Meraki MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with structured access to the Cisco Meraki Dashboard โ organizations, networks, devices, clients, wireless, switching, and appliance operations.
Note: This project is maintained by Wyre Technology.
Quick Start
Claude Code (CLI):
claude mcp add meraki-mcp \
-e MERAKI_API_KEY=your-api-key \
-e MERAKI_ORG_ID=your-org-id \
-- npx -y github:wyre-technology/meraki-mcp
See Installation for Docker and from-source methods.
Features
- ๐ MCP Protocol Compliance: Full support for MCP tools over stdio and HTTP transports
- ๐ Network Coverage: Tools spanning organizations, networks, devices, clients, wireless, switching, and appliance (MX) operations
- ๐ Flattened Navigation:
meraki_navigateandmeraki_statusare stateless discovery aids โ every tool is callable at any time - ๐ Safety by Default: Read-only mode is ON by default; writes are gated and destructive actions require explicit confirmation
- ๐งฐ Long-Tail Escape Hatch:
meraki_raw_requestreaches any Meraki v1 endpoint not covered by a curated tool - ๐ณ Docker Ready: Containerized deployment with HTTP transport and health checks
- ๐ Structured Logging: Configurable log levels
Installation
Option 1: Docker
docker run -d \
-e MERAKI_API_KEY=your-key \
-e MERAKI_ORG_ID=your-org-id \
-p 8080:8080 \
ghcr.io/wyre-technology/meraki-mcp:latest
Option 2: From Source
git clone https://github.com/wyre-technology/meraki-mcp.git
cd meraki-mcp
npm ci
npm run build
Configuration
| Variable | Description | Default |
|---|---|---|
MERAKI_API_KEY | Meraki Dashboard API key | โ |
MERAKI_ORG_ID | Default organization ID (optional) | โ |
MERAKI_BASE_URL | Override the Meraki API base URL (optional) | โ |
READ_ONLY_MODE | Safety switch โ blocks all writes when true | true |
MCP_TRANSPORT | Transport mode (stdio or http) | stdio |
MCP_HTTP_PORT | HTTP server port | 8080 |
AUTH_MODE | Auth mode (env or gateway) | env |
LOG_LEVEL | Log level (debug, info, warn, error) | info |
The legacy
READ_ONLYvariable is also honored;READ_ONLY_MODEtakes precedence.
Safety Model
This server defaults to read-only. Write operations (updates, reboots, deletions) are blocked unless you explicitly set READ_ONLY_MODE=false.
- Read tools (
*_list,*_get) are always available. - High-impact writes (e.g.
meraki_networks_update,meraki_devices_reboot,meraki_wireless_ssids_update) are gated by read-only mode. - Destructive tools (
meraki_networks_delete,meraki_devices_remove) additionally require aconfirm_destructive_action: trueargument. The confirmation flag is never forwarded to the Meraki API. - The
meraki_raw_requestescape hatch classifies the call by HTTP method:GETis a read;POST/PUT/DELETEare writes;DELETEis destructive.
Domains
All tools are returned upfront. Use meraki_navigate to explore a domain's tools, or meraki_status to check connectivity and the configured organization.
| Domain | Tools |
|---|---|
| organizations | meraki_organizations_list, meraki_organizations_get, meraki_organizations_inventory_list |
| networks | meraki_networks_list, meraki_networks_get, meraki_networks_update โ , meraki_networks_delete โ โ |
| devices | meraki_devices_list, meraki_devices_get, meraki_devices_reboot โ , meraki_devices_remove โ โ |
| clients | meraki_clients_list, meraki_clients_get, meraki_clients_get_policy, meraki_clients_update_policy โ |
| wireless | meraki_wireless_ssids_list, meraki_wireless_ssids_update โ , meraki_wireless_rf_profiles_list |
| switch | meraki_switch_ports_list, meraki_switch_ports_update โ , meraki_switch_port_statuses_list |
| appliance | meraki_appliance_firewall_l3_get, meraki_appliance_firewall_l3_update โ , meraki_appliance_vpn_status_get |
| (long tail) | meraki_raw_request |
โ = high-impact write ยท โ โ = destructive / irreversible
Docker Deployment
Copy .env.example to .env and fill in your credentials:
cp .env.example .env
# Edit .env with your Meraki API key (and org ID)
docker run --env-file .env -p 8080:8080 ghcr.io/wyre-technology/meraki-mcp:latest
Development
npm ci
npm run build # Build the project
npm run start # Run over stdio
npm run start:http # Run the HTTP transport
npm run test # Run tests
Testing
npm test
The test suite covers the safety contract: read-only enforcement, destructive confirmation, and that confirm_destructive_action is never forwarded to the SDK.
License
Apache 2.0 โ Copyright WYRE Technology