Hi,
We are using approximately 70 MX65 devices in our Organization. Each MX device is having 12 LAN ports. We would like to know if Meraki provides an option to shutdown unused interfaces to avoid any outside user connectivity.
You can disable the unused ports under "Addressing & VLANs".
Hi We tried disabling port before but that option is not working. I am attaching screen shots for reference.
We are using Sigle LAN. Do you know if that might be the reason Disable option is not working.
Hi Kastenl
We are using Single LAN on our MX devices. Disabling port on VLANs and changing back to Single LAN is not carrying disable option. We will start using VLANs instead of Single LAN.
Thanks,
PKP.
@PavanP I don't use Single-VLAN much, but just experimented and saw what you are saying; when you're in Single-VLAN mode there appears to be no option from the Dashboard to enable/disable ports or apply an access-policy - the screen that provides access to that just doesn't exist.
You could try disabling the port from the Local Status page for the MX device, that might work. Not ideal but could achieve the outcome you want if you don't need to change these often.
I'd also be making a wish to have access to these settings from the Dashboard when in Single-VLAN mode.
Hi Bruce,
I tested on Local status page enable & disable options for LAN ports and are working absolutely fine.
@PavanP So you *could* set it from the Local Admin page - although for 70 MX devices that's not ideal. Have you tried using the API to configure a MX when its in Single-VLAN mode? (https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-port). It might work, it may just be that the capability isn't there in the Dashboard, but is achievable from the API (would also be a lot quicker to update the 70 MX devices, especially if they are all or mostly the same configuration).
@Bruce I haven't used API before to enable or disable ports. I am receiving error while testing can verify in attached screen shot if URL is wrong.
@PavanP I just tried it on my lab network, and it doesn't work anyway. The API call returns an error,
@KarstenI has nailed it.
A far more complex option is to make all the devices authenticate using 802.1x to something like Active Directory. If a device doesn't authenticate - no access (or Internet only).
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)