Dashboard Location: Switching > Configure > Access Policies
Switch access policies configuration in Meraki switches provides comprehensive 802.1X network access control and RADIUS authentication management, enabling administrators to implement enterprise-grade security policies for port-based network access. This functionality supports hybrid authentication modes, dynamic VLAN assignment, voice VLAN management, and integration with RADIUS servers for centralized authentication and accounting. Switch access policies are essential for securing network access, implementing role-based connectivity, controlling device authentication, and maintaining compliance with enterprise security requirements.
Name Type Constraint Mandatory Default Value access_policies List [access_policies]No
Name Type Constraint Mandatory Default Value name String min: 1, max: 127 No radius_servers List [radius_servers]No radius Class [radius]No guest_port_bouncing Boolean true, falseNo radius_accounting_servers List [radius_accounting_servers]No radius_group_attribute Choice “, 11 No host_mode Choice Multi-Auth, Multi-Domain, Multi-Host, Single-HostNo access_policy_type Choice 802.1x, Hybrid authentication, MAC authentication bypassNo increase_access_speed Boolean true, falseNo guest_vlan_id Any Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] [1-9][0-9] [1-9][0-9]2 voice_vlan_clients Boolean true, falseNo url_redirect_walled_garden_ranges List String[min: 1, max: 1024] No radius_testing Boolean true, falseNo radius_coa_support Boolean true, falseNo radius_accounting Boolean true, falseNo url_redirect_walled_garden Boolean true, falseNo dot1x_control_direction Choice both, inboundNo
Name Type Constraint Mandatory Default Value host String min: 1, max: 127 No port Integer min: 0, max: 65535 No secret String min: 1, max: 127 No organization_radius_server_name String min: 1, max: 127 No
Name Type Constraint Mandatory Default Value critical_auth Class [critical_auth]No failed_auth_vlan_id Any Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] [1-9][0-9] [1-9][0-9]2 re_authentication_interval Integer min: 1, max: 86400 No cache Class [cache]No
Name Type Constraint Mandatory Default Value host String min: 1, max: 127 No port Integer min: 0, max: 65535 No secret String min: 1, max: 127 No organization_radius_server_name String min: 1, max: 127 No
Name Type Constraint Mandatory Default Value data_vlan_id Any Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] [1-9][0-9] [1-9][0-9]2 voice_vlan_id Any Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] [1-9][0-9] [1-9][0-9]2 suspend_port_bounce Boolean true, falseNo
Name Type Constraint Mandatory Default Value enabled Boolean true, falseNo timeout Integer min: 1, max: 600 No
Example-1: The example below demonstrates access policy configuration.
This configuration implements network access control through policy-based authentication and authorization. The example includes authentication methods, VLAN assignments, and access restrictions for different user types and device categories.
This configuration defines an access policy named “Test Policy” that uses Hybrid authentication, combining 802.1X and MAC-based authentication. It supports the following key features:
This policy ensures flexible and secure network access for multiple clients per port, while integrating tightly with RADIUS for authentication, accounting, and dynamic access control.
- name : !env network_name
access_policy_type : Hybrid authentication
dot1x_control_direction : both
# guest_port_bouncing: false
increase_access_speed : true
suspend_port_bounce : false
radius_accounting_servers :
radius_group_attribute : ""
url_redirect_walled_garden : false
