Meraki MX devices can be managed by both Cisco Defense Orchestrator (CDO) and the Meraki dashboard. Note that CDO deploys configuration changes to the Meraki dashboard, which in turn deploys the configuration securely to the device. To onboard an MX device to CDO, you must first register it in the Meraki dashboard. Without having access to the Meraki dashboard, your organization will not be recognized by the Meraki cloud and you will not be able to generate an API token to onboard your device.
Onboarding a device requires you to perform these two steps below:
- Generate and retrieve a Meraki API key. When you onboard a Meraki MX device, you must generate a Meraki API key. The key authenticates the dashboard and allows you to securely onboard a device.
- Onboard a Meraki Device to CDO using the API key.
Prerequisites for Onboarding a Meraki MX
- Review Connect Cisco Defense Orchestrator to Your Managed Devices.
- Review How Does CDO Communicate With Meraki for more information.
Generate and Retrieve Meraki API Key
Use this procedure to enable CDO access to the Meraki dashboard with API access:
- Log into the Meraki dashboard.
- In the navigation panel click Organization > Settings.
- Under Dashboard API Access, check Enable access to the Cisco Meraki Dashboard API. Without this option, you cannot generate API keys to onboard MX devices to CDO.
- Click Save changes.
- On the Meraki dashboard, click on your username in the upper right corner of the screen and then click My Profile.
- Locate the API access header and click Generate new API key. Copy this API key. We recommend temporarily pasting it into a note until you are ready to use it. If you close the copy source before you paste the API key, you lose the copied API key.
Note: You only need one API key per device. You can re-onboard a Meraki device without generating a new key.
Onboard an MX Device to CDO
Use this procedure to onboard a Cisco Meraki device:
- In the navigation pane, click Devices & Services
- Click the blue plus button and click the Meraki tile.
- Paste the API access key you copied. If the key is incomplete or incorrect, you will not be able to onboard the device. Click Connect.
- Use the drop-down menu to select the correct Organization. The generated list of organizations are retrieved from the Meraki dashboard and includes devices and templates. Select the desired device and click Select.
- Use the drop-down menu to select the correct Network. The generated list of networks are retrieved from the Meraki network. Click Select.
- Optionally, you can add unique Labels for the device. You can later filter your list of devices by this label.
- Click Continue. The device begins the onboarding process. Once completed, CDO redirects you to Devices & Services.
- MX devices do not have to be connected to the Meraki Cloud in order to be managed by CDO. If an MX device has never connected to the cloud, the device connectivity is listed as unreachable. This is normal, and does not affect your ability to manage or deploy policies to this device.
- CDO silently converts invalid CIDR prefix notation IP addresses and IP address ranges to valid form by zeroing all bits associated with the host.
- Onboarding Meraki MX devices or templates no longer requires a connection through a Secure Device Connector (SDC). If you have some Meraki MX devices that have already been onboarded and connect to CDO using an SDC, that connection will continue to work unless you remove and re-onboard the device or update its connection credentials.
- Meraki MX Templates
- Onboard a Meraki MX Template to Defense Orchestrator
- How Does CDO Communicate With Meraki
- Updating Meraki MX Connection Credentials for CDO
- Manage the Meraki Access Control Policy
- Objects Associated with Meraki Devices
- Create or Edit a Meraki Network Object or Network Group
- Create or Edit a Meraki Service Object or Service Group