Meraki

tjh188

Is there a way to run a shut command on all unused MS switch ports that are not used via an API call? We want to tighten our security so no one can gain unauthorized access to our network. Right now, if you plug into the MS, you get access.

Thanks in advance.

sungod

You can use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-statuses-by-switch/ to get all the current port details.

Then parse that to choose which ports to shut down... https://developer.cisco.com/meraki/api-v1/update-device-switch-port/

The update action can also be done in an action batch to speed things up.

But there's a risk if the port is used but not currently connected that you'd block a needed port, you'd really need to keep some table of 'protected' ports to leave alone, or tag such ports and look out for the tag when deciding. I don't think the statuses endpoint gets the tags but you could use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ to retrieve them.

Bear in mind that if an attacker has physical access, they could simply pull the cable from a live port and still gain access that way. Using access policies would be better, see... https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

tjh188

The https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ does not show if anything is plugged into it or not. Is there another call that will show if anything is plugged in currently?

I think that we are close.

sungod

Sorry, I pasted the wrong endpoint first time, see the updated posting.

Meraki

Community

Admin Down switch ports via API

Admin Down switch ports via API