meraki-config-manager
Meraki Config Manager
This is the Meraki Config Manager source code. Using the Meraki Dashboard API and Flask, we have developed an application
that can provide a simple way to backup and restore Meraki settings into a file. This file can then be edited by network teams
to suit the needs of the Meraki network.
Contacts
- Josh Ingeniero (jingenie@cisco.com)
- Monica Acosta (moacosta@cisco.com)
Solution Components
- Python
- Flask
- Meraki Dashboard API
- Meraki MR Access Points
- Meraki MX Gateways
- Meraki MS Switches
Installation:
Clone the repo
$ git clone https://github.com/gve-sw/meraki-config-manager.git
Set up a Python venv
First make sure that you have Python 3 installed on your machine. We will then be using venv to create
an isolated environment with only the necessary packages.
Install virtualenv via pip
$ pip install virtualenv
Create a new venv
Change to your project folder
$ cd meraki-config-manager
Create the venv
$ virtualenv venv
Activate your venv
$ source venv/bin/activate
Install dependencies
$ pip install -r requirements.txt
Setup:
Meraki details :
You can deploy this prototype in a lab environment or on your own Meraki dashboard online
here.
To generate an API KEY, refer to the documentation here.
You will use this for getting an ORGANIZATION ID, and using this application.
You must select an organization to manage and use its ORGANIZATION ID. You may do so by using Meraki's Postman collection
here and GET the list of organizations,
or use Meraki's API Docs to generate a request here.
Fill in the details of your Meraki deployment in the DETAILS.py file
MERAKI_API_KEY = 'YOUR MERAKI API KEY' MERAKI_ORGANIZATION_ID = 'YOUR MERAKI ORG ID'
Usage:
Launch the config script. Make sure that you have your venv activated.
$ flask run --port=5000
Running
Launch your web browser and navigate to localhost:5000 or with your configured port.
You will be asked whether to backup or restore configs
Backup
The Backup Page will allow you to select the networks you would like to backup. These will then be saved as .json files in the configs folder of the app
Backup structure
After back up, data will be stored in data.json in the configs folder with the following JSON format
{
"mx_l7_firewall": {
"rules": [
{
"policy": "deny",
"type": "host",
"value": "yahoo.com"
},
{
"policy": "deny",
"type": "application",
"value": {
"id": "meraki:layer7/application/189",
"name": "Blizzard"
}
},
{
"policy": "deny",
"type": "applicationCategory",
"value": {
"id": "meraki:layer7/category/9",
"name": "Social web & photo sharing"
}
}
]
},
"mx_1_1_nat_rules": {
"rules": [
{
"name": "Testing",
"publicIp": "101.3.1.5",
"lanIp": "192.168.128.3",
"uplink": "internet1",
"allowedInbound": []
},
{
"name": "testing2",
"publicIp": "101.3.1.6",
"lanIp": "192.168.128.5",
"uplink": "internet1",
"allowedInbound": []
}
]
},
"wireless_settings": {
"meshingEnabled": true,
"ipv6BridgeEnabled": true,
"locationAnalyticsEnabled": true,
"ledLightsOn": true
},
"ssids": [
{
"number": 0,
"name": "Testing - wireless WiFi",
"enabled": true,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 1,
"name": "Testing 2 SSID 2",
"enabled": true,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 2,
"name": "testing 3 SSID 3",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 3,
"name": "new testing SSID 4",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 4,
"name": "Unconfigured SSID 5",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 5,
"name": "Unconfigured SSID 6",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 6,
"name": "Unconfigured SSID 7",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 7,
"name": "Unconfigured SSID 8",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 8,
"name": "Unconfigured SSID 9",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 9,
"name": "Unconfigured SSID 10",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 10,
"name": "Unconfigured SSID 11",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 11,
"name": "Unconfigured SSID 12",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 12,
"name": "Unconfigured SSID 13",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 13,
"name": "Unconfigured SSID 14",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
},
{
"number": 14,
"name": "Unconfigured SSID 15",
"enabled": false,
"splashPage": "None",
"ssidAdminAccessible": false,
"authMode": "open",
"ipAssignmentMode": "NAT mode",
"minBitrate": 11,
"bandSelection": "Dual band operation",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": true,
"availabilityTags": []
}
],
"switch_port_schedules": [
{
"id": "698057942242427297",
"networkId": "L_698057942242442827",
"name": "Testing",
"portSchedule": {
"monday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"tuesday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"wednesday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"thursday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"friday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"saturday": {
"active": true,
"from": "00:00",
"to": "24:00"
},
"sunday": {
"active": true,
"from": "00:00",
"to": "24:00"
}
}
}
],
"switch_acls": [
{
"comment": "test",
"policy": "deny",
"ipVersion": "ipv4",
"protocol": "tcp",
"srcCidr": "10.0.0.1/32",
"srcPort": "any",
"dstCidr": "any",
"dstPort": "any",
"vlan": "any"
}
]
}Restore
The Restore Page will allow you to choose from existing backup .json files the configs folder, and select which networks it should restore
Adding new configs
Currently, the code supports backing up and restoring the following configurations:
- MX L7 Firewall Rules
- MX 1-to-1 NAT Rules
- Wireless Settings
- Switch ACLs
- Switch Port Schedules
- AMP Settings - if applicable
In backup.py, you are able to modify the backup and restore functions to add additional
configurations that you may want to use. You may visit the Meraki Dashboard API Docs
for more information.
License
Provided under Cisco Sample Code License, for details see LICENSE
Code of Conduct
Our code of conduct is available here
Contributing
See our contributing guidelines here
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityDisclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.