Meraki

Community

Block device from API

Solved
NeilB
Getting noticed
‎Jul 8 2019 3:39 AM
‎Jul 8 2019 3:39 AM

Block device from API

Hi All,

 

I'm creating an App that can be rolled out to our Service Desk and Security Team to allow them to manage users devices etc. on our networks from the API.

 

One of the bits i'm looking to do is block a device from the network if we see any malicious activity etc. being conducted on that device. However, i'm unable to find what the policy ID maybe for the in built Meraki Blocked policy.

 

I've checked a device that is blocked on a network from the API and it says normal, even though on the dashboard it is actually blocked with a custom message being presented to it. :S

 

Any one had this issue before and can maybe shed some light on this?

 

Thank you!

 

Cheers

N

Labels:
0 Kudos
1 Accepted Solution
DexterLaBora
Meraki Employee
Meraki Employee
‎Jul 8 2019 4:24 AM
‎Jul 8 2019 4:24 AM

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

View solution in original post

9 Replies 9
DexterLaBora
Meraki Employee
Meraki Employee
‎Jul 8 2019 4:24 AM
‎Jul 8 2019 4:24 AM

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

In response to DexterLaBora
NeilB
Getting noticed
‎Jul 8 2019 4:39 AM
‎Jul 8 2019 4:39 AM

Thats the fella!

Thank you!
In response to DexterLaBora
NeilB
Getting noticed
‎Jul 10 2019 2:13 AM
‎Jul 10 2019 2:13 AM

Actually, is there a way to add in the blocked note when sending the API POST?
0 Kudos
In response to DexterLaBora
claybarber
New here
‎Sep 11 2019 12:06 AM
‎Sep 11 2019 12:06 AM

@DexterLaBora wrote:

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/happy wheelsprovision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

This worked great. I've been digging into this for over an hour! Thanks.

In response to DexterLaBora
MollyEskam
New here
‎Jul 16 2020 6:25 AM
‎Jul 16 2020 6:25 AM

finally something that actually worked, thanks to you man @claybarber funny work quotes

0 Kudos
DillonofAnch17
Getting noticed
‎Aug 14 2019 6:00 PM
‎Aug 14 2019 6:00 PM

@NeilB Do you have a GitHub repo I can reference? This sounds awesome!!

0 Kudos
noemijmorgan
New here
‎Nov 10 2020 12:00 AM
‎Nov 10 2020 12:00 AM

Really great answers to your question, we were informed, thank you. @noemi

Jackmash2
New here
‎Jan 18 2022 6:45 AM
‎Jan 18 2022 6:45 AM

DexterLaBora actually worked, thanks to you man @DexterLaBora

IsiahAtkins
New here
‎May 20 2022 5:14 AM
‎May 20 2022 5:14 AM

Thanks for it.  This endpoint allows you to create and manage block devices.  @dotsnel

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.