cancel
Showing results for 
Search instead for 
Did you mean: 

Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

pjc
Getting noticed

Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

Hi Guys,

 

As a result of my findings with AutoRF, and for best practice, having to create lots of new networks for geo located access points, I'm faced with the issue where when I previously added a client to a (large) network for a group policy (no splash screen, all other attributes the dafualt of the ssid), I now am faced with having to add that client (mac address) to the same group policy but now in 120+ networks (instead of previously 2 large networks (with all of our wan sites in them))

Meraki support have suggested the only way to do this is to use API's, so I started off with Postman, and downloaded the Meraki API dashboard plugin.

So, I can see how I can add a mac address to a single network ( using this API - Provisions a client with a name and policy. Clients can be provisioned before they associate to the network. ), however, I need to add this mac to now 120 networks.

Has anyone any suggestions on how to easily do this, or have any example code ?  Can it be done in Postman, or do I need to use curl or python ?  If the latter, has anyone any sample code I can use ?

I'll only be replacing the "mac" element of the code and applying it to all networks, so once the code has been setup I can run it as and when needed as new clients need adding to the group policy

I'm a Postman, Curl and Python noob too, so appreciate the easiest method - Thanks

 

Hope this makes sense :-)

 

Thanks all in advance

8 REPLIES 8
Head in the Cloud

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

It might be easier to create a group policy with this device added and your other base changes and copy it to each network.

pjc
Getting noticed

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

Hi @SoCalRacer , thanks, but as we get a number of requests every week for clients to go into our 'no splash screen' poilcy, we'd end up with many policies across all of networks

 

Annoyingly, configuration sync can sync the group policies themselves, but does not sync the clients in those policies.  And, if we were whitelisting the clients (using the whitelisting method), we could use configuration sync to sync those clients, however, whitelisting stops the splash screen from being displayed (what we want) but at the same time also removes the bandwidth control of the SSID for the whitelisted client (what we dont want)

 

I'm sure this must be a simple task that others are already doing, hopefully someone will see this post

 

Thanks

Head in the Cloud

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

What I was saying was make a new policy, mirror the no spash screen policy and add the device then copy the new policy to all other networks.

 

Outside of that you can use the API, but you either need to get more experience with it or see if you can find some code to reuse.

pjc
Getting noticed

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

@SoCalRacerthanks again, but I think that's a non-starter too, as when you clone a group policy, it doesn't add the clients to that new policy.  We have over 1400 clients on the policy, so I would have to add all of those again to the new (cloned) policy.

Then when you use configuration sync, it creates the policy (the new clone) in the destination networks, but doesn't copy over the clients who are in that (new cloned) policy, you would still need to go into each network and add the 1400 clients (+ the new clients)....mulitply that by 120 networks and you can see why I'm looking to script this

 

Thanks

Head in the Cloud

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

Sounds like you will be making these kind of changes regularly. I would recommend taking a python course. My thoughts on scripting it; Start with something basic, use Python and pull all the networkIds into a csv or txt file. Then start moving on making the changes to one network. Then add a loop to make the same change to parse through all the networksIds in the txt file.

pjc
Getting noticed

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

@SoCalRacerThat's great advice on the Python scripting, I think that's the way forward.  Thanks again.

In the meantime, if anyone else has any sample python script for this type of thing, feel free to share ;-)

Here to help

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

We didn't use templates for our wireless networks, so when I want to change the PSK for an SSID in our organization, I have to go into each network. Here's a snippet of the python code I use to make that crawl. 

import meraki

suppressprint = True
templateid = None

apikey = input("Enter API key: ")

orgs = meraki.myorgaccess(apikey,suppressprint) # All accessible OrgIDs from API Key

   for org in orgs: # crawl through your orgs if you have more than one
      myorg = org['id']
      networks = meraki.getnetworklist(apikey, myorg, templateid, suppressprint)
         if network: # test that networks actually exist
            for net in networks: # crawl each network

               # insert your code here

Anyway, that should crawl through things for you. You'd just need to add your code for what you want to do. Having never played with group policy via the API this is about as far as I can get you. 

 

Hope this helps,

Jason

 

pjc
Getting noticed

Re: Meraki API Noob - Adding a client to a group policy in multiple MR networks - Please help!

@Jason-907Thanks Jason, much appreciated.  That's a good place for me to start when referencing the networkId variable

 

Thanks

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.