • Port Speed: API reports port speed capability, not negotiated speed. Use SNMP for actual link speed.
  • Hybrid Authentication: The increaseAccessSpeed setting is required for Hybrid (maceap) authentication and automatically enabled.
  • RADIUS CoA: Change of Authorization is enabled on all rXg-created Access Policies for dynamic VLAN assignment.
  • Stack Ports: Stacking ports are automatically excluded from port management (identified by single link negotiation capability).

External References

About

RG Nets is the premium provider of gateways and centralized-authentication appliances designed to manage, provision, and protect revenue-generating networks. Our mission is to create tools that are so good, we would use our own money to buy them.

Company Links

Contact

316 California Ave.
Suite 331
Reno, NV 89509
+1 (408) 441 0100
[email protected]
Copyright 2026 RG Nets, Inc.
v2026.01-66-gc969c
Cookies help us deliver our services. By using our services, you agree to our use of cookies.