Most Cisco Meraki devices have a local status page that can be accessed to make local configuration changes, monitor device status and utilization, and perform local troubleshooting. This article provides instructions on how to access the local status page, the functions/information available on it, and how to manage and access them.
Accessing the Local Status Page
The local status page of any Meraki device is accessible via the web browser of a host machine. By default, users are required to log in to pages that provide configurable options. The local status page users digest authentication with MD5 hashing for the connection between the administering computer and the Meraki device to protect these sensitive settings.
The username will be the serial number (capitalized with dashes) with no password entry for devices that have not yet fetched configuration or default authentication credentials are in use. Authentication credentials may be configured under 'Network Wide > Configure > General > Device Configuration'
To reach MR devices, the client must be wirelessly connected to the AP (using a configured SSID or the "meraki-setup" SSID), but MS and MX devices can be accessed by any device with access to their LAN IP. This is done by entering the LAN IP address in the URL bar of a web browser. Additionally, each device can be accessed by DNS name from a client whose traffic passes through it by browsing to the following URLs from the client. This can be useful for determining which AP/switch/firewall a client's traffic is going through to reach the internet.
Note: These URLs will work for any Meraki devices listed above, but will only access the first device in its path.
If access by DNS name is not possible, the local status page is also accessible by IP address. This is often helpful when initially configuring the device on a network without DHCP, or when setting a device's IP configuration prior to deployment.
- MR - 10.128.128.126
In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
IP address: 10.128.128.125
Subnet mask: 255.255.255.0
- MS - 1.1.1.100
In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
IP address: 1.1.1.99
Subnet mask: 255.255.255.0
Note: Select MS switches have a dedicated management port that can be used without needing to set a static IP on your client.
- MS390 - 10.128.128.130
In order to access this address, configure a device with the following IP settings, and then browse the address in a web browser.
IP address: 10.128.128.132
Subnet mask: 255.0.0.0
DNS: 10.128.128.130
Note: MS390 does have a dedicated management port however, in the scenario where you are not able to access the local status page, please configure the above static settings on your device to get to the local status page.
- MX - (varies)
Most MX models have a dedicated management port used to access the local status page. In addition, the local status page is accessible at the MX's LAN IP address for all models.
By default, MX devices run DHCP. Once the client is connected to a LAN interface of the MX, find the client's IP address and default gateway, then open the default gateway address in a web browser.
Note: If the MX is in passthrough mode and its uplink is on a subnet that overlaps with a remote subnet over VPN, either the MX will need to be temporarily removed from VPN to be accessed locally or the local status page can only be accessed via VPN.
- MG - (varies)
The local status page is accessible at the MG's LAN IP address. By default, MG devices run DHCP. Once the client is connected to a LAN interface of the MG, find the client's IP address and default gateway, then open the default gateway address in a web browser.
Local Status Page Options
Every device's status page includes useful information about the status of the device, limited configuration options (such as setting a static IP), and other tools. This section will cover what is available for each device.
MR Series
MR access points provide the following information and configuration options on their local status page:
- Connection
Provides information regarding the client's connectivity to the AP, the AP's current network and channels, as well as other cloud connectivity and status information.- Speed test
Provides a tool for conducting a speed test from the wireless client to the AP. If using Internet Explorer, only versions 10 and above are supported. - Access point details
Provides utilization information about the hardware and the channels being used by the AP you are connected to.
- Speed test
正在上传…重新上传取消
- Neighbors
Provides information about any neighboring APs. Includes information like SSID, BSSID, signal (signal-to-noise ratio in DB), channel, mode, and encryption. - Configure
Provides options for setting the IP address of the AP, putting the MR into site survey mode, manual channel and power adjustment, and configuring a proxy for Meraki cloud traffic. Also on this page, you can find the Download support data function. This will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online.
Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.
As of MR28 firmware and up, access points don't have the ability connect to dashboard over HTTP as a fallback. Because of this, the option to set an HTTP proxy is no longer necessary, and will be removed in a future release.
正在上传…重新上传取消
The channel utilization information on the local status page is sourced from the client serving radio. The client serving radio on the Meraki access point has a counter that is updated every 20 seconds. Counters indicate how many times the AP was transmitting, receiving, and saw congestion on the channel, as well as the total cycle count. After every three seconds, the AP reads the counters and computes the difference between the value from three seconds ago and the new value. This difference is used to calculate the channel utilization and is displayed on the local status page.
MS Series
MS switches offer the following information and configuration options on their local status page:
- Connection
Provides information regarding the client's connectivity to the switch, the switch's current network, as well as other cloud connectivity and status information.
正在上传…重新上传取消
- Uplink configuration
Provides options for setting the IP address of the switch, other addressing settings, or configuring a proxy for HTTP traffic. Also on this page, you can find the Download support data function. This will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online.
Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.
正在上传…重新上传取消
- Switch port status
Provides information regarding the configuration and status of ports on this switch.
正在上传…重新上传取消
- Switch ports configuration
Provides options for limited configuration changes on switch ports, including enabled/disabled, native VLAN, and link negotiation.
正在上传…重新上传取消
MX Series with Single Dedicated WAN Link
MX security appliances with single dedicated WAN links offer the following information and configuration options on their local status pages:
- Connection
Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.- Speed test
Provides a tool for conducting a speed test from the client to the appliance. If using Internet Explorer, only versions 10 and above are supported.
- Speed test
正在上传…重新上传取消
- Configure
Provides options for setting the IP address of the appliance on its WAN interfaces, enabling WAN port 2, other addressing settings, or configuring a proxy for HTTP traffic. Also on this page, you can find the Download support data function. This will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online.
Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.
正在上传…重新上传取消
- Ethernet
Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.
正在上传…重新上传取消
MX Series with Multiple Dedicated WAN Links
MX security appliances with multiple dedicated WAN links offer the following information and configuration options on their local status pages:
- Connection
Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.- Speed test
Provides a tool for conducting a speed test from the client to the appliance. If using Internet Explorer, only versions 10 and above are supported.
- Speed test
正在上传…重新上传取消
- Configure
Provides options for setting the IP address of the appliance on its WAN interfaces, other addressing settings, or configuring a proxy for HTTP traffic. Also on this page, you can find the Download support data function. This will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online.
Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.
正在上传…重新上传取消
- Ethernet
Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.
正在上传…重新上传取消
MX Series with Multiple Dedicated SFP WAN Links
MX security appliances with dedicated SFP WAN links offer the following information and configuration options on their local status pages:
- Connection
Provides information regarding the client's connectivity to the appliance, the appliance's current network, uplink status, as well as other cloud connectivity and status information.
- Speed test
Provides a tool for conducting a speed test from the client to the appliance. If using Internet Explorer, only versions 10 and above are supported.
正在上传…重新上传取消
- Configure
Provides options for setting the IP address of the appliance on its WAN interfaces, enabling WAN port 2, other addressing settings, or configuring a proxy for HTTP traffic.
Note: The HTTP proxy allows all default management traffic from the Meraki device to be sent through a proxy. This does not include optional cloud communication, including Auto VPN and 802.1x authentication traffic.
正在上传…重新上传取消
- Ethernet
Allows local changes to the speed/duplex settings of the internet/WAN and LAN ports.
正在上传…重新上传取消
Note: Navigating to http://wired.meraki.com or http://mx.meraki.com when directly connected to a LAN port on a spare MX in active MX warm spare deployments will present the local status page of the primary MX. The spare must be disconnected from the LAN in order to access its local status page. This does not apply to MX models with a dedicated management port, as their local status page can be accessed directly using that port.
MG Series
MG21
MG21 cellular gateway provides the following information and configuration options on their local status page:
- Connection
Provides information regarding the client's connectivity to the MG cellular gateway, including the current cellular network status, cloud connectivity, and signal information.
正在上传…重新上传取消
Connection page from MG 1.11 onwards:
正在上传…重新上传取消
正在上传…重新上传取消
The connection statistics is moved to Cellular Status Page
Cellular Status
正在上传…重新上传取消
- Speed test
Provides a tool for conducting a speed test from the client to the gateway.
- Configure
Configure section contains options for modifying bearer settings such as APN, PIN, and authentication. The ICCID of the SIM card and IMEI of the of the MG cellular gateway can also be found in this section as well. Safe Mode portion allows you to reconfigure port 1 into a WAN role for troubleshooting. To toggle the port 1 from default operating mode into "safe mode" on the MG, check the box to Enable Safe Mode and save.
Note: The MG cellular gateway will perform a soft reset on both interfaces immediately after saving port 1 role change. For example, this is in similar fashion to the MX security appliance when enabling the secondary WAN port on an MX64. It is recommended to toggle this change when out of production hours to prevent disruption of network connectivity.
正在上传…重新上传取消
- Default Mode正在上传…重新上传取消
This is the default mode that MG cellular gateway will be configured with out-of-the-box or when a factory reset is performed. In default mode, the standard operation and roles of both ports on the MG cellular gateway are set as LAN ports. The left graphic shows both ports in their default role as LAN interfaces. Note the AC adapter port on the right side of port 1 for orientation.
- Enabling Safe Mode
MG cellular gateways can be configured to have port 1 as a WAN uplink. The safe mode configuration allows for additional troubleshooting and firmware upgrades for pre-staging if a valid working cellular is unavailable. When in safe mode mode, port 1 is converted into a WAN port to allow connection into a switch, router, or other uplink. Similar to an MR access point, when plugged into a switch device it will attempt to obtain a valid IP and reach out to the dashboard. When there is a valid wired network connection on port 1, the wired interface will take priority over the cellular interface even if the cellular interface is functioning properly. The right graphic highlights the port 1 configuration in the role as a WAN1 interface when enabling safe mode.
Note: When using safe mode, it is recommended to have access to a valid working internet-accessible network to allow the cellular gateway to check in and pull configurations and firmware. Additionally, the MG cellular gateway is not intended to be used in this mode for production. This mode is reserved as a troubleshooting tool for Support to assist with cellular interface issues and to allow the cellular gateways to pull firmware upgrades without using cellular data. The dashboard will display an alert when the MG cellular gateway is configured in safe mode.
- Access point name configurations can be configured when clicking on the cellular override drop-down menu
- The HTTP web proxy allows all default management traffic from the Meraki device to be sent through a proxy
- On this page, you can find the download support data function, which will allow you to download a special file to submit to Meraki support for additional troubleshooting if you are unable to get the unit online
正在上传…重新上传取消
Ethernet
Allows local changes to the speed/duplex settings of the LAN ports.
正在上传…重新上传取消
Note - On the MG 1.11 beta, the Connection tab now only presents basic information about the carrier, APN, and signal strength. A new Cellular Status tab presents additional information on the status of the cellular connection.
MG41
Cellular Status
The cellular statistics is moved to a new "Cellular Status" tab on the MG41.
正在上传…重新上传取消
Configure
The MG41 also provides an option to switch the SIM slot. If there is more than one active SIM card, its possible to set the APN settings for the standby SIM card in advance. If the primary SIM card needs special/private APN settings which is different from what the MG41 is currently using, then the override primary SIM setting can be used to override the necessary APN.
正在上传…重新上传取消
The MG41 has two PoE ports, however, the LAN1 port can be converted to WAN1 using the Safe Mode option for additional troubleshooting.
Note - The MG41 does not support the SIM PIN feature as of yet. The feature will be added in the upcoming software releases.
Configuring the Local Status Page
The following dashboard configuration options may be used to control access to the local status page:
Changing Log-In Credentials
As mentioned in the Accessing the Local Status Page section above, the default credentials for the local status page are the serial number of the device (all upper-case with dashes), the username, and a blank password. This can be modified to have an admin defined password. To do so, navigate to Network-wide > General > Device configuration and provide a password. This can then be used with the username "admin" to access certain pages, including the local status page.
Controlling Remote Access to the Local Status Page
On MX series devices, by default, access to the local status page is only available to devices via the LAN IP address(es). However, it is possible to allow access via the WAN/internet IP as well.
- Navigate to Security Appliance > Configure > Firewall > Layer 3 > Appliance services.
- In the field for Web (local status & configuration), enter "any" to allow access from any remote IPs, or enter address ranges in CIDR notations separated by commas.
Ex. 192.168.13.73/32, 192.168.47.0/24 - Click Save Changes.
For all other devices, the local status page can be accessed by IP after enabling remote device status pages on the Network-wide > General page. This allows you to connect to the local status page of a Meraki device via its LAN IP over the network.
Disabling the Local Status Page
Though the local status page is enabled by default, administrators do have the option to disable the local status page on their devices.
Note: The local status page allows administrators to change the IP configuration of their Meraki devices. If the local status page is disabled and a device's current IP configuration does not allow it to contact the cloud controller, the only option will be to perform a factory reset and clear the local configuration.
The option to enable/disable the local status page is available in the dashboard under Network-wide > General > Device configuration.
Note: If your device has a physical management port, it will always remain active regardless of the value of this setting.
Troubleshooting the Local Status Page
Cannot connect to the local status page URL when wired
All DNS queries for setup.meraki.com (or any other local status page URL) that route through the MX or MS are intercepted and responded to with an "A record" pointing to the local IP address of the device's local status page interface. If DNS queries for setup.meraki.com do not pass through the Meraki device in question, the DNS queries will not resolve to the correct local IP address and clients will not be able to reach the local status page. If a client is unable to resolve the local status page, be sure to check the following:
- Client is connected to the network and is within the same subnet as the device
- DNS is set to the Meraki device IP or to a DNS server that will route through the Meraki device
- Try all relevant local status page URLs (see top of this article)
- Try incognito/private browsing to eliminate potential caching issues
This issue frequently occurs when the DNS server used by clients on the LAN does not send its DNS queries through the MX, as is the case when the DNS server uses a different default gateway. If this is the case, it can be resolved by either pointing the DNS server through the MX or by creating a specific "A record" in the DNS server to point the appropriate local status page URL to the correct device IP.
If the local status page URLs are still unreachable for some reason, the local status page can also be reached by going to the LAN IP of the device through a web browser. For more information about connecting to the local status page using a static IP, see the Accessing the Local Status Page section at the top of this article.
Cannot connect to the local status page when connected to an SSID
Both ap.meraki.com and my.meraki.com are locally-hosted sites useful for configuring an AP when it cannot reach the Meraki Cloud. This is often seen on a static, non-DHCP network or when there are strict firewall rules. After a Cisco Meraki access point (AP) has lost its connection to the Internet but is still receiving power, it will broadcast a default service set identifier (SSID) that can be connected to for administrative tasks.
Connect to the default SSID by completing the following steps:
- Physically inspect the AP
- Check for available wireless networks
- Check if a known default SSID is being broadcast
- If a default SSID is being broadcast, connect your device to it
- If no known default SSIDs are present, set up a manual wireless network connection
- For the SSID name, use 'meraki-<MAC_Address>' e.g. 'meraki-xx:xx:xx:xx:xx:xx', replace the x's with the AP's MAC address in lower case
If a Meraki Access Point does not have a configuration from the Meraki Cloud Controller it will instead broadcast a default SSID of "Meraki-Scanning." The AP takes an address of 10.128.128.128, the SSID runs DHCP, and it will try to assign any clients that associate with it an address. This is merely to provide a connection between a client and the AP to allow for local configuration.
-
After connecting, open a web browser and connect to one of the Local Status Page addresses
-
A list of the administrative tasks which are available to use can be found here.
Default SSIDs
Potential known default SSID names along with potential causes/solutions:
<SSID_name>-bad-gateway
Cause: An AP's configured default gateway has failed to respond to 15 consecutive ARP requests.
Solution: Check the AP's IP address configuration and reachability to its default gateway.
<SSID_name>-connecting
Cause: An AP's SSID that is configured to use a VPN concentrator is unable to connect.
Solution: Verify connectivity to the concentrator using the tools in Dashboard. Also, confirm that your local firewall is not blocking the connection.
<SSID_name>-scanning
Cause: Similar to 'bad-gateway', an AP is unable to connect to its default gateway.
Solution: Check the AP's IP address configuration and reachability to its default gateway.
Meraki Setup
Cause: An AP has never connected to the Meraki Cloud Controller (MCC) or has been factory reset.
Solution: Establish MCC connectivity for the AP by ensuring appropriate Internet access.