API is showing device in the Blocked policy, but Dashboard shows Normal

DosPuntoCero
Comes here often

API is showing device in the Blocked policy, but Dashboard shows Normal

I used the "Update Network Client Policy" API call to try and block a device, and the response of that shows blocked. The "Get Network Client Policy" call shows blocked. But when I look at the device in the Meraki dashboard, it shows the policy as normal and I still have full network access from the machine. It has been about an hour.

The audit logs on the dashboard do show the API call to set the policy.

Please help.

7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

Is the policy being applied directly to the client or to the VLAN?

Why don't you apply via dashboard?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DosPuntoCero
Comes here often

To the client

Automation

alemabrahao
Kind of a big deal
Kind of a big deal

Are the groupPolicyId and mac correct?

 

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DosPuntoCero
Comes here often

I didn't use a groupPolicyId, because I didn't think you needed to with the default of Blocked, do I need one?

And the MAC is correct.

This is starting to look like Monday Dos' problem.

PhilipDAth
Kind of a big deal
Kind of a big deal

You can apply the block to either the whole client, or to just an SSID (for example).  Are you sure you are applying it to the whole client?

Could you post a snippet of your code showing how you are applying the block?

DosPuntoCero
Comes here often

In PowerShell 7

Set Policy
$MerakiBaseURL = "https://api.meraki.com/api/v1/"
$DevicePolicyURL = $MerakiBaseURL + "networks/XXXXXXXXXXX/clients/XXXXXXXX/policy"
$body = @{"devicePolicy"="Blocked"}
Invoke-RestMethod -Uri $DevicePolicyURL -Headers $MerakiAPIHeader -Method Put -Body ($body |ConvertTo-Json) -ContentType "application/json" -PreserveAuthorizationOnRedirect -SkipCertificateCheck

I run this and it returns the MAC address of the endpoint I am trying to block and that it has a Policy of Blocked.

PhilipDAth
Kind of a big deal
Kind of a big deal

Your code looks correct to me.

>But when I look at the device in the Meraki dashboard, it shows the policy as normal

This is making me think you have either the wrong network ID or the wrong client ID.  It sounds like you are updating something - but not what you are looking at in the dashboard.

Get notified when there are additional replies to this discussion.