Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API is showing device in the Blocked policy, but Dashboard shows Normal

DosPuntoCero
Comes here often
3 weeks ago
3 weeks ago

API is showing device in the Blocked policy, but Dashboard shows Normal

I used the "Update Network Client Policy" API call to try and block a device, and the response of that shows blocked. The "Get Network Client Policy" call shows blocked. But when I look at the device in the Meraki dashboard, it shows the policy as normal and I still have full network access from the machine. It has been about an hour.

The audit logs on the dashboard do show the API call to set the policy.

Please help.

0 Kudos
Subscribe
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Is the policy being applied directly to the client or to the VLAN?

Why don't you apply via dashboard?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
DosPuntoCero
Comes here often
3 weeks ago
3 weeks ago

To the client

Automation

0 Kudos
Subscribe
In response to DosPuntoCero
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Are the groupPolicyId and mac correct?

 

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
DosPuntoCero
Comes here often
3 weeks ago
3 weeks ago

I didn't use a groupPolicyId, because I didn't think you needed to with the default of Blocked, do I need one?

And the MAC is correct.

This is starting to look like Monday Dos' problem.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

You can apply the block to either the whole client, or to just an SSID (for example).  Are you sure you are applying it to the whole client?

Could you post a snippet of your code showing how you are applying the block?

0 Kudos
Subscribe
In response to PhilipDAth
DosPuntoCero
Comes here often
3 weeks ago
3 weeks ago

In PowerShell 7

Set Policy
$MerakiBaseURL = "https://api.meraki.com/api/v1/"
$DevicePolicyURL = $MerakiBaseURL + "networks/XXXXXXXXXXX/clients/XXXXXXXX/policy"
$body = @{"devicePolicy"="Blocked"}
Invoke-RestMethod -Uri $DevicePolicyURL -Headers $MerakiAPIHeader -Method Put -Body ($body |ConvertTo-Json) -ContentType "application/json" -PreserveAuthorizationOnRedirect -SkipCertificateCheck

I run this and it returns the MAC address of the endpoint I am trying to block and that it has a Policy of Blocked.

0 Kudos
Subscribe
In response to DosPuntoCero
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Your code looks correct to me.

>But when I look at the device in the Meraki dashboard, it shows the policy as normal

This is making me think you have either the wrong network ID or the wrong client ID.  It sounds like you are updating something - but not what you are looking at in the dashboard.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.