First Steps
This section provides an easy to understand, simple example of deploying a network configuration to a new or existing Meraki organization. This helps to get familiar using Network as Code to manage Meraki cloud-managed networks. Because Terraform assumes full control of the lifecycle of the resources it creates, this example focuses on network and device configuration that won’t impact existing organizational settings.
The repository used in this example can be found at: https://github.com/netascode/nac-meraki-simple-example
This example assumes you have installed the following prerequisites.
- Terraform 1.8.0 or later
- Git
- Your preferred text editor / Integrated Development Environment (IDE) (such as VisualStudio Code)
- A Meraki Dashboard account with API access enabled
- A Meraki API key (generated from Dashboard > Organization > Settings > Dashboard API access)
Getting started
Start by cloning the repository to your local system:
git clone https://github.com/netascode/nac-meraki-simple-example.gitcd nac-meraki-simple-exampleOpen the folder in your preferred editor / IDE.
The working area should look like this:
nac-meraki-simple-example/├── data/│ ├── meraki.nac.yaml│ ├── networks.nac.yaml│ └── defaults.nac.yaml├── main.tf├── terraform.tf└── README.mdAs explained in the introduction, the main.tf file contains the required providers, provider settings and points to the location of all *.yaml file definitions.
module "meraki" { source = "netascode/nac-meraki/meraki" version = "0.3.2"
yaml_directories = ["data"]}Step 1: Configure Provider Authentication
Before proceeding, you need to configure your Meraki API credentials. The Terraform provider requires your API key and organization ID, you can provide them via environment variables:
export MERAKI_API_KEY="your-api-key-here"export MERAKI_ORG_ID="your-org-id-here"Step 2: Review the Initial Configuration
Let’s examine the initial configuration in data/networks.nac.yaml:
---meraki: domains: - name: cisco.com # Replace with your domain administrator: name: admin@cisco.com # Replace with your admin email organizations: - name: Demo Organization networks: - name: Branch-Office-Demo product_types: - appliance - switch - wireless time_zone: America/Los_Angeles notes: Branch office demo network tags: - demo - branch wireless: ssids: - name: Corporate-WiFi ssid_number: "0" enabled: true auth_mode: psk psk: DemoPassword123 encryption_mode: wpa wpa_encryption_mode: WPA2 only use_vlan_tagging: true default_vlan_id: 100This configuration creates:
- A network named “Branch-Office-Demo”
- Support for appliance, switch, and wireless products
- A single SSID with WPA2-PSK authentication
Step 3: Initialize and Apply the Configuration
Initialize Terraform and apply the configuration:
# Initialize Terraformterraform init
# Review the planned changesterraform plan
# Apply the configurationterraform applyTerraform will show you the resources it plans to create. Type yes when prompted to confirm the changes.
After successful execution, you should see output similar to:
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.You can now verify the network was created by logging into your Meraki Dashboard and checking the networks section.
Step 4: Adding Additional Configuration
Let’s expand the configuration by adding switch port configuration and additional wireless settings. Update your data/networks.nac.yaml:
---meraki: domains: - name: cisco.com # Replace with your domain administrator: name: admin@cisco.com # Replace with your admin email organizations: - name: Demo Organization networks: - name: Branch-Office-Demo product_types: - appliance - switch - wireless time_zone: America/Los_Angeles notes: Branch office demo network tags: - demo - branch wireless: ssids: - name: Corporate-WiFi ssid_number: "0" enabled: true auth_mode: psk psk: DemoPassword123 encryption_mode: wpa wpa_encryption_mode: WPA2 only use_vlan_tagging: true default_vlan_id: 100 - name: Guest-WiFi ssid_number: "1" enabled: true auth_mode: open splash_page: Click-through splash page appliance: vlans: - vlan_id: 100 name: Data VLAN subnet: 10.1.100.0/24 appliance_ip: 10.1.100.1 dhcp_handling: Run a DHCP server dhcp_lease_time: 1 day - vlan_id: 200 name: Voice VLAN subnet: 10.1.200.0/24 appliance_ip: 10.1.200.1 dhcp_handling: Run a DHCP server dhcp_lease_time: 1 dayApply the updated configuration:
terraform applyThis will add:
- A guest WiFi network with captive portal
- RF profile for wireless optimization
- Switch power settings
- VLAN configuration on the security appliance
Step 5: Using Default Values
The defaults.nac.yaml file allows you to set organization-wide defaults. Let’s create some default wireless settings:
---defaults: meraki: domains: organizations: networks: wireless: ssids: enabled: true ip_assignment_mode: Bridge mode use_vlan_tagging: false switch: settings: vlan: 1 use_combined_power: false uplink_client_sampling: true mac_blocklist: false appliance: firewall: l3_firewall_rules: rules: - comment: Block Bad Traffic policy: deny protocol: udp source_port: 1433 source_cidr: Any destination_port: 1433 destination_cidr: AnyWhen you apply this configuration, these defaults will be applied to all networks unless explicitly overridden in the specific network configuration.
Step 6: Organizing Configuration Files
As your configuration grows, you can organize it across multiple files:
data/├── meraki.nac.yaml # Top-level organization settings├── networks_branch.nac.yaml # Branch office networks├── networks_campus.nac.yaml # Campus networks├── devices.nac.yaml # Device-specific settings└── defaults.nac.yaml # Default valuesEach file follows the same YAML structure and will be automatically loaded by the Terraform module.
Step 7: Removing Resources
To remove resources, you can either:
- Remove the configuration from your YAML files and run
terraform apply - Use
terraform destroyto remove all managed resources
For example, to remove the Guest-WiFi SSID, simply delete its configuration block from the YAML file and run:
terraform applyTerraform will detect the removed configuration and delete the SSID from your Meraki network.
Next Steps
This simple example demonstrates the core concepts of managing Meraki networks with Network as Code. You can extend this approach to:
- Manage multiple organizations and networks
- Configure advanced wireless features like splash pages and access control
- Set up switch port configurations and VLAN assignments
- Configure security appliance firewall rules and VPN settings
- Implement device-specific configurations and templates
For more advanced scenarios, explore the comprehensive examples in the Data Model documentation and consider setting up CI/CD pipelines for automated deployments.