I used the "Update Network Client Policy" API call to try and block a device, and the response of that shows blocked. The "Get Network Client Policy" call shows blocked. But when I look at the device in the Meraki dashboard, it shows the policy as normal and I still have full network access from the machine. It has been about an hour.
The audit logs on the dashboard do show the API call to set the policy.
Please help.
Is the policy being applied directly to the client or to the VLAN?
Why don't you apply via dashboard?
To the client
Automation
Are the groupPolicyId and mac correct?
I suggest you open a support case.
I didn't use a groupPolicyId, because I didn't think you needed to with the default of Blocked, do I need one?
And the MAC is correct.
This is starting to look like Monday Dos' problem.
You can apply the block to either the whole client, or to just an SSID (for example). Are you sure you are applying it to the whole client?
Could you post a snippet of your code showing how you are applying the block?
In PowerShell 7
Set Policy
$MerakiBaseURL = "https://api.meraki.com/api/v1/"
$DevicePolicyURL = $MerakiBaseURL + "networks/XXXXXXXXXXX/clients/XXXXXXXX/policy"
$body = @{"devicePolicy"="Blocked"}
Invoke-RestMethod -Uri $DevicePolicyURL -Headers $MerakiAPIHeader -Method Put -Body ($body |ConvertTo-Json) -ContentType "application/json" -PreserveAuthorizationOnRedirect -SkipCertificateCheck
I run this and it returns the MAC address of the endpoint I am trying to block and that it has a Policy of Blocked.
Your code looks correct to me.
>But when I look at the device in the Meraki dashboard, it shows the policy as normal
This is making me think you have either the wrong network ID or the wrong client ID. It sounds like you are updating something - but not what you are looking at in the dashboard.