Meraki

Community

Forescout with Meraki MS - VLAN port changes (via API)

K-V
Here to help
‎Oct 9 2025 7:13 AM
‎Oct 9 2025 7:13 AM

Forescout with Meraki MS - VLAN port changes (via API)

Has anyone actually got the Forescout API working to change Meraki MS switchport VLAN settings based on Forescout configurations?  We are trying to get this working, but are getting extremely long times between the Forescout sending the API PUT call, till the switch actually receives it and makes the change.  Sometimes in excess of 12 hours.  Obviously, this is not going to be a great help for dynamic VLAN changes when a device is plugged into a port...12 hours is not a great wait time.  

 

We have a network switch, setup with no complex configs - basic VLAN for access, and trunk port.  This is registered to the cloud no issues and can ping the Forescout appliance.

We have the Forescout appliance loaded with the Meraki plugin and configured with the API key.  It all seems to be going OK. 

 

Until we want to start using this on Meraki access switches. 

 

The Forescout gets the syslog event message, and generates the API call and sends the PUT msg.   But then the switch doesnt do anything - no API call received or anything until an average 12 hours later.  only then does it apply.  What we need to do is change a VLAN, based on the user's group when they connect up. 

 

We have load the API key, and configured the syslog server on the Meraki network.  The Meraki plugin on the Forescout appliance seems to be working, and it can discover the switch.  

 

I can't help but feel like were missing something obvious, but I dont know where to look.  I'm not super familiar with Forescout (we have another engineer taking care of this part), but I have full access on the Meraki stack. 

 

Has anyone actually gotten this to work using API calls?  is there anything else i need to do to make this to work, other than the API key, and syslog configuration?

0 Kudos
8 Replies 8
Oren
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Oct 9 2025 7:22 AM
‎Oct 9 2025 7:22 AM

12 hours does not seem reasonable by any mean..

Question. If you make an API call using postman/curl/python - how long does it take for the port configuration to update?

I have a suspicion. Your organization ID or serial number of one of the switches will allow me to confirm it (you can DM it if you prefer).

K-V
Here to help
‎Oct 9 2025 1:27 PM
‎Oct 9 2025 1:27 PM

postman works without issue.  no delay.

 

curious about your suspicion.  will DM for some more info

  

0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Oct 10 2025 12:22 AM
‎Oct 10 2025 12:22 AM

Sparked my curiosity as well. o.O

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
sungod
Kind of a big deal
Kind of a big deal
‎Oct 10 2025 12:55 AM
‎Oct 10 2025 12:55 AM

Have you looked at the API analytics pages in Dashboard to see what it shows?

 

 

0 Kudos
In response to sungod
K-V
Here to help
‎Oct 10 2025 5:26 AM
‎Oct 10 2025 5:26 AM

yup - checked the API dashboard page. no rate limits hit.  

however, I do see a ton of successful calls made.  not sure if this is normal.  

still looking at various options to test this further.  

0 Kudos
In response to K-V
Oren
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Oct 10 2025 6:34 AM
‎Oct 10 2025 6:34 AM

Since rate limit hits is off the table, and an API call using Postman is updating the port immediately - I wonder when does Forescout make the API call to make the configuration change.

You can test it yourself. Trigger a port to change the vlan (via Forescout), wait for it to update, then - download the API logs (upper right button on the API page) and look for an API call make to the relevant switchport (you can filter the calls based on the URL).
If the API call was made in a timely manner, and was successful - that's a question for Meraki support.
If the API call was made after some time - that's a question for Forescout.

Good luck!

0 Kudos
In response to K-V
sungod
Kind of a big deal
Kind of a big deal
‎Oct 10 2025 8:23 AM
‎Oct 10 2025 8:23 AM

The reason I asked, is as @Oren says, it gives you a way to check if the call is being made as expected.

 

By checking the analytics numbers before/after, you should be able to tell if the call is getting held up by Forescout, rather than made immediately.

K-V
Here to help
a month ago
a month ago

Just wanted to feedback to everyone here. We never found the exact issue, however, we suspect it to have something to do with setup procedure.

We eventually just did everything from scratch.
Deleted the API key, removed the syslog entries, and deleted the Forescout config. (When we originally started this, we created the API key, and loaded it onto Forescout where it registered. Only then did we change syslog details on the Meraki network.)


Then did it all again.
New API key, syslog config and Forescout Meraki plugin load and config. This time, we created the API key, configured the syslog events on Meraki network and only then loaded the API key on Forescout (once all the Meraki setup steps were done)


I can't imagine how the procedure would make a difference, but at least worth noting the steps I guess.


We are now facing a 10 min window, instead of 12 hours like before. VAST improvement. Still not near instant as when using postman, but much better.

We will be playing with timers on Forescout to see if this can be improved as well. If we manage to improve this, I'll feedback here.

Almost wish we can reproduce the 12 hour issue now to find the actual problem...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.