| certifications | security - Christian Scott
How to Interpret Cisco Meraki Dashboards
You wake up to a call at 3:00 a.m. It’s the production supervisor on the manufacturing floor at your company. He says, “Hey, the network is down. We can’t do anything!” You sigh as you hang up, and get ready to head in; ready to put out another fire. This scenario is all too common for IT admins and operations teams.. Many enterprise network solutions leave operations and engineering staff blind to the network happenings day to day. Enter the Cisco Meraki Dashboard.
The Meraki dashboard is packed with useful reports, aggregating real-time telemetry and events from network devices. These reports can be used to troubleshoot live issues, plan for additional capacity, and understand the network topology.
The client monitor dashboard allows engineers to quickly identify noisy client traffic while the summary report gives operations teams a bird’s eye view of the network and all components. More detailed dashboards like packet captures and event logs allow engineers a low-level view into network operations, shortening time to recovery for network outage events. A universal change log, firmware updating dashboard, and event log bring all the cloud-native network features together to form a powerful network management system. This is the power of cloud networking with Cisco Meraki.
Let's take a quick look at how to interpret various Cisco Meraki dashboards — something that can benefit any network admin, especially those who work in Cisco shops.
Client Monitor Dashboard
The primary page you are greeted with when logging into the Cisco Meraki dashboard is the client monitor page. From here, you can see the most active and recently connected client devices. The report includes information such as the device’s hostname, MAC address, IP address, and many others. Data points are aggregated from the security appliances, switches, and wireless access points over the internet to feed the client monitoring system.
How to Use Client Monitor Dashboard
From this view, it’s easy to identify client devices and make quick decisions based on live data. For example, the client monitor allows you to find devices that are consuming large amounts of bandwidth. You can use this insight to then throttle busy clients to allow more traffic through to other devices. You could also use this dashboard to identify clients that have issues with connectivity, such as latency, media types, IP address conflicts or mismatches, and others.
The customizable columns in the client view give you a matrix of options, including Operating System, Performance, Last Seen, CDP/LLDP, and many others.
Lastly, the client monitor dashboard makes it easy to whitelist devices like servers and key workstations in the Cisco Advanced security services to make sure they can connect when troubleshooting.
The summary report dashboard is a network operator’s dream. It can be found under the “Organization” tab in the “Monitor” section. The summary report shows all you could want to know about a network’s throughput, bandwidth categories, device utilization metrics, and many other points of data.
How to Use the Summary Report
This report is most helpful when gaining familiarity with a network, or trying to gain quick context to identify problems or opportunities with the network. The summary report can show trends over time, which is helpful for network capacity planning and device lifecycle management. It even allows administrators to see the types of client operating systems that connect to their network, and what types of traffic the clients on the network are generating most.
Export features, scheduled recurring email reports, and customizations make the summary report a great tool for sharing information with other stakeholders about the network status, capacity, and traffic patterns. The insights gathered via the summary report are mostly related to network performance, allowing admins to see bottlenecks and limitations within the infrastructure. This informs planning decisions for expansion and improved performance by right-sizing security appliances and switches or purchasing and using more network bandwidth effectively.
Packet Captures and Event Logs
In the dark ages of network engineering, troubleshooting connectivity and performance issues was very difficult. Network engineers only had command-line interfaces and utilities to work with, which made it impossible to see a holistic picture of the network. Additionally, gathering accurate reports from multiple devices working together is a huge problem without centralized logging and reporting. Meraki makes advanced troubleshooting much easier with a few key reports in the dashboard.
How to Use Event Logs
The event log report can be found under the Network-wide tab under the monitor section. This interactive report allows you to gather information about happenings around your network. This can be filtered by device type, service, specific client, date ranges, and more. The event log is the best place to go when you need to find detailed information about how a particular device or service is working.
For example, when creating a non-Meraki site-to-site VPN connection and troubleshooting Phase 1 and 2 uptime and reliability, the event log can be filtered for “All Non-Meraki/Client VPN” events matching a specific client address. This makes it easy to determine which part of a site-to-site VPN configuration is not functioning correctly, and correct settings on both sides to keep the tunnels up. Typically,, you would have to glean this information from time-sensitive log outputs from the devices themselves. This report aggregates all the required data to one place for processing.
1. Packet Capturing
Before Meraki and cloud-native network platforms, the easiest way to get a packet capture of network traffic was to set up port mirroring, which allowed an administrator to observe traffic from other ports on the switch. Once a series of network conversations are captured, tools like Wireshark can be used to identify performance opportunities and network errors.
The Meraki dashboard includes a feature under the “Network-Wide,” “Monitor” section, called Packet Capture. This report allows you to view and filter the results of a packet capture within the browser window, or download a pcap file to view and sort in Wireshark. The filtering and processing tools include 5 levels of verbosity, filtering for broadcast and multicast packets, filter expressions, and timeframe settings. It has never been easier to diagnose advanced network traffic patterns.
2. Change Log and Firmware Upgrades
Last but certainly not least, the Changelog and firmware update reports built into the Meraki network platform offer the “cherry on top” features; scheduled firmware updates, maintenance windows, and an administrative changelog for the entire network and all devices. It simply does not get much better than this for network infrastructure reporting.
3. Change Log
The changelog report can be found under the “Organization,” “Monitor,” “Change Log” options. The resulting table you see when opening this report is all changes made to the network and its devices dating back 1-2 years, depending on the number of changes made. You can search this log by a technician, device name, the name of the action taken, and many more criteria.
Chances are, if you type in what you think might have changed in one or two words, you will find what you’re looking for. This report can also be downloaded as a CSV for further filtering, analysis, and sharing. The changelog is great for audit purposes, rolling back changes, and finding and correcting accidental or malicious changes to the network.
4. Firmware Upgrades
The firmware upgrades report can be found under the “Organization,” “Monitor,” “Firmware upgrades” section. This report allows you to see a summary of recent firmware updates that have taken place across one or several networks. Additionally, you will find quick information about upcoming firmware changes, the firmware status for your network, and the latest versions of the firmware available, including the stable, stable release candidate, and beta firmware types.
Other tabs on this report include “Scheduled changes” and “All networks,” which allows you to see all upcoming firmware updates that have been scheduled for various devices across the network, as well as the firmware update status for the other networks within your organization. This report is key to maintaining a healthy network, as most legacy network infrastructures contain devices that have been running the same firmware version for years.
I have seen switches with uptimes of seven years. This can work, but ideally, all network devices should be getting regular firmware updates to ensure security conformance and continued performance improvements through bug fixes and feature changes.
The Cisco Meraki network platform provides the best visibility with all kinds of reports for administrators and network operators. These real-time data sources allow quick insights into network issues, prompts to action to resolve issues, and detailed summaries of the device and network performance. These reports are useful in so many ways, from basic troubleshooting, capacity planning, reporting performance metrics back to the business, and keeping an eye on the network topology. These reports are the missing link in many network operations environments where engineers are locked into the command line interface or siloed web interfaces.
Having a platform like Meraki to aggregate actionable data, orchestrate bulk changes, and understand network performance on a global scale is a powerful tool for any organization and makes your life just a little bit easier as a network engineer.