cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block device from API

SOLVED
Here to help

Block device from API

Hi All,

 

I'm creating an App that can be rolled out to our Service Desk and Security Team to allow them to manage users devices etc. on our networks from the API.

 

One of the bits i'm looking to do is block a device from the network if we see any malicious activity etc. being conducted on that device. However, i'm unable to find what the policy ID maybe for the in built Meraki Blocked policy.

 

I've checked a device that is blocked on a network from the API and it says normal, even though on the dashboard it is actually blocked with a custom message being presented to it. :S

 

Any one had this issue before and can maybe shed some light on this?

 

Thank you!

 

Cheers

N

1 ACCEPTED SOLUTION

Accepted Solutions
Meraki Employee

Re: Block device from API

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

5 REPLIES 5
Meraki Employee

Re: Block device from API

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 

Here to help

Re: Block device from API

Thats the fella!

Thank you!
Here to help

Re: Block device from API

Actually, is there a way to add in the blocked note when sending the API POST?
Getting noticed

Re: Block device from API

@NeilB Do you have a GitHub repo I can reference? This sounds awesome!!

New here

Re: Block device from API


@DexterLaBora wrote:

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

 

Related API endpoints

 

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policie...

 

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/happy wheelsprovision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

 

important params

 

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

 

 

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

 

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

 

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

 

Hope this helps!

 

 

 


This worked great. I've been digging into this for over an hour! Thanks.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.