Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Org wide group policy for some clients

jamesw
Getting noticed
‎Aug 12 2023 9:33 AM
‎Aug 12 2023 9:33 AM

Org wide group policy for some clients

If you have 5000 networks, and you want to apply a custom group policy to some clients across your org, how can this be achieved without creating 5000 group policies (one per network) and mapping the client to each network's created group policy?

 

Basically, we are looking to assign some clients a particular policy across the estate.

 

Also, how many clients can be added to a group policy? We need potentially 100k+.

 

Thanks

0 Kudos
Subscribe
11 Replies 11
RaphaelL
Kind of a big deal
Kind of a big deal
‎Aug 12 2023 11:21 AM
‎Aug 12 2023 11:21 AM

You would need network templates. Which is not always possible.

0 Kudos
Subscribe
In response to RaphaelL
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 12 2023 11:38 AM
‎Aug 12 2023 11:38 AM

One more thing to add.

 

Note: There is a limit of 3,000 clients that can have a group policy manually applied per network. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
jamesw
Getting noticed
‎Aug 12 2023 1:46 PM
‎Aug 12 2023 1:46 PM

Thanks @RaphaelL and @alemabrahao.

 

I thought as much.

 

I read the same about the 3,000 limit for group policies. I've tested, via API, adding tends of thousands of client MACs and it's accepted it just fine, so now not so sure:

 

jamesw_0-1691873106556.png

 

If using network templates, can you do group policies within them?

 

Thanks

0 Kudos
Subscribe
In response to jamesw
RaphaelL
Kind of a big deal
Kind of a big deal
‎Aug 12 2023 2:08 PM
‎Aug 12 2023 2:08 PM

Yes. You will only have to maintain '1' GP since it is shared to all networks bound to that template.

0 Kudos
Subscribe
In response to RaphaelL
jamesw
Getting noticed
‎Aug 12 2023 3:58 PM
‎Aug 12 2023 3:58 PM

So if I apply all networks in the org to a template, and add the clients to a group policy defined on the template, the clients will get assigned the policy on ALL networks mapped to the template?

0 Kudos
Subscribe
In response to jamesw
RaphaelL
Kind of a big deal
Kind of a big deal
‎Aug 12 2023 4:00 PM
‎Aug 12 2023 4:00 PM

No , that will save you from creating the same GP on all your networks. 

0 Kudos
Subscribe
In response to RaphaelL
jamesw
Getting noticed
‎Aug 12 2023 4:06 PM
‎Aug 12 2023 4:06 PM

I don't follow.

 

1. You create a template and add all your networks to it.

2. You create a group policy inside the template.

3. You assign clients to the group policy.

 

As the group policy is mapped to the template, isn't any client added to the group policy mapped to all networks?

 

Are you saying that despite having a group policy at template level, you still have to go into each network separately and add a client to the group policy, for the same MAC?

0 Kudos
Subscribe
In response to jamesw
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 12 2023 4:24 PM
‎Aug 12 2023 4:24 PM

The Group Policy can be created in the template, but you must apply it to the clients individually in each network, as the clients do not appear in the template.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
jamesw
Getting noticed
‎Aug 13 2023 2:00 AM
‎Aug 13 2023 2:00 AM

Thanks.

 

As per above then, is there a limit of clients? Meraki's group policy page says 3,000 for manually applied, however I've been able to add 70,000 without error...

0 Kudos
Subscribe
In response to jamesw
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 13 2023 6:41 AM
‎Aug 13 2023 6:41 AM

I don't know if you will exactly get an error.

For such a large number of clients I prefer to apply Group Policies via Active Directory Group.

But this limit is per network, okay?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to jamesw
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 14 2023 1:08 AM
‎Aug 14 2023 1:08 AM

What you'll find is that although you managed to add them via API, other things will now be broken, like using the Dashboard to edit certain group policy settings.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.