Skip to content

Switch Access Policies Configuration

Dashboard Location: Switching > Configure > Access Policies

Network Access Control Management

Switch access policies configuration in Meraki switches provides comprehensive 802.1X network access control and RADIUS authentication management, enabling administrators to implement enterprise-grade security policies for port-based network access. This functionality supports hybrid authentication modes, dynamic VLAN assignment, voice VLAN management, and integration with RADIUS servers for centralized authentication and accounting. Switch access policies are essential for securing network access, implementing role-based connectivity, controlling device authentication, and maintaining compliance with enterprise security requirements.

Diagram

Diagram

Classes

switch (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
access_policiesList[access_policies]No

access_policies (meraki.domains.organizations.networks.switch)

NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
radius_serversList[radius_servers]No
radiusClass[radius]No
guest_port_bouncingBooleantrue, falseNo
radius_accounting_serversList[radius_accounting_servers]No
radius_group_attributeChoice“, 11No
host_modeChoiceMulti-Auth, Multi-Domain, Multi-Host, Single-HostNo
access_policy_typeChoice802.1x, Hybrid authentication, MAC authentication bypassNo
increase_access_speedBooleantrue, falseNo
guest_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
voice_vlan_clientsBooleantrue, falseNo
url_redirect_walled_garden_rangesListString[min: 1, max: 1024]No
radius_testingBooleantrue, falseNo
radius_coa_supportBooleantrue, falseNo
radius_accountingBooleantrue, falseNo
url_redirect_walled_gardenBooleantrue, falseNo
dot1x_control_directionChoiceboth, inboundNo

radius_servers (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127No
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
organization_radius_server_nameStringmin: 1, max: 127No
server_nameStringmin: 1, max: 127No

radius (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
critical_authClass[critical_auth]No
failed_auth_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
re_authentication_intervalIntegermin: 1, max: 86400No
cacheClass[cache]No

radius_accounting_servers (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127No
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
organization_radius_server_nameStringmin: 1, max: 127No
server_nameStringmin: 1, max: 127No

critical_auth (meraki.domains.organizations.networks.switch.access_policies.radius)

NameTypeConstraintMandatoryDefault Value
data_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
voice_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
suspend_port_bounceBooleantrue, falseNo

cache (meraki.domains.organizations.networks.switch.access_policies.radius)

NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
timeoutIntegermin: 1, max: 600No

Examples

Example-1: The example below demonstrates switch access policies configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
switch:
access_policies:
- name: Test Policy
access_policy_type: Hybrid authentication
dot1x_control_direction: both
host_mode: Multi-Auth
increase_access_speed: true
radius:
critical_auth:
suspend_port_bounce: false
radius_accounting: true
radius_accounting_servers:
- host: 100.64.0.230
port: 1813
secret: testing123
radius_coa_support: true
radius_group_attribute: ""
radius_servers:
- host: "!env radius_auth_server"
port: 1812
secret: "!env radius_auth_secret"
radius_testing: true
voice_vlan_clients: true