Skip to content

Instantly share code, notes, and snippets.

@zlinuxboy
Forked from lukas2511/meraki-init.sh
Created March 16, 2023 05:02
Show Gist options
  • Save zlinuxboy/ade07fecfe5d2b56deda31b0110a61c1 to your computer and use it in GitHub Desktop.
Save zlinuxboy/ade07fecfe5d2b56deda31b0110a61c1 to your computer and use it in GitHub Desktop.
Meraki MS220-8P config without cloud bullshit
#!/bin/sh
# This script configures a meraki ms220-8p switch completely from scratch
# See https://leo.leung.xyz/wiki/Meraki_MS220-8P for rooting instructions
# You can keep config and config.local completely empty, but i'd recommend to add a configuration
# which isolates all ports from each other.
# Without that you might have switching loops on bootup (unlikely since STP keeps longer to initialize
# than it takes this script to take over, but it just feels cleaner).
# Next to the configuration in this script I'd recommend adding a newer busybox binary to the system
# Simply put busybox-mipsel into /storage, cp it to /bin/busybox on init and run /bin/busybox --install
# Definitive TODO: Figure out how to disable management dhcp client
# Obviously a ton of other TODOs, but all features I really need are reversed by now
# Kill everything except for a few critical services
# We do not want Meraki's software talking to the cloud.
ps | grep -vE '\[|init|syslog|ntpd|watchdog' | awk '{print $1}' | while read i ; do kill -9 $i ; done
freeze -w
# IP Config (IP Netmask Gateway MTU Broadcast VID)
echo 192.168.178.254 255.255.255.0 192.168.178.1 1500 192.168.178.255 1 > /click/set_host_ip/run
# IPv6 Config (Link-Local IPv6 Netmask Gateway $whatever VID)
echo fe80::254 fd00::192:168:178:254 64 fd00::192:168:178:1 whatever 1 > /click/set_host_ip6/run
# DNS
echo nameserver 192.168.178.1 > /etc/resolv.conf
# Re-Enable SSH (Password Authentication is disabled!)
dropbear -E -r /storage/dropbear/dropbear_rsa_host_key -s -p 22
#echo "root:meraki" | chpasswd
echo "ssh-rsa <foobar> <whatever>" > /etc/dropbear/authorized_keys
echo "allow tcp dst port 22" > /click/nat/from_sw0_filter/config
# Switch config
# ALLOWED_VLANS: format unclear, single vlan tag seems to work
# ALLOW_TAGGED_IN: 0/1
# ALLOW_UNTAGGED_IN: 0/1
# PVID: $vlan-id
# UNTAGGED_VID: $vlan-id (?)
# Keep in mind that ALLOW_TAGGED_IN/ALLOW_UNTAGGED_IN will change what other parameters are expected (and may cause errors if left set)
echo "PORT 1, ALLOWED_VLANS 1, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 1, UNTAGGED_VID 1" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 2, ALLOWED_VLANS 1, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 1, UNTAGGED_VID 1" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 3, ALLOWED_VLANS 2, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 2, UNTAGGED_VID 2" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 4, ALLOWED_VLANS 2, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 2, UNTAGGED_VID 2" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 5, ALLOWED_VLANS 3, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 3, UNTAGGED_VID 3" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 6, ALLOWED_VLANS 3, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 3, UNTAGGED_VID 3" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 7, ALLOWED_VLANS 4, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 4, UNTAGGED_VID 4" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 8, ALLOWED_VLANS 4, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 4, UNTAGGED_VID 4" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 9, ALLOWED_VLANS 1-4094, ALLOW_TAGGED_IN 1, ALLOW_UNTAGGED_IN 0" > /click/switch_port_table/set_vlan_allports_conf
echo "PORT 10, ALLOWED_VLANS 1-4094, ALLOW_TAGGED_IN 1, ALLOW_UNTAGGED_IN 0" > /click/switch_port_table/set_vlan_allports_conf
# Force SFP slots to 1G (at least my test modules didn't work with auto negotation)
echo "PORT 9, MODE forced, FORCE_SPEED 1Gfdx" > /click/switch_port_table/set_port_phy_cfgs
echo "PORT 10, MODE forced, FORCE_SPEED 1Gfdx" > /click/switch_port_table/set_port_phy_cfgs
# Link Aggregation (VLAN config is done on physical ports)
echo true > /click/switch_port_table/enable_lacp_on_single_ports
echo "AGGR 0, MEMBERS '9,10'" > /click/switch_port_table/add_link_aggr
echo "AGGR 0, MEMBERS '9,10', FLAGS rp" > /click/switch_port_table/setup_link_aggrs
# Disable CDP (lol)
echo false > /click/cdp_source/send_cdp
echo false > /click/cdp_source/active
for i in $(seq 1 10); do
echo "PORT $i, ENABLED 0" > /click/cdp_source/active_ports
done
# Setup LLDP
echo "CiscoDisco" > /click/lldp_source/system_name
echo "Cisco Meraki MS220-8P" > /click/lldp_source/system_desc
echo 0 > /click/lldp_source/is_router
echo 0 > /click/lldp_source/is_ap
echo 1 > /click/lldp_source/is_bridge
echo 0 > /click/lldp_source/include_meraki_nethash
echo 30000 > /click/lldp_source/interval_ms
echo 1 > /click/lldp_source/send_lldp
for i in $(seq 1 10); do
echo "PORT $i, ACTIVE 1" > /click/lldp_source/active_ports
done
# cat /click/switch_table/hosts # show lldp neighs
# Setup STP
echo "PRIORITY 61440, HELLO_TIME 2, FORWARD_DELAY 15, MAX_AGE 20, HOLDCOUNT 6" > /click/stp/set_params
# Adjust the LED to green
echo 1 > /click/sw0_ctrl/power_led_green
echo 0 > /click/sw0_ctrl/power_led_orange
# Cleanup
killall sync_log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment