Meraki

Community

API - Block a device from an SSID

Solved
CiscoUser
Here to help
‎Feb 17 2019 8:53 AM
‎Feb 17 2019 8:53 AM

API - Block a device from an SSID

I need help with blocking a device from a specific SSID using API.

There is an option to do so in the Meraki UI by selecting the client:

 

DevPolicy.PNG


It does the work just fine. I am looking to find a way to do the same using an API request.


checking client policy by

/networks/[networkId]/clients/[client_mac]/policy

Before changing:

{

    "mac": "__MAC___",

    "type": "Normal"

}

After changing

{

    "mac": "__MAC___",

    "type": "Different policies by SSID",

    "ssids": {

        "0": {

            "type": "Normal",

            "name": "SSID_Name0"

        },

        "1": {

            "type": "Normal",

            "name": "SSID_Name1"

        },

        "3": {

            "type": "Blocked",

            "name": "SSID_Name3"

        }

    }

}

I know I can send a request with device policy being whitelisted/blocked/normal/group, but I aim for "Different policies by SSID" or any other way to achieve it, if anyone knows.

 

Thanks in advance

0 Kudos
1 Accepted Solution
CiscoUser
Here to help
‎Feb 26 2019 1:57 AM
‎Feb 26 2019 1:57 AM

Thanks for trying to help, found the way.

PUT request to
api.meraki.com/api/v0/networks/{{NetworkId}}/clients/{{ClientMac}}/policy?timespan=86400&devicePolicy=Different policies by SSID

with the body

blocked_msg=&access=custom&custom_policy%5B0%5D=-1&custom_policy%5B1%5D=-1&custom_policy%5B3%5D=1&ids%5B%5D=DEVICE_ID

(when parsed it looks like this:)
parsed.png

Will get the result of the client having 'Normal' policy towards ssids with ID 0 and 1
'Blocked' for ssid with ID 3 

View solution in original post

0 Kudos
4 Replies 4
HodyCrouch
Building a reputation
‎Feb 17 2019 9:22 AM
‎Feb 17 2019 9:22 AM

The API does not appear to support setting different group policies for a client by SSID.  I'm not aware of any workaround.

CiscoUser
Here to help
‎Feb 26 2019 1:57 AM
‎Feb 26 2019 1:57 AM

Thanks for trying to help, found the way.

PUT request to
api.meraki.com/api/v0/networks/{{NetworkId}}/clients/{{ClientMac}}/policy?timespan=86400&devicePolicy=Different policies by SSID

with the body

blocked_msg=&access=custom&custom_policy%5B0%5D=-1&custom_policy%5B1%5D=-1&custom_policy%5B3%5D=1&ids%5B%5D=DEVICE_ID

(when parsed it looks like this:)
parsed.png

Will get the result of the client having 'Normal' policy towards ssids with ID 0 and 1
'Blocked' for ssid with ID 3 

0 Kudos
In response to CiscoUser
kmoney33
New here
‎Dec 6 2019 12:23 PM
‎Dec 6 2019 12:23 PM

Would love to use this myself! I'm not following the url you're using for the request. As far as I know you can't put spaces in the url, so how were you able to accomplish adding "devicePolicy=Different policies by SSID" to the end of the put request?

0 Kudos
Gal_Tfilin
Comes here often
‎Nov 8 2021 8:25 AM
‎Nov 8 2021 8:25 AM

I tried @CiscoUser 's solution and could not make it work.

However, I managed to find the documentation of that functionality under the following API:

https://developer.cisco.com/meraki/api/#!provision-network-clients

under schema definition.

You should set Per connection policy and list the SSIDs you would like to change the device's policy for them

 

Here is an example for a request's body that would block device for specific SSIDs:

{
   "mac": "aa:aa:aa:aa:aa:aa",
    "devicePolicy": "Per connection",
    "timespan": 2592000,
    "policiesBySsid": {
       "9": {
         "devicePolicy": "Blocked"
       }
    }
}

 

Sending this body in a post request to /networks/{networkId}/clients/provision will block any device with MAC aa:aa:aa:aa:aa:aa from connecting to SSID on index 9(you can get that using GET /networks/{networkId}/ssids)

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.