Skip to content
Network as Code

Group Policies

Dashboard Location: Network-wide > Configure > Group Policies

Group Policy Management

Group policies in Meraki provide centralized client management and access control by applying consistent network policies to groups of devices or users. These policies enable granular control over bandwidth allocation, VLAN assignment, firewall rules, traffic shaping, and access scheduling. Group policies streamline network administration by allowing policy-based management rather than individual device configuration, supporting role-based access control, and enabling dynamic policy application based on user authentication or device classification.

Diagram

Diagram

Classes

group_policies (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
schedulingClass[scheduling]No
bandwidthClass[bandwidth]No
firewall_and_traffic_shapingClass[firewall_and_traffic_shaping]No
content_filteringClass[content_filtering]No
vlan_taggingClass[vlan_tagging]No
bonjour_forwardingClass[bonjour_forwarding]No

scheduling (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
mondayClass[monday]No
tuesdayClass[tuesday]No
wednesdayClass[wednesday]No
thursdayClass[thursday]No
fridayClass[friday]No
saturdayClass[saturday]No
sundayClass[sunday]No

bandwidth (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
settingsChoicecustom, ignore, network defaultNo
bandwidth_limitsClass[bandwidth_limits]No

firewall_and_traffic_shaping (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
settingsChoicecustom, ignore, network defaultNo
traffic_shaping_rulesList[traffic_shaping_rules]No
l3_firewall_rulesList[l3_firewall_rules]No
l7_firewall_rulesList[l7_firewall_rules]No

content_filtering (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
allowed_url_patternsClass[allowed_url_patterns]No
blocked_url_patternsClass[blocked_url_patterns]No
blocked_url_categoriesClass[blocked_url_categories]No

vlan_tagging (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
settingsChoicecustom, ignore, network defaultNo
vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2

bonjour_forwarding (meraki.domains.organizations.networks.group_policies)

NameTypeConstraintMandatoryDefault Value
settingsChoicecustom, ignore, network defaultNo
rulesList[rules]No

monday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

tuesday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

wednesday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

thursday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

friday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

saturday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

sunday (meraki.domains.organizations.networks.group_policies.scheduling)

NameTypeConstraintMandatoryDefault Value
activeBooleantrue, falseNo
fromStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No
toStringRegex: ^(?:0:00|0:30|1:00|1:30|2:00|2:30|3:00|3:30|4:00|4:30|5:00|5:30|6:00|6:30|7:00|7:30|8:00|8:30|9:00|9:30|00:00|00:30|01:00|01:30|02:00|02:30|03:00|03:30|04:00|04:30|05:00|05:30|06:00|06:30|07:00|07:30|08:00|08:30|09:00|09:30|10:00|10:30|11:00|11:30|12:00|12:30|13:00|13:30|14:00|14:30|15:00|15:30|16:00|16:30|17:00|17:30|18:00|18:30|19:00|19:30|20:00|20:30|21:00|21:30|22:00|22:30|23:00|23:30|24:00)$No

bandwidth_limits (meraki.domains.organizations.networks.group_policies.bandwidth)

NameTypeConstraintMandatoryDefault Value
limit_upIntegermin: 0, max: 1000000No
limit_downIntegermin: 0, max: 1000000No

traffic_shaping_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)

NameTypeConstraintMandatoryDefault Value
definitionsList[definitions]Yes
per_client_bandwidth_limitsClass[per_client_bandwidth_limits]No
dscp_tag_valueIntegermin: 0, max: 63No
pcp_tag_valueIntegermin: 0, max: 7No
priorityChoicelow, normal, highNo

l3_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)

NameTypeConstraintMandatoryDefault Value
commentStringmin: 1, max: 127No
policyStringmin: 1, max: 127Yes
protocolChoicetcp, udp, icmp, icmp6, anyYes
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
destination_cidrStringRegex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$No

l7_firewall_rules (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping)

NameTypeConstraintMandatoryDefault Value
policyChoicedenyNo
typeChoiceapplication, applicationCategory, host, ipRange, portNo
valueStringmin: 1, max: 127No

allowed_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)

NameTypeConstraintMandatoryDefault Value
settingsChoiceappend, network default, overrideNo
patternsListString[min: 1, max: 1024]No

blocked_url_patterns (meraki.domains.organizations.networks.group_policies.content_filtering)

NameTypeConstraintMandatoryDefault Value
settingsChoiceappend, network default, overrideNo
patternsListString[min: 1, max: 1024]No

blocked_url_categories (meraki.domains.organizations.networks.group_policies.content_filtering)

NameTypeConstraintMandatoryDefault Value
settingsChoiceappend, network default, overrideNo
categoriesListString[min: 1, max: 127]No

rules (meraki.domains.organizations.networks.group_policies.bonjour_forwarding)

NameTypeConstraintMandatoryDefault Value
descriptionStringmin: 1, max: 1024No
vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
servicesListChoice[AFP, AirPlay, All Services, Apple screen share, BitTorrent, Chromecast, FTP, Printers, SSH, Samba, Scanners, Spotify, iChat, iTunes]Yes

definitions (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)

NameTypeConstraintMandatoryDefault Value
typeChoiceapplication, applicationCategory, host, ipRange, localNet, portYes
valueStringmin: 1, max: 127Yes

per_client_bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules)

NameTypeConstraintMandatoryDefault Value
settingsChoicenetwork default, ignore, customNo
bandwidth_limitsClass[bandwidth_limits]No

bandwidth_limits (meraki.domains.organizations.networks.group_policies.firewall_and_traffic_shaping.traffic_shaping_rules.per_client_bandwidth_limits)

NameTypeConstraintMandatoryDefault Value
limit_upIntegermin: 0, max: 1000000No
limit_downIntegermin: 0, max: 1000000No

Examples

Example-1: The example below demonstrates group policy configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "!env network_name"
              product_types:
                - appliance
                - switch
                - wireless
              group_policies:
                - name: "Corporate-Users"
                  scheduling:
                    enabled: false
                  bandwidth:
                    settings: "network default"
                  firewall_and_traffic_shaping:
                    settings: "network default"
                  splash_auth_settings: "network default"
                  vlan_tagging:
                    settings: "custom"
                    vlan_id: 10
                  bonjour_forwarding:
                    settings: "network default"
                - name: "Guest-Access"
                  scheduling:
                    enabled: true
                    monday:
                      active: true
                      from: "08:00"
                      to: "18:00"
                    tuesday:
                      active: true
                      from: "08:00"
                      to: "18:00"
                    wednesday:
                      active: true
                      from: "08:00"
                      to: "18:00"
                    thursday:
                      active: true
                      from: "08:00"
                      to: "18:00"
                    friday:
                      active: true
                      from: "08:00"
                      to: "18:00"
                    saturday:
                      active: false
                      from: "00:00"
                      to: "24:00"
                    sunday:
                      active: false
                      from: "00:00"
                      to: "24:00"
                  bandwidth:
                    settings: "custom"
                    bandwidth_limit_up: 5000
                    bandwidth_limit_down: 10000
                  firewall_and_traffic_shaping:
                    settings: "custom"
                    l3_firewall_rules:
                      - comment: "Allow web browsing"
                        policy: "allow"
                        protocol: "tcp"
                        destination_cidr: "Any"
                        destination_port: "80,443"
                      - comment: "Block internal networks"
                        policy: "deny"
                        protocol: "any"
                        destination_cidr: "10.0.0.0/8"
                        destination_port: "Any"
                  splash_auth_settings: "network default"
                  vlan_tagging:
                    settings: "custom"
                    vlan_id: 100
                  bonjour_forwarding:
                    settings: "disabled"