MX device ports

PavanP
Here to help

MX device ports

Hi,

 

We are using approximately 70 MX65 devices in our Organization. Each MX device is having 12 LAN ports. We would like to know if Meraki provides an option to shutdown unused interfaces to avoid any outside user connectivity.

9 REPLIES 9
KarstenI
Kind of a big deal
Kind of a big deal

You can disable the unused ports under "Addressing & VLANs".

Hi We tried disabling port before but that option is not working. I am attaching screen shots for reference.

 

We are using Sigle LAN. Do you know if that might be the reason Disable option is not working. Meraki1.JPGMeraki2.JPG

Hi Kastenl 

 

We are using Single LAN on our MX devices. Disabling port on VLANs and changing back to Single LAN is not carrying disable option. We will start using VLANs instead of Single LAN.

 

Thanks,

PKP.

Bruce
Kind of a big deal

@PavanP I don't use Single-VLAN much, but just experimented and saw what you are saying; when you're in Single-VLAN mode there appears to be no option from the Dashboard to enable/disable ports or apply an access-policy - the screen that provides access to that just doesn't exist. 

 

You could try disabling the port from the Local Status page for the MX device, that might work. Not ideal but could achieve the outcome you want if you don't need to change these often.

 

I'd also be making a wish to have access to these settings from the Dashboard when in Single-VLAN mode.

Hi Bruce,

 

I tested on Local status page enable & disable options for LAN ports and are working absolutely fine.

Meraki3.JPG

Bruce
Kind of a big deal

@PavanP So you *could* set it from the Local Admin page - although for 70 MX devices that's not ideal. Have you tried using the API to configure a MX when its in Single-VLAN mode? (https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-port). It might work, it may just be that the capability isn't there in the Dashboard, but is achievable from the API (would also be a lot quicker to update the 70 MX devices, especially if they are all or mostly the same configuration).

@Bruce I haven't used API before to enable or disable ports. I am receiving error while testing can verify in attached screen shot if URL is wrong.

Meraki4.JPEG

Bruce
Kind of a big deal

@PavanP I just tried it on my lab network, and it doesn't work anyway. The API call returns an error, 

"VLANs are not enabled for this network". So looks like the outcome is that you can't control the LAN ports on an MX if you're in Single-VLAN mode, other than through the Local Status page.... which sucks (unless anyone can come up with another way). (The obvious answer is to enable VLANs, and just configure all the ports as access ports on one VLAN - unless there was a reason for using Single-VLAN, like running OSPF).
 
Time to hit that 'Make a wish' button...
PhilipDAth
Kind of a big deal
Kind of a big deal

@KarstenI has nailed it.

 

A far more complex option is to make all the devices authenticate using 802.1x to something like Active Directory.  If a device doesn't authenticate - no access (or Internet only).

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X) 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels