Meraki API - Update the policy assigned to a client on the network not complete

BB
Here to help

Meraki API - Update the policy assigned to a client on the network not complete

Dear,

while Return the policy assigned to a client on the network return the correct information (see below)

There is no implementation visible to also set this information for a certain client.

Is there a way to set this information in a API call?

 

"Different policy by SSID"

 

0 : @{type=Blocked; name=WIFI-Guest}
1 : @{type=Group policy; group_number=100; name=WIFI}
4 : @{type=Normal; name=WIFI_D}
mac : AA:BB:CC:0D:EE:00
type : Different policies by SSID

8 Replies 8
Mihail
Meraki Employee
Meraki Employee

You can set the group policy of a client by using this call: https://dashboard.meraki.com/api_docs#update-the-policy-assigned-to-a-client-on-the-network

You will need to pass the groupPolicyId of the policy you want to activate as JSON body.

 

Postman proposes this as Python 3 code to do it: 

import http.client

conn = http.client.HTTPConnection("api,meraki,com")

payload = "{\n  \"groupPolicyId\": 102\n}"

headers = {
    'X-Cisco-Meraki-API-Key': {{apiKey}},
    'Content-Type': "application/json"
    }

conn.request("PUT", "api,v0,networks,{{networkId}},clients,{{clientMac}},policy", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

The example above assumes you want to activate a Group Policy with ID 102. Substitute {{apiKey}}, {{networkId}} and {{clientMac}} for actual values in your organization.

 

Even better, you could use the Meraki Python module to do it: https://github.com/meraki/dashboard-api-python

The correct call in the module is:

 

meraki.updateclientpolicy(apikey, networkid, clientmac, policy, policyid=None, suppressprint=False)

 

You can find the groupPolicyId of your policy by listing the Group Policies available in your Network: 

https://dashboard.meraki.com/api_docs#list-the-group-policies-in-a-network

 

Hope this helps.

 

BB
Here to help

Hello Mihail,

 

Thanks for your answer.

I know how to set the group policy by API and also the API documentation is correct in that.

This way you bind a group policy to a client for just one SSID

 

But this problem is about setting the "different policy by ssid" with the API

 

 diffssid pol.PNG

 

Best regards, Ben

HodyCrouch
Building a reputation

As far as I can tell, the API does not support assigning group policies by ssid.

 

I should point out that the documentation for setting the policy is incomplete (or inaccurate, depending on your point of view).  The valid values for devicePolicy are whitelisted, blocked, normal, group.  Note that "group policy" is not a valid value.  You can see these values in Meraki's python library (https://github.com/meraki/dashboard-api-python/blob/master/meraki.py#L1327).

 

If a device has group policies set by ssid, you can retrieve the details from the API.  Here's what the response looks like:

 

{
  "mac": "aa:bb:cc:dd:ee:ff",
  "type": "Different policies by SSID",
  "ssids": {
    0: {
      "type": "Normal",
      "name": "ssid0"
    },
    1: {
      "type": "Group policy",
      "group_number": 100,
      "name": "ssid1"
    },
    2: {
      "type": "Whitelisted",
      "name": "ssid2"
    },
    14: {
      "type": "Blocked",
      "name": "ssid14"
    }
  }
}

Unfortunately, I don't see any way with the current API to set the client policy to something like that.

BB
Here to help

Hi,

 

Exactly my point.

 

I know how to get the info and also know how to set the correct info at the API but In my point of view if u have that option in the dashboard Meraki developers are able to implement this in short term at the API also.

 

Still searching for an API Wish list.

 

 

DaveRey
Here to help

I don't know if this got solved for any of you folks, but I found the proper format to send a client per SSID policy. Maybe this will help someone that finds this... took me awhile to get it.    Make sure to have the correct number of SSIDs definded.

 

{
    "policiesBySsid": {
        "0": {
            "devicePolicy": "Blocked"
        },
        "1": {
            "devicePolicy": "Whitelisted"
        },
        "2": {
            "devicePolicy": "Blocked"
        }
    },
    "mac": "00:aa:bb:11:22:aa",
    "name": "Test",
    "devicePolicy": "Per connection"
}

 

robp2175
New here

I know this is a bit of an old thread @DaveRey, but would you mind sharing the full code for doing this? I am just getting familiar with this and would really appreciate the help.

DaveRey
Here to help

Did you get it figured out?  It's just a POST in whatever language you are using. (I use perl/curl).

You POST the data as shown, "0" being the first SSID in your list in the GUI as shown above, "1" being the second etc.  POST to the client provisioning api.  I use version0 for this, I'm not sure it works in the v1 api.

 

Perl might look something like this:

$curlstring = 'curl -H X-Cisco-Meraki-API-Key:'.$KEY.' -H Content-Type:application/json -X POST --data-binary "{\\"mac\\":\\"'.$macaddress.'\\",\\"name\\":\\"'.$computername.'\\",\\"devicePolicy\\":\\"Per connection\\",\\"policiesBySsid\\":{\\"0\\":{\\"devicePolicy\\":\\"Blocked\\"},\\"1\\":{\\"devicePolicy\\":\\"Whitelisted\\"}}}" https://api.meraki.com/api/v0/networks/N_12345etc890/clients/provision';

$result = `$curlstring`;

But what ever way you post it, just be sure to post it to the wireless network your client is in just as if you are "provisioning" it.

 

Don't know if that helps, or makes it worse 😋

Cheers

Iznik
New here

To add more detail to this thread in case it will be useful in the future. This can be done in v1 api using https://developer.cisco.com/meraki/api-v1/provision-network-clients/

It can be done at any time, either before or after a client has joined the network

Get notified when there are additional replies to this discussion.