- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Admin Down switch ports via API
Is there a way to run a shut command on all unused MS switch ports that are not used via an API call? We want to tighten our security so no one can gain unauthorized access to our network. Right now, if you plug into the MS, you get access.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-statuses-by-switch/ to get all the current port details.
Then parse that to choose which ports to shut down... https://developer.cisco.com/meraki/api-v1/update-device-switch-port/
The update action can also be done in an action batch to speed things up.
But there's a risk if the port is used but not currently connected that you'd block a needed port, you'd really need to keep some table of 'protected' ports to leave alone, or tag such ports and look out for the tag when deciding. I don't think the statuses endpoint gets the tags but you could use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ to retrieve them.
Bear in mind that if an attacker has physical access, they could simply pull the cable from a live port and still gain access that way. Using access policies would be better, see... https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ does not show if anything is plugged into it or not. Is there another call that will show if anything is plugged in currently?
I think that we are close.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I pasted the wrong endpoint first time, see the updated posting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Morning,
I can run the https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ and it displays only some of the switches in my organization. I have over 700 that I want to pull. What is the easiest way to do that? I would be targetting my Templates in bulk so if there is a way to pull all of the switchports within an individual template, that would be great!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That endpoint returns a maximum of 50 records per call, are you following the pagination process to get all the pages?
https://developer.cisco.com/meraki/api-v1/pagination/#pagination
If you are using Python, the Meraki Python library can handle pagination for you...
https://github.com/meraki/dashboard-api-python
