← Back to posts
AI & Automation

Cisco Meraki Workflows in Practice: Real Use Cases, Cross-Domain Automation, and AI-Driven Operations

By Travis · · 8 min read
#meraki#workflows#cisco#automation#ise#catalyst-center#agenticops

From Theory to Practice

The first post on Cisco Workflows covered what it is and why it matters. This post is about what you actually build with it. The use cases below range from simple scheduled tasks any team can implement on day one, to advanced cross-domain orchestrations that would have required significant custom development before Workflows existed.

All of these are either available in the Exchange or buildable with the drag-and-drop designer without writing code.

Use Case 1: Branch Network Provisioning

The manual version: A new branch opens. Someone logs into the Meraki Dashboard, creates a new network, claims the devices from inventory, applies the SSID template, configures the security appliance settings, sets up the VPN, applies group policies, and verifies connectivity. Multiply by 50 branches a year and this is weeks of repetitive work.

The Workflow version:

Trigger: Manual (with input parameters)
Inputs: Branch name, address, device serial numbers, VLAN scheme

Step 1: Create network in organization
Step 2: Claim device serials to network
Step 3: Apply network template (SSIDs, firewall rules, VPN config)
Step 4: Set network tags for management segmentation
Step 5: Configure site-to-site VPN peers
Step 6: Wait 5 minutes (device boot time)
Step 7: Verify devices are online (loop with retry)
Step 8: Run connectivity test
Step 9: Generate provisioning summary report
Step 10: Post summary to Slack / Teams / email

Run by the help desk. Parameters filled in via a simple form. Entire branch online in under 15 minutes with zero manual dashboard interaction after clicking Run.

Cross-domain extension: Add steps to register the branch in Catalyst Center, create the site hierarchy, and push ISE policy for the new location — all in the same workflow.

Use Case 2: Device Lifecycle Replacement (RMA Automation)

When a switch or AP fails and a replacement arrives, the traditional process involves looking up the old device’s configuration, manually re-entering it on the new device, and removing the old device from inventory. This is high-touch, error-prone work.

The Workflow:

Trigger: Manual (input: old serial, new serial)

Step 1: GET old device details and configuration from Meraki API
Step 2: Store: network ID, name, tags, address, firmware, notes
Step 3: Remove old device from network
Step 4: Claim new device to same network
Step 5: Apply saved configuration to new device
Step 6: Copy device name, tags, and notes to new device
Step 7: Wait for device to come online (poll with timeout)
Step 8: Verify connectivity
Step 9: Log replacement event with timestamp and device serials

The entire RMA process becomes a two-field form. The NOC tech enters the old and new serial numbers, clicks Run, and the network heals itself. Configuration fidelity is 100% because it’s pulled directly from the API, not transcribed by hand.

Use Case 3: ISE + Meraki — Automated Network Access Policy

One of the most powerful cross-domain use cases: when a security event occurs in ISE (a device fails posture assessment, a user’s credentials are revoked), automatically update the Meraki network policy to restrict or block that endpoint.

The Workflow:

Trigger: Webhook from Cisco ISE (posture failure event)
Input: MAC address, username, failure reason

Step 1: Parse webhook payload — extract MAC, user, endpoint details
Step 2: Look up client in Meraki Dashboard by MAC address
Step 3: Identify which network and AP the client is associated with
Step 4: Apply restricted group policy to client (quarantine VLAN)
Step 5: Send notification to security team (Slack/email/Teams)
Step 6: Create ticket in ServiceNow / Jira with full context
Step 7: Log action with timestamp for compliance audit trail

Optional Step 8: AI LLM Action
  - Input: ISE event details + client history
  - Prompt: "Analyze this security event. Is this a genuine threat, 
    a misconfigured device, or a certificate issue? 
    Recommend: quarantine, remediation steps, or false positive."
  - Output: Recommended action surfaced to security analyst

This workflow closes the gap between your identity system (ISE) and your network enforcement layer (Meraki) automatically, in seconds, at 3am when no one is watching.

Use Case 4: Scheduled Compliance and Inventory Reports

Many organizations need weekly or monthly network reports for compliance, audits, or management dashboards. Generating these manually is tedious and often gets skipped.

The Workflow:

Trigger: Scheduled (every Monday 6am)

Step 1: GET all networks in organization
Step 2: For each network (loop):
  - GET connected clients count
  - GET device status (online/offline/alerting)
  - GET firmware versions
  - GET open alerts
Step 3: AI LLM Action:
  - Input: Aggregated network data
  - Prompt: "Generate an executive summary of network health 
    across all sites. Flag any sites with offline devices, 
    firmware behind current release by more than 2 versions,
    or more than 5 active alerts."
  - Output: Formatted summary
Step 4: Email report to distribution list
Step 5: Post summary to #network-ops Slack channel

Delivered automatically before the Monday morning standup with no human involvement. The AI step means the report isn’t just raw data — it’s interpreted, prioritized, and ready to present.

Use Case 5: Webhook-Triggered Alert Remediation

Meraki generates alerts for dozens of conditions — rogue AP detected, VPN peer down, client VPN authentication failures, high channel utilization, device going offline. Most of these go into an email inbox and get ignored.

With Workflows, each alert type can trigger a targeted remediation workflow.

Example: MX Uplink Down → Automatic Failover Verification

Trigger: Meraki webhook (alert_type: "uplink_down")

Step 1: Parse alert — extract network ID, uplink interface, timestamp
Step 2: GET current uplink status for network
Step 3: Check if secondary uplink is active
Step 4: IF primary down AND secondary up:
  - Log "Failover successful, monitoring"
  - Notify NOC: "Uplink down at [site], failover active, monitoring"
Step 5: IF primary down AND secondary also down:
  - Escalate immediately to on-call engineer
  - Create P1 incident in ticketing system
  - Attempt SD-WAN policy push to alternate path
Step 6: Poll uplink status every 5 minutes for 1 hour
Step 7: When primary recovers, log recovery time and notify

This turns a passive alert into an active response loop. The NOC gets notified with context (“failover active”) instead of raw alerts, and true outages get escalated immediately with a ticket already created.

Use Case 6: AI LLM Actions for Intelligent Decisions

AI LLM Actions are a workflow step type that sends data to a language model and uses the response to drive next steps. This is the “agentic” part of AgenticOps.

Example: Anomaly Detection and Root Cause Analysis

Trigger: Webhook (Meraki alert: unusual client count spike)

Step 1: GET network client details — count, device types, associations
Step 2: GET historical client count baseline (last 30 days)
Step 3: GET current AP channel utilization
Step 4: AI LLM Action:
  Prompt: """
  Network {network_name} has {current_count} clients connected,
  vs a 30-day average of {baseline_avg}.
  
  Client breakdown: {device_types}
  AP utilization: {utilization_data}
  Time: {current_time}, Day: {day_of_week}
  
  Analyze whether this is:
  1. Expected (event, time of day, day of week)
  2. A misconfiguration causing duplicate associations
  3. A potential security incident (unauthorized devices)
  4. A capacity concern requiring AP adjustment
  
  Return: classification, confidence, recommended action.
  """
Step 5: Based on AI output classification:
  - "Expected" → log and close
  - "Misconfiguration" → notify network team with details
  - "Security" → quarantine suspicious MACs, alert security team
  - "Capacity" → run channel optimization workflow

This workflow does in seconds what would take an engineer 10-15 minutes to investigate manually — and it runs at 2am on a Sunday just as effectively as during business hours.

Use Case 7: Multi-Site Security Policy Enforcement

When a new security policy is approved — say, blocking a newly discovered malicious IP range or adding a content filtering category — it needs to be applied across every network consistently and quickly.

Trigger: Manual (with input: policy description)

Step 1: GET all networks in organization
Step 2: Filter to networks with MX security appliances
Step 3: For each MX network (loop):
  - GET current L3 firewall rules
  - Append new deny rule for specified IP/range
  - PUT updated ruleset
  - Log: network name, old rule count, new rule count
Step 4: Verify rule was applied (GET and confirm presence)
Step 5: Generate change report: networks updated, any failures
Step 6: Post to change management channel

What previously required visiting every network individually in the Dashboard — or a custom Python script with manual testing — becomes a parameterized, audited, logged operation.

Best Practices for Building Workflows

Start with the Exchange. Before building anything, check whether the workflow you need already exists. Cisco and partners are actively publishing validated workflows covering common scenarios. Installing and running an Exchange workflow takes minutes.

Build in human approval steps for high-risk changes. The Approval activity pauses a workflow and requires a named approver to confirm before proceeding. Use this for any workflow that modifies firewall rules, changes VLAN assignments, or affects production traffic.

Use variables to make workflows reusable. Hardcoding organization IDs, network names, or email addresses into workflow steps makes them single-use. Variables make the same workflow work across all your customers or sites with different inputs.

Log everything. Add a logging activity at the end of every workflow that records the run timestamp, inputs, outputs, and status. This creates the audit trail compliance teams need and the evidence you need when a change needs to be traced.

Test with non-production networks first. The Meraki Dashboard has no staging environment — changes made by workflows are real. Always test new workflows against a lab or non-critical network before running against production.

Combine Workflows with the AI Assistant. Once a workflow is tested and working, it automatically appears in the AI Assistant. Train your team to use natural language to trigger common automations. “Block all traffic from this client in the New York office” becomes a one-sentence operation.

The Bigger Picture: What Workflows Changes for Network Teams

The shift Workflows enables isn’t just operational efficiency — it changes what network engineers spend their time on.

When repetitive tasks are automated, engineers stop being ticket-processors and start being workflow-designers. The skill shifts from knowing how to navigate the Meraki Dashboard to knowing how to encode operational knowledge into automations that run themselves.

The teams that invest in building their workflow library now — even starting with simple scheduled reports and device replacement automations — are building a compounding advantage. Each workflow added makes the team more capable, more consistent, and more responsive. The teams that don’t are still clicking through dashboards while their workload compounds with every new site, device, and user they manage.

Start with the Exchange. Find the task your team does most often. Automate it this week.

// Found this useful? Share it or start a conversation.
Y Hacker News 𝕏 X in LinkedIn 🦋 Bluesky r/ Reddit
// Related More on similar topics.
AI & Automation May 20, 2025

Using Claude to Automate Cisco Meraki via the Dashboard API

How to use the Claude API with the Cisco Meraki Dashboard API to manage networks, generate configurations, audit security policies, troubleshoot clients, and build intelligent Meraki management tools.
AI & Automation May 19, 2025

Using Claude to Automate Cisco Router Configuration and Diagnostics

Practical Claude API patterns for Cisco routers — generating complex routing policies, parsing BGP and OSPF state, building WAN automation tools, and creating intelligent diagnostic assistants for IOS-XR and IOS-XE routers.
AI & Automation May 18, 2025

Using Claude to Automate Cisco ACI via the APIC REST API

How to use the Claude API with Cisco ACI's APIC REST API to generate tenant policies, audit configurations, troubleshoot endpoint connectivity, and build intelligent ACI management tools.