Meraki

Community

Meraki ExCap, Group Policy and Vlan fun....

ShaunCro
Here to help
yesterday
yesterday

Meraki ExCap, Group Policy and Vlan fun....

Hey All, 

 

So I'm currently building my uni a site that manages the wifi front end, essentially it will be the digital gateway to our uni's campus, with all systems (Which are horribly disparate) being linked to from the system, as well as building in a policy acknowledgement module that forces the target audience to read the policy, confirm they have read and understand, confirm they agree, and then digitally sign it off and stored with a time stamp etc in an immutable db, and track compliance for the uni with the option to block a staffs network access until they have read the policies, but having the odd issue with that last part for now, but I can nag the hell out of them, which will do for now.

 

Staff, students and guests all connect to the same SSID and based on a successful login against the student, staff or guest portals, I then drop them in appropriate vlan with the required access rights applied etc. To do this I am using a group policy per vlan and linking that vlan to specific portals, and on success moving them over. This is working perfectly, my problem comes in sometimes with forgetting that client. I often have to search for the client in the client page, set it's policy to normal, then tell the system to forget the client, wait about 5 mins, clear all browser cache and do a complete network reset on the client pc otherwise it carries on picking up the previous vlan it was moved to, but having the limitations of the walled garden applied. I haven't tested if this is still the case when moving to a completely different network yet, I only got this working 2 or 3 days ago with the staff Entra ID SSO and now today students OIDC with google. I also had to set the session timeout in the splash page settings to 30 mins while testing otherwise i wait hours for it to be forgotten. To be honest, I think that the require login is probably the only reason I get allocated to the onboarding vlan again after logging out and going through that rigmarole. 

 

Is there perhaps a meraki api call i can use to force the forgetting of a client mac and session via the api?

 

Thanks in advance.

Shaun

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

There is no direct delete client or force forget endpoint in the standard Meraki Dashboard API for general network clients.

 

If your goal is to boot a user and force them to re-authenticate, you can use the Splash Authorization endpoints if you are using a Splash Page  DELETE /networks/{networkId}/merakiAuthUsers/{merakiAuthUserId}

This deauthorizes the user, requiring them to log back in.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
ShaunCro
Here to help
yesterday
yesterday

I'll take a look and see if I can do that, thanks alemabrahao. I'm using an external splash page, so not one that is hosted by the meraki dash, so things are a bit different to the normal splash pages, and this is my first time buidling something like this, so will see if that is a function that I can call externally.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.