Meraki MCP

Meraki MCP

A powerful Model Context Protocol (MCP) server that provides dynamic access to the entire Meraki Dashboard API plus advanced compliance and security auditing capabilities. Instead of creating hundreds of individual tools, Meraki MCP uses intelligent discovery to find and execute any Meraki API endpoint on demand.

🚀 Features

Dynamic API Discovery

• Universal Access: Query any of 400+ Meraki API endpoints without pre-defined tools
• Single-Call Optimization: Common queries (organizations, device status, etc.) found instantly
• Intelligent Search: Natural language queries to find relevant endpoints
• Parameter Discovery: Automatic detection of required and optional parameters
• Smart Validation: Generic parameter validation with helpful error messages

Compliance & Security Auditing 🛡️

• Multi-Framework Support: PCI DSS, HIPAA, SOC2, ISO 27001, NIST Cybersecurity Framework
• Automated Compliance Scanning: Comprehensive security assessments across your entire Meraki organization
• Critical Finding Detection: Identifies security gaps and compliance violations
• Actionable Recommendations: Specific remediation steps for each finding
• Detailed Reporting: Executive summaries and technical details for compliance documentation

Backup & Restore Operations 🔄

• Organization Backup: Create complete backups of your Meraki organization
• Component Restore: Restore individual devices or networks from backups
• Status Monitoring: Real-time progress tracking for backup and restore operations
• Error Handling: Comprehensive error reporting and recovery guidance

Advanced Network Analysis 📊

• Network Topology Analysis: Comprehensive device relationships and connections
• Device Health Monitoring: Performance metrics and diagnostics
• Security Auditing: Network-wide security assessments
• Performance Analytics: Bottleneck identification and optimization recommendations
• Configuration Drift Detection: Identify inconsistencies across networks

Acknowledgement: This project was originally inspired by earlier work that included Selent-specific features. Those integrations have been removed; thanks to the Selent team for prior inspiration.

⚡ Quick Start (Local via FastMCP)

1) Prerequisites

• Python 3.12+
• A Meraki Dashboard API key

2) Install and run

FastMCP CLI quick reference:

Troubleshooting:

• If you see "Already running asyncio in this thread", stop any previous instance and run again:
  • macOS/Linux: pkill -f "fastmcp run.*meraki_mcp/main.py" || true
  • Windows: Stop the prior terminal/process that’s running FastMCP

3) Connect a client

• Claude Desktop: Settings → Developer → Edit Config, add a server pointing to the command above.

Example claude_desktop_config.json entry:

Note: Ensure your Meraki API key belongs to a licensed organization for network-level operations.

🐳 Quick Start with Docker

1. Prerequisites

• Docker installed and running
• Meraki Dashboard API key (Get one here)

2. Deploy the Server

Option A: Use Public Docker Image (Recommended)

Option B: Build from Source

3. Configure Claude Desktop (Docker)

Update your Claude Desktop configuration file:

Location: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS)

4. Restart Claude Desktop

Restart Claude Desktop to load the new MCP server.

5. Test Your Configuration

Once Claude Desktop restarts, test your setup:

The --pull=always flag ensures you automatically get the latest features and security updates without manual intervention.

📖 Usage Examples

API Operations

Compliance Testing

Backup & Restore

Advanced Analytics

🛠 Development & Management

Container Management

🔧 Available Tools

Core API Tools

• search_meraki_api_endpoints(query)
  • Natural-language search over the Meraki SDK (e.g., "wireless ssids", "mx firewall rules")
• get_meraki_endpoint_parameters(section, method)
  • Introspect required/optional params for any endpoint
• execute_meraki_api_endpoint(section, method, serial?, portId?, networkId?, organizationId?, kwargs='{}')
  • Call any Meraki API directly; pass extra params as JSON in kwargs

Convenience Tools

• Organizations and networks
  • get_organizations, get_organization_networks(organization_id), get_organization_devices(organization_id)
• Devices and switch
  • get_device_status(serial), get_switch_port_config(serial, port_id)
• Network
  • get_network_clients(network_id, timespan?), get_network_settings(network_id), get_network_topology(network_id)
• Security (MX)
  • get_firewall_rules(network_id)
• Administered (user/keys)
  • administered_get_identity(), administered_list_api_keys(), administered_generate_api_key(), administered_revoke_api_key(suffix)
• Integrations
  • enable_xdr_on_networks(organization_id, network_ids_json), disable_xdr_on_networks(organization_id, network_ids_json)
• Wireless
  • update_network_wireless_scanning_settings(network_id, settings_json)
  • update_ssid_l7_firewall_rules(network_id, number, rules_json)
• Sensor/Spaces (SDK dependent)
  • get_sensor_gateway_latest_connections(organization_id)
  • get_spaces_integration_status(organization_id)

Tip: You can always fall back to the dynamic trio: search → parameters → execute.

🧩 Install in Claude Desktop

There are two ways to install and use this MCP server in Claude Desktop:

Option A — Desktop Extensions (DXT) [Recommended]

Claude Desktop supports one‑click local MCP servers via Desktop Extensions (DXT). You can install from the directory or install a custom extension (.dxt file).

Steps (install an existing extension):

• Open Claude Desktop → Settings → Extensions → Browse extensions → Install
• Configure required settings (e.g., add MERAKI_API_KEY)

Steps (install a custom .dxt you built):

• Open Claude Desktop → Settings → Extensions → Advanced settings → Extension Developer
• Click “Install Extension…” and select your extension.dxt

DXT packaging overview for this server:

• Create a manifest.json following the DXT MANIFEST spec
• Set the server entry to launch FastMCP with this entrypoint: fastmcp run meraki_mcp/main.py:mcp
• Provide a sensitive config field for MERAKI_API_KEY
• Bundle Python deps (e.g., server/lib/ or a vendored venv) so it runs on end‑user machines
• Build the package: dxt pack → produces extension.dxt

References:

• Getting started with local MCP servers and Desktop Extensions: Anthropic Help Center
• DXT repo and manifest details: anthropics/dxt

Option B — Local dev config (no DXT)

If you prefer not to build a DXT yet, point Claude Desktop to your local server command:

1. Ensure the server runs locally (see “Quick Start (Local via FastMCP)”).
2. In Claude Desktop, add a custom MCP server (developer config) pointing to:

Troubleshooting:

• If tools don’t appear, restart Claude Desktop after adding the server
• For Desktop Extensions specifics (enabling/disabling, org policies), see the help center article linked above

☁️ Deploy on Smithery

Deploy this MCP server to Smithery.ai so it can be managed and shared from the cloud.

1) Prerequisites

• Smithery account with GitHub access
• A Meraki Dashboard API key

2) Create a new MCP service

1. In Smithery, create a new MCP service and connect this GitHub repository.
2. Choose a Python 3.12 runtime (or enable Docker build using the included Dockerfile).
3. Build steps (Python runtime):
   • pip install -U pip
   • pip install -e .
4. Start command:
   • Command: fastmcp
   • Args: run, meraki_mcp/main.py:mcp
5. Environment variables:
   • MERAKI_API_KEY: your Meraki Dashboard API key

If you choose Docker, Smithery can build from the included Dockerfile (which sets the container CMD to start the server). You can still override the command to fastmcp run meraki_mcp/main.py:mcp if preferred.

3) Deploy and test

1. Click Deploy and wait for the build to finish.
2. Open the service logs to confirm startup (you should see the Meraki SDK version and discovered sections).
3. Use Smithery’s “Copy client snippet” to add the server to your MCP client (e.g., Claude Desktop) and test with a basic query like “What Meraki organizations do I have access to?”.

Troubleshooting

• Ensure MERAKI_API_KEY is set for the service.
• If wireless/network calls fail with 403, verify your org is licensed.
• If running via Python runtime and you see “Already running asyncio in this thread”, make sure only one server process is running.

💡 Key Benefits

✅ No Manual Tool Creation: Access 400+ endpoints without writing individual tools
✅ Single-Call Efficiency: Common queries resolved instantly without multiple searches
✅ Intelligent Discovery: Natural language queries find the right endpoints
✅ Always Up-to-Date: Uses live Meraki API, automatically includes new endpoints
✅ Production Ready: Docker deployment for consistency across environments
✅ Multi-User Support: Scale across teams with individual API keys
✅ Performance Optimized: Caching, error handling, and smart parameter validation
✅ Compliance Ready: Built-in support for PCI DSS, HIPAA, SOC2, ISO 27001, NIST
✅ Auto-Updates: --pull=always ensures latest features and security patches
✅ Enterprise Features: Backup/restore, security auditing, performance analytics

🔐 Security & Environment

MCP Security Guidance

This project aligns with the Model Context Protocol Security guidance for building and operating MCP servers. See the MCP Security site for the Top 10 risks, hardening guidance, and operational best practices:

• Model Context Protocol Security: https://modelcontextprotocol-security.io

Key practices we follow and recommend:

• Do not log sensitive data; keep request/response logging minimal and sanitized
• Use environment variables for secrets (e.g., MERAKI_API_KEY), never commit secrets
• Prefer read-only operations by default in production; explicitly confirm mutations
• Restrict dynamic surface area (allow/deny lists for sections/methods) when needed
• Run containers as non-root and drop unnecessary capabilities in production

Environment Variables

Security Best Practices

• Never commit API keys to version control
• Use environment variables or secure secret management
• Scan Docker images for vulnerabilities in production
• Set appropriate resource limits for containers
• Use secure networks in production deployments

🤝 Contributing

• Start here: see AGENTS.md for project structure, commands, style, and testing.
• Use Conventional Commits (feat:, fix:, docs:, etc.).
• Ensure CI passes: ruff, mypy, and unit pytest.
• Integration tests are opt-in: MERAKI_API_KEY=... pytest -m integration -q.
• PRs use the template in .github/pull_request_template.md and must link issues when applicable.

🚧 Roadmap / Improvements

• Security & Hardening
  • Add output redaction middleware for sensitive fields (psk, password, secret, token, apiKey)
  • Safe mode default: block create/update/delete unless ALLOW_MUTATIONS=true and confirm=true
  • Gate high‑risk tools (e.g., administered_*) behind ENABLE_ADMINISTERED_TOOLS=true
  • Allow/Deny lists to restrict dynamic executor surface: ALLOW_SECTIONS/METHODS, DENY_SECTIONS/METHODS
  • Add rate/size guards (MAX_PER_PAGE, MAX_TIMESPAN, MAX_PARALLEL_CALLS) to prevent resource exhaustion
  • Container hardening: run as non‑root, drop Linux capabilities, consider read‑only FS in production
  • If exposed remotely: enforce TLS, IP allowlists, and gateway authentication
• Coverage & SDK Parity
  • Track OpenAPI v1.61+ additions (Zigbee IoT, Sensor Gateway, Spaces) as wrappers when SDK support lands
  • Expand convenience wrappers (MG eSIM, Insight, SM, Webhooks) while keeping dynamic executor
  • Keep meraki SDK current and add CI checks for method presence
• Testing & Quality
  • Unit tests for wrappers and semantic search matching
  • Integration smoke tests (read‑only) with environment‑gated live checks
  • CI pipeline: lint, type‑check, test matrix (local/Docker)
• Observability & Ops
  • Optional sanitized audit logs (tool name, section.method, status, latency)
  • Health/readiness endpoints and structured logs for container platforms
• DX & Distribution
  • Package as a DXT for Claude Desktop one‑click install (dxt pack)
  • Example configs and scripts for local dev, Docker, and Smithery

Reference security guidance: Model Context Protocol Security — Top 10 and Hardening Guide: https://modelcontextprotocol-security.io