Group Policies
Dashboard Location: Network-wide > Configure > Group Policies
Group Policy Management
Section titled “Group Policy Management”Group policies in Meraki provide centralized client management and access control by applying consistent network policies to groups of devices or users. These policies enable granular control over bandwidth allocation, VLAN assignment, firewall rules, traffic shaping, and access scheduling. Group policies streamline network administration by allowing policy-based management rather than individual device configuration, supporting role-based access control, and enabling dynamic policy application based on user authentication or device classification.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”group_policies (meraki.domains.organizations.networks)
Section titled “group_policies (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| scheduling | Class | [scheduling] | No | |
| bandwidth | Class | [bandwidth] | No | |
| firewall_and_traffic_shaping | Class | [firewall_and_traffic_shaping] | No | |
| content_filtering | Class | [content_filtering] | No | |
| vlan_tagging | Class | [vlan_tagging] | No | |
| bonjour_forwarding | Class | [bonjour_forwarding] | No |
scheduling (meraki.domains.organizations.networks.group_policies)
Section titled “scheduling (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | No | |
| monday | Class | [monday] | No | |
| tuesday | Class | [tuesday] | No | |
| wednesday | Class | [wednesday] | No | |
| thursday | Class | [thursday] | No | |
| friday | Class | [friday] | No | |
| saturday | Class | [saturday] | No | |
| sunday | Class | [sunday] | No |
bandwidth (meraki.domains.organizations.networks.group_policies)
Section titled “bandwidth (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | custom, ignore, network default | No | |
| bandwidth_limits | Class | [bandwidth_limits] | No |
firewall_and_traffic_shaping (meraki.domains.organizations.networks.group_policies)
Section titled “firewall_and_traffic_shaping (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | custom, ignore, network default | No | |
| traffic_shaping_rules | List | [traffic_shaping_rules] | No | |
| l3_firewall_rules | List | [l3_firewall_rules] | No | |
| l7_firewall_rules | List | [l7_firewall_rules] | No |
content_filtering (meraki.domains.organizations.networks.group_policies)
Section titled “content_filtering (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allowed_url_patterns | Class | [allowed_url_patterns] | No | |
| blocked_url_patterns | Class | [blocked_url_patterns] | No | |
| blocked_url_categories | Class | [blocked_url_categories] | No |
vlan_tagging (meraki.domains.organizations.networks.group_policies)
Section titled “vlan_tagging (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | custom, ignore, network default | No | |
| vlan_id | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
bonjour_forwarding (meraki.domains.organizations.networks.group_policies)
Section titled “bonjour_forwarding (meraki.domains.organizations.networks.group_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | custom, ignore, network default | No | |
| rules | List | [rules] | No |
monday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “monday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
tuesday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “tuesday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
wednesday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “wednesday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
thursday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “thursday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
friday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “friday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
saturday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “saturday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
sunday (meraki.domains.organizations.networks.group_policies.scheduling)
Section titled “sunday (meraki.domains.organizations.networks.group_policies.scheduling)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active | Boolean | true, false | No | |
| from | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No | |
| to | String | Regex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$ | No |
bandwidth_limits (meraki.domains.organizations.networks.group_policies.bandwidth)
Section titled “bandwidth_limits (meraki.domains.organizations.networks.group_policies.bandwidth)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| limit_up | Integer | min: 0, max: 1000000 | No | |
| limit_down | Integer | min: 0, max: 1000000 | No |
traffic_shaping_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)
Section titled “traffic_shaping_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| definitions | List | [definitions] | Yes | |
| per_client_bandwidth_limits | Class | [per_client_bandwidth_limits] | No | |
| dscp_tag_value | Integer | min: 0, max: 63 | No | |
| pcp_tag_value | Integer | min: 0, max: 7 | No | |
| priority | Choice | low, normal, high | No |
l3_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)
Section titled “l3_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| comment | String | min: 1, max: 127 | No | |
| policy | String | min: 1, max: 127 | Yes | |
| protocol | Choice | tcp, udp, icmp, icmp6, any | Yes | |
| destination_port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| destination_cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No |
l7_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)
Section titled “l7_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy | Choice | deny | No | |
| type | Choice | application, applicationCategory, host, ipRange, port | No | |
| value | String | min: 1, max: 127 | No |
allowed_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)
Section titled “allowed_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | append, network default, override | No | |
| patterns | List | String[min: 1, max: 1024] | No |
blocked_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)
Section titled “blocked_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | append, network default, override | No | |
| patterns | List | String[min: 1, max: 1024] | No |
blocked_url_categories (meraki.domains.organizations.networks.group_policies.content_filtering)
Section titled “blocked_url_categories (meraki.domains.organizations.networks.group_policies.content_filtering)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | append, network default, override | No | |
| categories | List | String[min: 1, max: 127] | No |
rules (meraki.domains.organizations.networks.group_policies.bonjour_forwarding)
Section titled “rules (meraki.domains.organizations.networks.group_policies.bonjour_forwarding)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | min: 1, max: 1024 | No | |
| vlan_id | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| services | List | Choice[AFP, AirPlay, All Services, Apple screen share, BitTorrent, Chromecast, FTP, Printers, SSH, Samba, Scanners, Spotify, iChat, iTunes] | Yes |
definitions (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)
Section titled “definitions (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | application, applicationCategory, host, ipRange, localNet, port | Yes | |
| value | String | min: 1, max: 127 | Yes |
per_client_bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)
Section titled “per_client_bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| settings | Choice | network default, ignore, custom | No | |
| bandwidth_limits | Class | [bandwidth_limits] | No |
bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules.per_client_bandwidth_limits)
Section titled “bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules.per_client_bandwidth_limits)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| limit_up | Integer | min: 0, max: 1000000 | No | |
| limit_down | Integer | min: 0, max: 1000000 | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates group policy configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway group_policies: - name: IOT scheduling: enabled: true monday: active: true from: 00:00 to: "24:00" tuesday: active: true from: 00:00 to: "24:00" wednesday: active: true from: 00:00 to: "24:00" thursday: active: true from: 00:00 to: "24:00" friday: active: true from: 00:00 to: "24:00" saturday: active: true from: 00:00 to: "24:00" sunday: active: true from: 00:00 to: "24:00" bandwidth: settings: network default firewall_and_traffic_shaping: settings: custom splash_auth_settings: network default vlan_tagging: settings: custom vlan_id: 30 bonjour_forwarding: settings: network default - name: Guest scheduling: enabled: false monday: active: true from: 00:00 to: "24:00" tuesday: active: true from: 00:00 to: "24:00" wednesday: active: true from: 00:00 to: "24:00" thursday: active: true from: 00:00 to: "24:00" friday: active: true from: 00:00 to: "24:00" saturday: active: true from: 00:00 to: "24:00" sunday: active: true from: 00:00 to: "24:00" bandwidth: settings: network default firewall_and_traffic_shaping: settings: custom l3_firewall_rules: - comment: Guest to Internet policy: allow protocol: any destination_cidr: Any destination_port: Any splash_auth_settings: network default vlan_tagging: settings: custom vlan_id: 40 bonjour_forwarding: settings: network default - name: BMS scheduling: enabled: false monday: active: true from: 00:00 to: "24:00" tuesday: active: true from: 00:00 to: "24:00" wednesday: active: true from: 00:00 to: "24:00" thursday: active: true from: 00:00 to: "24:00" friday: active: true from: 00:00 to: "24:00" saturday: active: true from: 00:00 to: "24:00" sunday: active: true from: 00:00 to: "24:00" bandwidth: settings: network default firewall_and_traffic_shaping: settings: custom l3_firewall_rules: - comment: Guest to Internet policy: allow protocol: any destination_cidr: Any destination_port: Any splash_auth_settings: network default vlan_tagging: settings: custom vlan_id: 20 bonjour_forwarding: settings: network default - name: CORP scheduling: enabled: false monday: active: true from: 00:00 to: "24:00" tuesday: active: true from: 00:00 to: "24:00" wednesday: active: true from: 00:00 to: "24:00" thursday: active: true from: 00:00 to: "24:00" friday: active: true from: 00:00 to: "24:00" saturday: active: true from: 00:00 to: "24:00" sunday: active: true from: 00:00 to: "24:00" bandwidth: settings: network default firewall_and_traffic_shaping: settings: custom splash_auth_settings: network default vlan_tagging: settings: custom vlan_id: 10 bonjour_forwarding: settings: network default