It's not the last rule, it's the second to last rule. When you make the call to get the rules from your test network it includes the two bottom Meraki "default" rules. - Wireless clients access LAN - Default rule If you look at the "Wireless client access LAN rule you'll see that the 'destCidr' is a string, 'Local LAN'. That's your problem. It's not an acceptable value to pass in. { 'comment': 'Wireless clients accessing LAN', 'ipVer': 'ipv4', 'policy': 'deny', 'protocol': 'Any', 'destPort': 'Any', 'destCidr': 'Local LAN', # <--- This one } Neither of those two Meraki "default rules need to be passed in. They already exist in the destination Network you're configuring (again by default). So, you'll want to delete those last two rules in the list before making the API call to PUT all the rules in the destination Network. If you need to adjust the "Wireless clients accessing LAN" rule you don't want to pass the actual rule in with your rules, you need to add the additional API parameter allowLanAccess. The last rule "Default rule" is not adjustable. It's always Allow IPv4 Any Any Any.
... View more