topic Re: Admin Down switch ports via API in Network Platform API

Admin Down switch ports via API

tjh188 — Mon, 27 Jan 2025 18:33:01 GMT

Is there a way to run a shut command on all unused MS switch ports that are not used via an API call? We want to tighten our security so no one can gain unauthorized access to our network. Right now, if you plug into the MS, you get access.

Thanks in advance.

Re: Admin Down switch ports via API

sungod — Mon, 27 Jan 2025 18:59:44 GMT

You can use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-statuses-by-switch/ to get all the current port details.

Then parse that to choose which ports to shut down... https://developer.cisco.com/meraki/api-v1/update-device-switch-port/

The update action can also be done in an action batch to speed things up.

But there's a risk if the port is used but not currently connected that you'd block a needed port, you'd really need to keep some table of 'protected' ports to leave alone, or tag such ports and look out for the tag when deciding. I don't think the statuses endpoint gets the tags but you could use https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ to retrieve them.

Bear in mind that if an attacker has physical access, they could simply pull the cable from a live port and still gain access that way. Using access policies would be better, see... https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

Re: Admin Down switch ports via API

tjh188 — Mon, 27 Jan 2025 19:16:20 GMT

The https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ does not show if anything is plugged into it or not. Is there another call that will show if anything is plugged in currently?

I think that we are close.

Re: Admin Down switch ports via API

sungod — Mon, 27 Jan 2025 19:21:38 GMT

Sorry, I pasted the wrong endpoint first time, see the updated posting.

Re: Admin Down switch ports via API

tjh188 — Mon, 03 Feb 2025 15:29:41 GMT

Good Morning,

I can run the https://developer.cisco.com/meraki/api-v1/get-organization-switch-ports-by-switch/ and it displays only some of the switches in my organization. I have over 700 that I want to pull. What is the easiest way to do that? I would be targetting my Templates in bulk so if there is a way to pull all of the switchports within an individual template, that would be great!

Re: Admin Down switch ports via API

sungod — Mon, 03 Feb 2025 18:20:21 GMT

That endpoint returns a maximum of 50 records per call, are you following the pagination process to get all the pages?

https://developer.cisco.com/meraki/api-v1/pagination/#pagination

If you are using Python, the Meraki Python library can handle pagination for you...

https://github.com/meraki/dashboard-api-python