Managing Organizations

Cisco MSX provides the ability to manage organizations.

You can attach one or more organizations to the tenant's control plane. Organization implies a collection of networks that are part of a single organizational entity. These networks, in turn, can have multiple devices.


Note

  • For managing organizations, you need the appropriate permissions. For more information, see Cisco Managed Services Accelerator (MSX) 4.3 Platform and Service Pack Permissions Addendum.

  • Only user roles with Meraki Organization (View) permission under Meraki Service category along with platform permissions can attach, edit, and detach organizations within Cisco MSX.

  • Only user roles with Meraki Cross Launch (View) permission under Meraki Service category can can cross-launch to Meraki dashboard. Meraki Cross Launch allows you to view organization, networks, and device in Meraki.

For more information on these APIs, refer the Swagger documentation that can be accessed from Cisco MSX portal > Account Settings > Swagger > Meraki Service API.

Attaching Organizations

To attach oragnizations in Cisco MSX:

Procedure

Step 1

Log in to the Cisco MSX portal using your credential.

Step 2

From the left pane, choose Tenant Workspace > Settings > Meraki Organizations.

The Meraki Organization page is dispalyed.

Step 3

Click Attach Organizations.

The Attach Meraki Organizations dialog box is displayed.
Step 4

Click Get Started.

Step 5

Enter the Meraki API Access Key on the Connect to Meraki page.

Use the eye icon to view and validate the API key.

Note 

You can get the Meraki access key by logging in to the Meraki dashboard. Click User > My Profile > Generate New API Access Key to generate a new key.

Step 6

Click > to move to the next page.

Step 7

On the Select Meraki Organization page, select upto five organizations to attach to your Meraki control plane. The drop-down lists the available organizations for the access key you had provided in the previous step. In case you want to attach more than five organizations, you can do so at the end of this process by selecting Attach Another Organization option.

Step 8

Click > to move to the next window and initiate the attaching process. You can close the window or click Attach Another Organization to add more organizations to the control plane.

All the organizations added to the tenant's control plane is displayed in Tenant Workspace > Settings > Meraki Organizations.

Editing and Detaching Organizations

To edit or detach an attached organization in Cisco MSX:

Procedure

Step 1

Log in to the Cisco MSX portal using your credential.

Step 2

From the left pane, choose Tenant Workspace > Settings > Meraki Organizations.

The Meraki Organization page is displayed with the list of organizations that were added to the tenant's control plane.

Step 3

Select a row and click on the ellipsis (...) and choose Edit Access Key to edit the Organization details that were provided while attaching the organization to your tenant's control plane.

Step 4

On the Edit Access Key dialog box, click Meraki API Access Key field to clear the previous key and enter a new key and click Save. Click Cancel to retain the old key.

Detaching Organizations:

If you want to detach or disassociate an organization from a tenants control plane, click on the ellipsis (...) and choose Detach.

Note 

When you detach an organization, the organization is removed from MSX only, however, it is still available in Meraki.

Managing Networks

A network is a logical container of multiple devices that can be created for a site and can be a combination of different device models. Cisco MSX provides the ability to manage networks.


Note

For more information on these APIs, refer the Swagger documentation that can be accessed from Cisco MSX portal > Account Settings > Swagger > Meraki Service API.

Creating Networks

To create a network in Cisco MSX :

Before you begin

Make sure you have an organization attached within Cisco MSX. For more information, see Attaching Organizations.

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Sites.

The list of sites associated with a tenant is displayed.
Step 3

Select any one of the sites to view the detailed site status.

This page lists all the site metrics along with status of the selected site.
Step 4

Under the Managed Device section on the page, click + > Create New Meraki Networks to associate a new network to the selected site.

The Create New Meraki Network wizard is displayed to set up networks to manage multiple devices.

Step 5

Click Get Started.

The Meraki Network Information dialog box is displayed.

Step 6

Enter the following details on the Meraki Network Information page.

  • Network name: Specify a name for your new network.

  • Organization: Choose the organization that you want to associate your network to from the drop-down list.

  • Meraki Network Tags: This field displays all the tags currently available in Meraki. You can also add new tags. Type a new tag and click on the Add New option that appears as you type a new tag to save the new tag.

Step 7

Click > to move to the Select Network Type page.

Step 8

In the Select Network Type page, choose the type of Meraki devices (Wireless, Switch, Appliance) that will be managed in this new network. Choose the Combined option to add different device types to your network.
Step 9

Click > to move to the Select Initial Configuration for Network page.

Step 10

Set up a network. Choose from one of the following options to setup the network configurations:

  • No Configurations: Create a network without any template configurations, but later you can attach a configuration template to this network.

  • Clone from Network: Create a network with configuration settings copied from an existing network to a new network. On the Select Meraki Network to Clone page, select a network from the list of available networks from where the configuration settings must be copied. The network list shown depends on the network type you chose in Step 8. The network list can be narrowed down by searching with specific tags in the Meraki Network Tags field. After cloning, any configuration changes made to the source network are not inherited into the new network.

  • Clone from Template: Create a network with configuration copied from an existing template into a new network. On the Select Meraki Template to Clone page, select the template from the Template Name drop-down list from where the configuration must be copied. The options shown in the drop-down depends on the network type you chose in Step 8. After cloning, any configuration changes made to the source network are not inherited into the new network.

  • Attach to Template: Create a network and then associate it to an existing template. On the Select Meraki Template to Attach page, select a template from the Template Name drop-down list to which the network can be attached. The options shown in the drop-down depends on the network type you chose in Step 8. If you use this option, any changes in the source template are automatically applied to all the associated networks.

Step 11

Click > to move to the Review and Submit page.

Step 12

Review the details and click Submit to complete the process.

Viewing Meraki Networks for a Site

Cisco MSX Managed Device service pack provides the capability to monitor the site status and the networks associated to the sites.

To view the site details:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Sites.

The list of sites associated with a tenant is displayed.
Step 3

Select any one of the sites to view the detailed site status.

This page lists all the site metrics along with status of the selected site.

Under the Managed Device section of the page, you can view the list of Meraki network assigned to this site.

Assigning Meraki Network to a Site

A Meraki network must be assigned to a site in the following cases:

  • When a control plane is attached, and you want to plot network to different site locations.

  • When a site is deleted, the network gets unmapped, and you want to assign this network with a site.

  • When you want to assign Meraki devices to a site.


Note

In a single assign operation, you can assign up to 5 networks to a site that can be managed separately.

Using this procedure, you can assign networks from an organization at a time. However, if you wish to assign sites from more organizations, you must repeat this procedure. To assign a network to a site:

Before you begin

Assign one or more organizations to the tenant's control plane. For more information, see Attaching Organizations.

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Sites.

The list of sites assigned with a tenant is displayed.
Step 3

Select any one of the sites to view the detailed site status.

This page lists all the site metrics along with status of the selected site.
Step 4

Under the Managed Device section on the page, click + > Assign Meraki Network to assign networks already available in a Meraki organization to a selected site.

The Assign Meraki Network to Site wizard is displayed to assign networks to a site.

Step 5

Click Get Started.

The Select Meraki Network dialog box is displayed.

Step 6

Select an organization to which the network needs to be assigned, and select one or more available networks for a site. Narrow down the networks using network name and network type.

Step 7

Click > to move to the Review and Submit page.

Step 8

Review the details and click Submit to complete the process.

Under the Managed Device section of the page, you can view the list of Meraki network assigned to the site. The Tenant Workspace > Site tab will also list the devices assigned for a Meraki network.

Unassigning a Network from a Site

You can use the unassign option to disassociate a network and later assign it to another site.

From the Managed Device section of the Site Details page, select a Meraki network row, click on the ellipsis (...), and choose Unassign Network. This will remove the networks and devices attached to the site.

Note 

Unassign is only from Cisco MSX, the network remains in Meraki for the organization.

Synchronizing Meraki Data Entities

In Cisco MSX, you can synchorinze Meraki details into Cisco MSX at:

  • Organization-level: Use the Sync with Meraki option in Tenant > Setting > Organization to sync various entities, such as networks, devices, tags, policies available within an Organization.

  • Network-level: Using the APIs in the Meraki-Control-Plane-Controller section of Meraki Service APIs, you can do the following:

    • Schedule a task to synchronize Meraki control plane entities. Use the POST /meraki/api/v1/controlplanes/{controlPlaneId}/schedulesync to periodically synchronize these entities. Specify networkIDs to schedule synchronization for a specific network; otherwise, Cisco MSX synchronizes entities from all networks.

    • Schedule a task to synchronize all Meraki control plane entities. Use the POST /meraki/api/v1/controlplanes/{controlPlaneID}/synchronize to synchronize these entities.


      Note

      This API synchronizes entities from all networks. To specify a particular network ID, use the schedulesync API.

Note

  • Only users with Meraki Synchronization (Manage) permission under Meraki Service section can perform the sychronization within Cisco MSX.

  • For more information on these APIs, refer the Swagger documentation that can be accessed from Cisco MSX portal > Account Settings > Swagger > Meraki Service API.

  • Before synchronizing the devices on Cisco MSX, if the Meraki devices do not have a location set, then MSX by default, will assign all networks and devices to a single site with latitude or longitude mapping to "2409 Leghorn Street, Mountain View".

Editing or Deleting a Network

To edit and delete a Meraki network:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Sites.

The list of sites associated with a tenant is displayed.
Step 3

Select any one of the sites to view the detailed site status.

This page lists all the site metrics along with status of the selected site.

Under the Managed Device section of the page, you can view the list of Meraki network assigned to this site.

Step 4

Select a network, and click on the ellipsis (…) and select Edit Networkto edit the network details. You can add or edit the existing network tags, and also change template for a network using the Edit Meraki Network dialog box.

Deleting the Network:

Click on the ellipsis (…) and select Delete to delete the selected network.

Deleting the network completely removes the network from Meraki organization. If there are any devices associated to the network, it places them in the Meraki inventory for other networks.

Managing Configurations

Cisco MSX provides the ability to create configurations and deploy them across Meraki networks or switch ports using the pre-defined out-of-the-box templates that are available within the Cisco MSX. For more information on these templates, see Meraki Feature Templates.


Note

  • For managing configurations, you need the appropriate permissions. For more information, see Cisco Managed Services Accelerator (MSX) 4.3 Platform and Service Pack Permissions Addendum.

  • Only user roles with Configurations (Manage) permission under Integrations, Settings, and Logs category can manage the Meraki configurations from Cisco MSX. Users with the (View) permission can only view the configurations.

  • To apply configuration changes to the Meraki network, ensure that the networks are not bound to any Meraki configuration template.

Creating Configurations

Cisco MSX provides feature templates to create new configurations and apply them to Meraki entities within tenant hierarchy. Feature template provides a predefined set of feature properties and attributes values for easy and quick configurations of networks and the switch ports. Once the new configurations are created and tagged appropriately, you can apply these configurations to ports or networks across a tenant hierarchy that uses the same tags. For more information on these templates, see Meraki Feature Templates .

To create a new Meraki configuration using out-of-the-box feature templates available within Cisco MSX, do the following:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Service Controls.

Step 3

Select Meraki Configuration Management to create new configurations.

Step 4

On the Meraki Configuration Management page, click + or New Configuration option to create a new Meraki configuration.

The Create Configurationwizard is displayed.

Step 5

Click Get Started.

The Add Configuration Information window is displayed.

Step 6

Enter the following details:

  • Enter a unique name for the new configuration and its description.

  • Select a feature template depending on the type of configurations to be created. For more information on types of feature templates available within Cisco MSX, see Meraki Feature Templates.

  • Select one or more tags that categorize entities based on common criteria, such as region or departments. Tag choices are dependant on the type of feature template that was selected in the previous step. Examples of Tags in a School system can be Classroom, Auditorium, and so on. The configurations are applied only to the target entities that use all the specified tags. However, we recommend using only one tag for configuration management.

    Note 

    If no tags are displayed, make sure of the following:

    • A Meraki organization is attached to the Cisco MSX instance. For more information, see Attaching Organizations

    • The target entities are configured with tags outside of Cisco MSX. For example, for Meraki the Switch Ports can be configured with tags using the Meraki dashboard.

Step 7

Click > to move to the Enter Configuration page.

Step 8

Enter the values based on the template that was selected to create the new configuration. Some of the fields on the Enter Configuration page require additional settings. For more information, see Meraki Feature Templates.

Note 

  • Using the lock button, a parent or the top-level tenant can lock the fields so that the subtenants cannot modify or override values for the locked fields. The locked values are the same across all the subtenants. If fields are not locked, then the subtenant can customize and lock them for their subtenants.

  • The configurations defined at the parent level apply to all subtenants that use the same tag as the parent. When a subtenant creates a configuration using the same feature template and tag as the parent, they see the values set by the parents. If the subtenant chooses a different tag combination during configuration creation, the configuration does not show the parent-level values.

Step 9

Click > to move to the Review and Save page.

Step 10

Review the details and click Submit to complete the process.

On the Meraki Configuration Management page, you can view the new configuration, and apply only one configuration at a time to a destination target.

Editing Configurations

To edit Meraki configurations:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Service Controls.

Step 3

Select Meraki Configuration Management to edit new Meraki configurations. You cannot edit when a configuration application is in-progress.

The Meraki Configuration Management page lists configurations that were created and saved.

Step 4

Select a configuration and click on the ellipsis (…) > Edit Configuration.

The Edit Configuration window is displayed.

Step 5

Edit to modify an existing configurations. These configurations apply to tenants that use the same tags. If locked, tenants would not be able to modify these values.

During edit configuration, if locked, you can only view values, however, you cannot add new rows, or change orders.

During edit configuration, if unlocked, you can add or remove rows, change orders, and further lock values for the next set of tenants.

Step 6

Click > to move to the Review and Save page.

Step 7

Review the details and click Submit to complete the process.

Under the Meraki Configuration Management page, you can view the edited configuration, and apply these configurations to a destination target. There can be many targets.

Note 

  • To delete a configuration:

    On the Meraki Configuration Management page, select a configuration, and click the ellipsis (...), and choose Remove Configuration.

  • You cannot delete a configuration while a configuration application is in-progress. While deleting a configuration, the configuration is removed only from Cisco MSX, however, the previously applied configurations in the targets are not impacted. Delete configuration removes the configuration and its deployment history.

Applying Configurations

After creating and tagging the configurations appropriately, you can use these parameters to apply configurations on similarly tagged target entities, such as switch ports. These configurations also include the custom choices. For example, DSCP, Access Policy, Group Policy, and Adaptive Policy are custom choices displayed for various template configurations. These custom choices are synchronized from organizations and networks and displayed based on the tenant hierarchy.

To apply a new configuration:

Before you begin

Make sure the entities where the configurations have to be applied are pre-configured with tags outside of Cisco MSX. For example, for Meraki, the Switch Ports can be tagged from the Meraki Dashboard. For more information, see Manage Tags in Meraki Documentation.

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, choose Tenant Workspace > Service Controls > Meraki Configuration Management tile.

Step 3

On the Meraki Configuration Management page, select a configuration, and click the ellipsis (...), and choose Apply Configuration.

Figure 1. Apply Configuration

Step 4

Click Apply Configuration to deploy the configuration on entities that use similar tags across a tenant hierarchy.

Step 5

To track the status of the deployment, from the Meraki Configuration Management page, click on the clock icon on the top right side and choose Deployment Activity.

  • The Deployment Activity page displays the Status of applied configurations for entities that used similar tag(s). You can filter the list by Status or sort this list in a particular order.

  • The Applied By column on the Deployment Activity page displays the user id that initiated the configuration.

Figure 2. Deployment Activity Page

On the Deployment Activity page, select a configuration, and click the ellipsis (...), and choose View Deployment Details to view the deployment details. You can view the target name, description, tenant name, and time on the Deployment Activity page.

Figure 3. Deployment Details

  • You can view the current deployment values applied for each deployment from the Deployment History page.

Note 

If there is a failure scenario during the applying process, it may be because specific values for the custom choices could not be applied. This scenario may require an additional setup from the Meraki dashboard to enable the missing options, and then retry it from Cisco MSX on the Deployment Details window. The errors can happen in both hierarchy and non-hierarchy setups.

Meraki Feature Templates

The following section details the various feature templates available within Cisco MSX for managing Meraki configurations.
Feature Template Description
Switch Port Use the Switch Port template to turn on/off the ports. You can have the ports enabled and the storm control enabled. Storm control is not applicable to all the devices.

When you select the Switch Port template, the tags option displays only the switch port tags.

The following are important notes for the Storm Control field that is displayed on the Enter Configuration page:

  • Storm control configuration options for enhanced storm control are supported only on MS Series switches; MS210, MS225, MS250, MS350, MS355, MS390, MS400 series switches with firmware MS10.0 and higher.

  • For storm control functionality to work on Cisco MSX, it must be enabled on a network from the Meraki dashboard. For more information, see Cisco Meraki documentation.

Switch Port with Adaptive Policy

  • Use the Switch Port with Adaptive Policy template if you wish to apply adaptive policies on MS390 devices. You must first configure adaptive policies on the Meraki dashboard for using these policies from MSX. For more information, see Cisco Meraki documentation.

  • Use these templates to create configurations with which you can turn ports on/off, enable spanning tree (RSTP), define port types (access/trunk), and specify VLANs (data and voice).

  • On the Enter Configuration page, from the Adaptive Policy Group Name field, choose from the list of adaptive policy groups available from multiple organizations and apply these configurations to MS390 devices across organizations that use the same tags. To use adpative policy template for other devices, choose Not Applicable

  • When you select the Switch Port with Adaptive Policy template, the tags option displays only the switch port tags.

Switch Port with Access Policy

Use the Switch Port with Access Policy template to configure policies that will prevent unauthorized devices from connecting to the network. These access policies are typically applied to ports at network level. For more information, see Cisco Meraki documentation.

The access policy shows up with Access Type is set to Access. Access policies need to be pre-configured and synced to Cisco MSX when you sync the organization or network.

When you select the Switch Port with Access Policy template, the tags option displays only the switch port tags.

Switch QoS Rules

Use the Switch QoS Rules template to create and apply QoS configuration to prioritize traffic within a network. Cisco MSX supports complex arrays that you can use to change and maintain the QoS ordering. You can choose VLAN, protocol, source, destination port type, and Differentiated Services Code Point (DSCP) tags to specify the Class-of-Service (CoS) queue for the switches. For more information on these fields, see Cisco Meraki documentation.

DSCP choice options come from Meraki and synced to Cisco MSX based on each tenant level. On the Enter Configuration page, from the Protocols field, choose TCP or UDP from the choices. When you select TCP or UDP, you get the following other choices of port ranges—Source Port Type, Destination Port Type, Source Port, and Destination Port.

You can either select Single Port or Port Range. If you select the source port type as: Port Range, then the Source Port field changes to Source Port Range where you can enter values between 10-70. You can enter 70 for the Destination Port field.

You can also lock the features so that the child tenants cannot change values for locked features.

Identity Pre-Shared Key (PSK) Authentication without Radius

Use the Identity PSK Authentication without Radius template to configure multiple PSKs for a single SSID without the use of a RADIUS server. Typically if you want to connect to a particular SSID, you need to use a particular password to connect. Meraki has a special case where you can configure multiple passphrases for the same SSID, and for each passphrase you can assign a specific group. Meraki allows you to add upto 50 PSKs. For more information, see Cisco Meraki documentation.

When you select the Identity PSK Authentication without Radius template, the tags option displays only the SSID names tags that is present across that hierarchy level.

Note 

  • Modifying or removing the PSK causes clients to disconnect using that specific PSK only. Other wireless clients using a different PSK will still be connected without any issues. Similarly, adding a new PSK has no impact on the existing client devices connected to the SSID.

  • Group Policy choice options comes from Meraki and synced to Cisco MSX based on each tenant level.