Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12564
Views
7
Helpful
9
Replies

Block device from API

Go to solution
Bails1664
Level 2
Level 2

‎07-08-2019 03:39 AM

Hi All,

I'm creating an App that can be rolled out to our Service Desk and Security Team to allow them to manage users devices etc. on our networks from the API.

One of the bits i'm looking to do is block a device from the network if we see any malicious activity etc. being conducted on that device. However, i'm unable to find what the policy ID maybe for the in built Meraki Blocked policy.

I've checked a device that is blocked on a network from the API and it says normal, even though on the dashboard it is actually blocked with a custom message being presented to it. :S

Any one had this issue before and can maybe shed some light on this?

Thank you!

Cheers

N

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DexterLabora
Cisco Employee
Cisco Employee

‎07-08-2019 04:24 AM

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

Related API endpoints

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policies

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

important params

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

Hope this helps!

View solution in original post

9 Replies 9

Go to solution
DexterLabora
Cisco Employee
Cisco Employee

‎07-08-2019 04:24 AM

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

Related API endpoints

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policies

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/provision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

important params

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

Hope this helps!

Go to solution
Bails1664
Level 2
Level 2
In response to DexterLabora

‎07-08-2019 04:39 AM

Thats the fella!

Thank you!

Go to solution
Bails1664
Level 2
Level 2
In response to DexterLabora

‎07-10-2019 02:13 AM

Actually, is there a way to add in the blocked note when sending the API POST?
0 Helpful

Go to solution
claybarber
Community Member
In response to DexterLabora

‎09-11-2019 12:06 AM

@DexterLabora wrote:

You might be looking at per-SSID policies. The Dashboard API can set a client device to a Group Policy but not specific to an SSID. If you just need to block a user, then set a Group Policy to the device with strict limits or just set it to "Blocked"

Related API endpoints

You can find the available Group Policies for a network and their respective ID
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/group-policies/get-network-group-policies

To assign a policy to a new or existing client
https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/happy wheelsprovision-network-clients

To assign a policy to an existing client only

https://developer.cisco.com/meraki/api/#/rest/api-endpoints/clients/update-network-client-policy

important params

devicePolicy
String

The policy to apply to the specified client. Can be 'Whitelisted', 'Blocked', 'Normal' or 'Group policy'. Required.

groupPolicyId
String

The ID of the desired group policy to apply to the client. Required if 'devicePolicy' is set to "Group policy". Otherwise this is ignored.

Example using the provision endpoint (works for all clients)

POST /networks/{networkId}/clients/provision

Body: Provision as Blocked

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Blocked"
}

Body: Provision as Group Policy

{
"mac": "00:11:22:33:44:55",
"name": "Miles's phone",
"devicePolicy": "Group policy",
"groupPolicyId": "99"
}

Hope this helps!

This worked great. I've been digging into this for over an hour! Thanks.

Go to solution
MollyEskam
Community Member
In response to DexterLabora

‎07-16-2020 06:25 AM

finally something that actually worked, thanks to you man @claybarber funny work quotes

0 Helpful

Go to solution
DillonWhite9048
Level 1
Level 1

‎08-14-2019 06:00 PM

@Bails1664 Do you have a GitHub repo I can reference? This sounds awesome!!

0 Helpful

Go to solution
noemijmorgan
Community Member

‎11-10-2020 12:00 AM

Really great answers to your question, we were informed, thank you. @noemi

Go to solution
Jackmash2
Community Member

‎01-18-2022 06:45 AM

DexterLaBora actually worked, thanks to you man @DexterLaBora

Go to solution
IsiahAtkins
Community Member

‎05-20-2022 05:14 AM

Thanks for it. This endpoint allows you to create and manage block devices. @dotsnel

0 Helpful
Customers Also Viewed These Support Documents