Block device from API

SOLVED
NeilB
Getting noticed

Block device from API

Hi All,

 

I'm creating an App that can be rolled out to our Service Desk and Security Team to allow them to manage users devices etc. on our networks from the API.

 

One of the bits i'm looking to do is block a device from the network if we see any malicious activity etc. being conducted on that device. However, i'm unable to find what the policy ID maybe for the in built Meraki Blocked policy.

 

I've checked a device that is blocked on a network from the API and it says normal, even though on the dashboard it is actually blocked with a custom message being presented to it. :S

 

Any one had this issue before and can maybe shed some light on this?

 

Thank you!

 

Cheers

N

1 ACCEPTED SOLUTION
DexterLaBora
Meraki Employee
Meraki Employee

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

View solution in original post

9 REPLIES 9
DexterLaBora
Meraki Employee
Meraki Employee

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

Thats the fella!

Thank you!

Actually, is there a way to add in the blocked note when sending the API POST?


@DexterLaBora wrote:

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/happy wheelsprovision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 


This worked great. I've been digging into this for over an hour! Thanks.

finally something that actually worked, thanks to you man @claybarber funny work quotes

DillonofAnch17
Getting noticed

@NeilB Do you have a GitHub repo I can reference? This sounds awesome!!

noemijmorgan
New here

Really great answers to your question, we were informed, thank you. @noemi

Jackmash2
New here

DexterLaBora actually worked, thanks to you man @DexterLaBora

IsiahAtkins
New here

Thanks for it.  This endpoint allows you to create and manage block devices.  @dotsnel

Get notified when there are additional replies to this discussion.