Pajama Points: Access the Meraki MX Local Status Page From Anywhere

If you weren’t aware, every Meraki device has a local status page for provisioning, configuration, and onsite troubleshooting. No need for a USB-to-console-dingus to get access to the unit locally. Simply connect an Ethernet cable to a LAN or management port on the device, open a web browser, navigate to setup.meraki.com, and be surprised by the lovely HTML5 local web console.

If you’re rocking Meraki MX security appliances and have configured static IP addresses on the WAN interfaces, then you’re likely already familiar with the utility of the page. If elements like IP, gateway, DNS, or PPPoE need to be assigned manually to the device during the initial deployment, the local status page is a critical part of the workflow.

But what happens when you need to access the local status page after a MX appliance is deployed? What if that MX is halfway around the world?

Good news. We have options.

Static MX WAN IP Assignment in Dashboard

The biggest use for the local status page on MX is to manually add static IP information on uplinks. That wasn’t previously possible natively in the cloud Dashboard since, well, you need the appliance to have internet as a prereq to allow Dashboard to modify the uplink IP. Chicken and egg problem.

This changed in MX13 firmware. Customers running MX13 can now modify the MX uplink IP information directly in Dashboard (Security appliance > Appliance status > Uplink tab). This is primarily helpful in two situations:

  1. When a MX already has an internet connection on an uplink via DHCP and an administrator needs to change it to a static IP.
  2. When using the built-in cellular interface to provision new deployments that require static uplink IPs assigned. Here the cellular interface enables the appliance to talk to the cloud – enabling an admin to then update the WAN1/2 interface details remotely.

meraki mx static ip assignment in dashboard

LAN Local Status Page Access

By default, the local status page is accessible on the MX platform via the management interface directly or by browsing to an active internal VLAN interface from a client on the LAN.

By the way, if you haven’t already please update the local credentials for the local status page. Your security team will thank you.

This LAN-side access to the appliance is useful if you’re working on a subnet behind the MX or if you have RDP access to a client local to the appliance.

But what if you need quick access remotely and don’t have a good way to get to the inside IP of the MX? There exists a little-known WAN web managemnt access option. You just have to know what you’re looking for.

WAN Local Status Page Access

If you navigate to Security appliance > Firewall and scroll down to the Security appliance services section, you’ll find a Web (local status & configuration) option listed.

meraki web services firewall configuration

Replacing the Allowed remote IPs from none to a comma-seperated list of public IP address or subnets will enable remote access to the devices’ local status page when browsing to the WAN interface’s public IP address (assuming your browser session’s source IP matches a subnet added).

meraki mx local status page

Before MX13, this method was the only option available to modify WAN interface configuration elements directly throught the device’s public IP address. It’s still especially helpful in a pinch when you need to securely make local status page updates or just double-check uplink handoff health from the view of the device itself.

So there you have it. Secure, direct MX local status page via the WAN interface.

From anywhere.