module · Networking

Cisco Meraki

Comprehensive Cisco Meraki control plane — orgs, admins, networks, devices, switch (ports/VLANs/ACLs/stacks/routes), wireless (SSIDs, RF profiles, identity PSKs), MX appliance (L3/L7 firewall, content filter, VLANs, ports, S2S VPN), MV camera, MG cellular gateway, Systems Manager (MDM), licensing, webhooks, alerts, SAML, and Insight.

Namespace: weave meraki Env: MERAKI_API_KEY

Commands

State kinds

Networking

Setup

Configure credentials via environment variables. We recommend sourcing them through 1Password or your secrets manager rather than committing them to the shell rc.

Official API reference

weave commands for this module are checked against the vendor's published API.

Dashboard API

Variable	Description	Status
MERAKI_API_KEY	Required for authentication.	required
MERAKI_API_ROOT	Alternative dashboard root URL (e.g. Meraki China cloud).	optional
MERAKI_BASE_URL	Synonym for MERAKI_API_ROOT — accepted for compatibility.	optional

Sanity-check the wiring:

weave secrets check
weave meraki --help
weave doctor   # reports MERAKI_API_KEY status

Capabilities

What this module can do, by entity and verb. ✓ means a working CLI surface; · means not (yet) wired.

Entity	find	list	show	do	snapshot	diff	apply
action-batch	·	·	·	✓	·	·	·
admin	✓	✓	·	✓	·	·	·
alert	·	✓	·	·	·	·	·
alert-settings	·	·	·	·	✓	✓	✓
camera	·	✓	✓	✓	·	·	·
camera-quality-profile	·	✓	·	·	·	·	·
cellular-gateway	·	✓	·	·	·	·	·
cellular-gateway-stats	·	·	✓	·	·	·	·
client	✓	·	✓	·	·	·	·
content-filter	·	✓	·	·	✓	✓	✓
device	✓	✓	✓	✓	·	·	·
event	·	✓	·	·	·	·	·
firewall-rule	·	✓	·	·	·	·	·
identity-psk	·	✓	·	·	·	·	·
insight-application	·	✓	·	·	·	·	·
l3-firewall-rules	·	·	·	·	✓	✓	✓
l7-firewall-rules	·	·	·	·	✓	✓	✓
license	·	✓	✓	·	·	·	·
monitored-media	·	✓	·	·	·	·	·
mx-port	·	✓	·	·	✓	✓	✓
mx-vlan	·	✓	·	·	·	·	·
network	✓	✓	✓	✓	·	·	·
network-client	·	✓	·	·	·	·	·
network-traffic	·	·	✓	·	·	·	·
org	✓	✓	✓	·	·	·	·
port	·	·	·	·	✓	✓	✓
rf-profile	·	✓	·	·	✓	✓	✓
routing-static-routes	·	·	·	·	✓	✓	✓
saml-role	·	✓	·	·	✓	✓	✓
site-to-site-vpn	·	✓	·	·	✓	✓	✓
sm-app	·	✓	·	·	·	·	·
sm-device	·	✓	·	✓	·	·	·
sm-profile	·	✓	·	·	·	·	·
ssid	✓	✓	✓	✓	✓	✓	✓
switch-acl	·	✓	·	·	✓	✓	✓
switch-port	·	✓	·	✓	·	·	·
switch-route	·	✓	·	·	·	·	·
switch-stack	·	✓	·	·	✓	✓	·
switch-vlan	·	✓	·	·	·	·	·
video-link	·	·	✓	·	·	·	·
vlan	·	·	·	·	✓	✓	✓
webhook	·	✓	·	✓	·	·	·
webhook-http-servers	·	·	·	·	✓	✓	✓

Commands

Every registered CLI command, grouped by verb. Each example uses placeholder arguments — substitute real values for your environment.

find (6)

find admin

read

Find an organization admin by email or name.

weave meraki find admin <identifier>

find client

read

Find a client by MAC across reachable orgs and networks.

weave meraki find client <identifier>

find device

read

Find a device by serial, MAC, or name.

weave meraki find device <identifier>

find network

read

Find a network by id or name (across reachable orgs).

weave meraki find network <identifier>

find org

read

Find an organization by id or display name.

weave meraki find org <identifier>

find ssid

read

Find a wireless SSID by name on a network.

weave meraki find ssid <name>

list (31)

list admins

read

List admins on an organization.

weave meraki list admins <arg>

list alerts

read

Show alert types and settings on a network.

weave meraki list alerts <arg>

list camera-quality-profiles

read

List MV camera quality profiles on a network.

weave meraki list camera-quality-profiles <arg>

list cameras

read

List Meraki MV cameras on a network.

weave meraki list cameras <arg>

list cellular-gateways

read

List Meraki MG cellular gateways on a network.

weave meraki list cellular-gateways <arg>

list content-filter

read

Show content-filtering settings on a network.

weave meraki list content-filter <arg>

list devices

read

List devices on an organization (or one network).

weave meraki list devices <arg>

list events

read

List recent events on a network.

weave meraki list events <arg>

list firewall-rules

read

List MX L3 firewall rules on a network.

weave meraki list firewall-rules <arg>

list identity-psks

read

List Identity PSKs on a wireless SSID.

weave meraki list identity-psks <arg>

list insight-applications

read

List Insight monitored applications on an organization.

weave meraki list insight-applications <arg>

list licenses

read

List licenses on an organization.

weave meraki list licenses <arg>

list monitored-media

read

List Insight monitored media servers on an organization.

weave meraki list monitored-media <arg>

list mx-ports

read

List MX appliance ports on a network.

weave meraki list mx-ports <arg>

list mx-vlans

read

List MX appliance VLANs on a network.

weave meraki list mx-vlans <arg>

list network-clients

read

List clients on a single network (recent traffic).

weave meraki list network-clients <arg>

list networks

read

List networks on an organization.

weave meraki list networks <arg>

list orgs

read

List organizations the API key can see.

weave meraki list orgs <arg>

list rf-profiles

read

List wireless RF profiles on a network.

weave meraki list rf-profiles <arg>

list saml-roles

read

List SAML roles on an organization.

weave meraki list saml-roles <arg>

list site-to-site-vpn

read

Show site-to-site VPN config on a network.

weave meraki list site-to-site-vpn <arg>

list sm-apps

read

List Systems Manager-deployed apps on a device.

weave meraki list sm-apps <arg>

list sm-devices

read

List Systems Manager (MDM) devices on a network.

weave meraki list sm-devices <arg>

list sm-profiles

read

List Systems Manager configuration profiles on a network.

weave meraki list sm-profiles <arg>

list ssids

read

List wireless SSIDs on a network.

weave meraki list ssids <arg>

list switch-acls

read

List switch ACL rules on a network.

weave meraki list switch-acls <arg>

list switch-ports

read

List ports on a switch (by serial).

weave meraki list switch-ports <serial>

list switch-routes

read

List static routes on a network.

weave meraki list switch-routes <arg>

list switch-stacks

read

List switch stacks on a network.

weave meraki list switch-stacks <arg>

list switch-vlans

read

List MS-side appliance VLAN profiles on a network.

weave meraki list switch-vlans <arg>

list webhooks

read

List webhook HTTP servers on an organization.

weave meraki list webhooks <arg>

show (10)

show camera

read

Show MV camera summary (status, video settings).

weave meraki show camera <serial>

show cellular-gateway-stats

read

Show signal stats for an MG cellular gateway.

weave meraki show cellular-gateway-stats <serial>

show client

read

Show full client detail on a network (by MAC).

weave meraki show client <mac>

show device

read

Show full device detail (status, uplink, ports).

weave meraki show device <identifier>

show license

read

Show one license by id on an organization.

weave meraki show license <license-id>

show network

read

Show full network detail.

weave meraki show network <identifier>

show network-traffic

read

Show traffic analytics for a network (top apps).

weave meraki show network-traffic <arg>

show org

read

Show full detail for one organization.

weave meraki show org <identifier>

show ssid

read

Show full SSID configuration.

weave meraki show ssid <number>

show video-link

read

Show a time-bounded shareable video link for a camera.

weave meraki show video-link <serial>

set (1)

set port

write

[deprecated alias of `do set-port-vlan`] Set switch port VLAN.

weave meraki set port <serial> <port>

do (17)

do action-batch

write

Submit a Meraki action batch from a YAML/JSON file.

weave meraki do action-batch <file>

do blink-device

write

Blink the locator LEDs on a device.

weave meraki do blink-device <serial>

do capture-image

write

Capture a fresh JPEG snapshot from an MV camera.

weave meraki do capture-image <serial>

do claim-device

write

Claim one or more devices into a network.

weave meraki do claim-device <serials>

do combine-networks

write

Combine multiple networks into a single multi-product network.

weave meraki do combine-networks <networks>

do erase-sm-device

write

Wipe an MDM-enrolled device. Destructive.

weave meraki do erase-sm-device <device-id>

do invite-admin

write

Invite a new admin to an organization.

weave meraki do invite-admin <email>

do invoke-webhook

write

Send a test payload to a webhook HTTP server.

weave meraki do invoke-webhook <arg>

do lock-sm-device

write

Lock an MDM-enrolled device.

weave meraki do lock-sm-device <device-id>

do reboot-device

write

Reboot a device.

weave meraki do reboot-device <serial>

do remove-device

write

Remove a device from its network (does not unclaim).

weave meraki do remove-device <serial>

do revoke-admin

write

Revoke an admin from an organization (by id).

weave meraki do revoke-admin <admin-id>

do set-port-vlan

write

Update a switch port VLAN / description / admin state.

weave meraki do set-port-vlan <serial> <port>

do split-network

write

Split a combined network into its product-type components.

weave meraki do split-network <arg>

do unenroll-sm-device

write

Unenroll a device from MDM.

weave meraki do unenroll-sm-device <device-id>

do update-firmware

write

Trigger a firmware upgrade on a network.

weave meraki do update-firmware <arg>

do update-passphrase

write

Update an SSID passphrase (PSK).

weave meraki do update-passphrase <arg>

snapshot / diff / apply are generated automatically from the State Kinds declared on this module — see the State kinds section below for per-kind details. Workflow: snapshot → edit YAML → diff → apply --yes (or confirm interactively; apply --dry-run previews the same diff).

State kinds

Resources this module can snapshot and diff; apply where the kind supports live writes (see Round-trip per kind). Always run diff before apply; use --yes in automation after review. Files live under .weave-state/meraki/.

ports

snapshot diff apply

All switch ports in a network (per-switch, full apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: ports
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

vlans

snapshot diff apply

All MX appliance VLANs in a network (full apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: vlans
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

l3-firewall-rules

snapshot diff apply

MX layer-3 firewall ruleset (whole-array atomic apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: l3-firewall-rules
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

l7-firewall-rules

snapshot diff apply

MX layer-7 firewall ruleset (whole-array atomic apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: l7-firewall-rules
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

switch-acls

snapshot diff apply

MS switch ACL rules (whole-array atomic apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: switch-acls
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

content-filter

snapshot diff apply

MX content-filtering settings (singleton apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: content-filter
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

site-to-site-vpn

snapshot diff apply

MX site-to-site VPN configuration (singleton apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: site-to-site-vpn
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

mx-ports

snapshot diff apply

MX physical ports — VLAN, type, allowed VLANs, drop-untagged (per-port apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: mx-ports
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

routing-static-routes

snapshot diff apply

MX static routes (full apply: create, update, delete).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: routing-static-routes
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

ssids

snapshot diff apply

Wireless SSIDs (per-SSID apply; passphrases are deliberately excluded).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: ssids
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

rf-profiles

snapshot diff apply

Wireless RF profiles (full apply: create, update, delete).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: rf-profiles
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

alert-settings

snapshot diff apply

Network-wide alert settings (singleton apply).

Scope: network
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: alert-settings
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

switch-stacks

snapshot diff apply

Switch stack inventory (snapshot + diff only — composition is hardware-dependent).

Scope: network
Round-trip: Snapshot + diff (apply not wired).

State file skeleton

module: meraki
kind: switch-stacks
network: <value>
items:
  - # <fields specific to this kind — see snapshot output>

webhook-http-servers

snapshot diff apply

Org webhook HTTP servers (full apply: create, update, delete; secrets excluded).

Scope: organization
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: webhook-http-servers
organization: <value>
items:
  - # <fields specific to this kind — see snapshot output>

saml-roles

snapshot diff apply

Org SAML roles and tag/network grants (full apply).

Scope: organization
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: meraki
kind: saml-roles
organization: <value>
items:
  - # <fields specific to this kind — see snapshot output>

Workflows

End-to-end recipes from operators who already run this module in production. Copy, adapt, and put under change-control.

Bulk-update VLAN across all access ports in a site

Snapshot ports → edit YAML → diff → apply. Idempotent.

weave meraki snapshot ports --network=HQ
$EDITOR .weave-state/meraki/<org>/HQ/ports.yaml
weave meraki diff ports --network=HQ
weave meraki apply ports --network=HQ --yes

Migrate hardware (swap a switch)

Find the device, claim the new one, transfer overrides, retire.

weave meraki find device <old-serial>
weave meraki snapshot ports --network=HQ
weave meraki do claim-device <new-serial> --network=HQ --yes
# transcribe the relevant entries from the YAML to the new serial
weave meraki apply ports --network=HQ --yes
weave meraki do remove-device <old-serial> --yes

Roll out a wireless passphrase change

Use the explicit passphrase verb — secrets are never round-tripped via state.

weave meraki list ssids --network=HQ
weave meraki do update-passphrase --network=HQ --ssid=0   # prompts twice for the new PSK
weave meraki snapshot ssids --network=HQ                  # capture the (non-secret) drift

Quarantine a noisy MAC across networks

Locate first, then act per network it appears on.

weave meraki find client aa:bb:cc:dd:ee:ff
# pick the affected network(s) from the table; for each:
weave meraki do action-batch quarantine.yaml --org=Acme --yes

Quarterly firewall audit

Snapshot the L3 ruleset, commit to git, diff next quarter.

weave meraki snapshot l3-firewall-rules --network=HQ
git add .weave-state/meraki && git commit -m 'firewall audit Q1'
# … next quarter …
weave meraki diff l3-firewall-rules --network=HQ   # any drift?
weave meraki apply l3-firewall-rules --network=HQ --yes  # if intended

Terraform parity

For each Terraform resource in the canonical provider, here's the equivalent live-API verb in weave. Use this as a migration cheat-sheet, not a 1:1 contract — weave deliberately stays in the live-state lane, not the desired-state lane.

Terraform resource	weave equivalent
meraki_organization	weave meraki list/find/show org Org-level resources are read-only via weave today.
meraki_organizations_admin	weave meraki list/find admin + do invite-admin / revoke-admin
meraki_network	weave meraki list/find/show network + do split-network / combine-networks
meraki_networks_devices_claim	weave meraki do claim-device / remove-device
meraki_devices	weave meraki list/find/show device + do reboot-device / blink-device / update-firmware
meraki_devices_switch_ports	weave meraki list switch-ports / snapshot ports / do set-port-vlan
meraki_networks_switch_access_control_lists	weave meraki list switch-acls / snapshot switch-acls
meraki_networks_switch_stacks	weave meraki list switch-stacks / snapshot switch-stacks snapshot + diff only; stack composition is a hardware-topology operation.
meraki_networks_appliance_vlans	weave meraki list mx-vlans / snapshot vlans
meraki_networks_appliance_ports	weave meraki list mx-ports / snapshot mx-ports
meraki_networks_appliance_firewall_l3_firewall_rules	weave meraki list firewall-rules / snapshot l3-firewall-rules
meraki_networks_appliance_firewall_l7_firewall_rules	weave meraki list firewall-rules --layer=l7 / snapshot l7-firewall-rules
meraki_networks_appliance_content_filtering	weave meraki list content-filter / snapshot content-filter
meraki_networks_appliance_static_routes	weave meraki list switch-routes / snapshot routing-static-routes
meraki_networks_appliance_vpn_site_to_site_vpn	weave meraki list site-to-site-vpn / snapshot site-to-site-vpn
meraki_networks_wireless_ssids	weave meraki list/find/show ssid / snapshot ssids / do update-passphrase
meraki_networks_wireless_rf_profiles	weave meraki list rf-profiles / snapshot rf-profiles
meraki_networks_wireless_ssids_identity_psks	weave meraki list identity-psks --ssid=N list-only — round-trip skipped (per-record secrets unsafe in YAML).
meraki_networks_camera_quality_retention_profiles	weave meraki list camera-quality-profiles + do capture-image
meraki_networks_cellular_gateway_*	weave meraki list cellular-gateways / show cellular-gateway-stats
meraki_networks_sm_*	weave meraki list sm-devices / sm-profiles / sm-apps + do erase / lock / unenroll
meraki_organizations_licenses	weave meraki list/show license read-only — license writes require Meraki dashboard.
meraki_organizations_webhooks_http_servers	weave meraki list webhooks / snapshot webhook-http-servers + do invoke-webhook
meraki_networks_alerts_settings	weave meraki list alerts / snapshot alert-settings
meraki_organizations_saml_roles	weave meraki list saml-roles / snapshot saml-roles
meraki_organizations_action_batches	weave meraki do action-batch <file.yaml> Submit Meraki bulk action batches from a YAML/JSON file.
(events / network-traffic / find-mac / watch device-status)	weave meraki list events / show network-traffic / find-mac / find client Operational verbs unique to weave — no Terraform equivalent.

Troubleshooting & source

Missing credentials

Run weave doctor — it reports which env vars (including MERAKI_API_KEY) are set and which are blank.

Unexpected behaviour from a state apply

Re-run weave meraki diff <kind> to confirm the controller's current state, then re-snapshot before the next apply. The driver always re-snapshots before diffing.

Open the source

The module lives at https://github.com/andy-broyles/weavewhatever/tree/main/src/weave/modules/meraki. File a bug or feature request at https://github.com/andy-broyles/weavewhatever/issues.