Dashboard Location: Switching > Configure > Access Policies
Network Access Control Management
Switch access policies configuration in Meraki switches provides comprehensive 802.1X network access control and RADIUS authentication management, enabling administrators to implement enterprise-grade security policies for port-based network access. This functionality supports hybrid authentication modes, dynamic VLAN assignment, voice VLAN management, and integration with RADIUS servers for centralized authentication and accounting. Switch access policies are essential for securing network access, implementing role-based connectivity, controlling device authentication, and maintaining compliance with enterprise security requirements.
Diagram
Classes
switch (meraki.domains.organizations.networks)
Name | Type | Constraint | Mandatory | Default Value |
---|
access_policies | List | [access_policies] | No | |
access_policies (meraki.domains.organizations.networks.switch)
Name | Type | Constraint | Mandatory | Default Value |
---|
name | String | min: 1 , max: 127 | No | |
radius_servers | List | [radius_servers] | No | |
radius | Class | [radius] | No | |
guest_port_bouncing | Boolean | true , false | No | |
radius_accounting_servers | List | [radius_accounting_servers] | No | |
radius_group_attribute | Choice | “, 11 | No | |
host_mode | Choice | Multi-Auth , Multi-Domain , Multi-Host , Single-Host | No | |
access_policy_type | Choice | 802.1x , Hybrid authentication , MAC authentication bypass | No | |
increase_access_speed | Boolean | true , false | No | |
guest_vlan_id | Any | Integer[min: 1 , max: 4094 ] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
voice_vlan_clients | Boolean | true , false | No | |
url_redirect_walled_garden_ranges | List | String[min: 1 , max: 1024 ] | No | |
radius_testing | Boolean | true , false | No | |
radius_coa_support | Boolean | true , false | No | |
radius_accounting | Boolean | true , false | No | |
url_redirect_walled_garden | Boolean | true , false | No | |
dot1x_control_direction | Choice | both , inbound | No | |
radius_servers (meraki.domains.organizations.networks.switch.access_policies)
Name | Type | Constraint | Mandatory | Default Value |
---|
host | String | min: 1 , max: 127 | No | |
port | Integer | min: 0 , max: 65535 | No | |
secret | String | min: 1 , max: 127 | No | |
organization_radius_server_name | String | min: 1 , max: 127 | No | |
server_name | String | min: 1 , max: 127 | No | |
radius (meraki.domains.organizations.networks.switch.access_policies)
Name | Type | Constraint | Mandatory | Default Value |
---|
critical_auth | Class | [critical_auth] | No | |
failed_auth_vlan_id | Any | Integer[min: 1 , max: 4094 ] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
re_authentication_interval | Integer | min: 1 , max: 86400 | No | |
cache | Class | [cache] | No | |
radius_accounting_servers (meraki.domains.organizations.networks.switch.access_policies)
Name | Type | Constraint | Mandatory | Default Value |
---|
host | String | min: 1 , max: 127 | No | |
port | Integer | min: 0 , max: 65535 | No | |
secret | String | min: 1 , max: 127 | No | |
organization_radius_server_name | String | min: 1 , max: 127 | No | |
server_name | String | min: 1 , max: 127 | No | |
critical_auth (meraki.domains.organizations.networks.switch.access_policies.radius)
Name | Type | Constraint | Mandatory | Default Value |
---|
data_vlan_id | Any | Integer[min: 1 , max: 4094 ] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
voice_vlan_id | Any | Integer[min: 1 , max: 4094 ] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
suspend_port_bounce | Boolean | true , false | No | |
cache (meraki.domains.organizations.networks.switch.access_policies.radius)
Name | Type | Constraint | Mandatory | Default Value |
---|
enabled | Boolean | true , false | No | |
timeout | Integer | min: 1 , max: 600 | No | |
Examples
Example-1: The example below demonstrates switch access policies configuration using tested YAML configuration from pipeline fixtures.
- name: "!env network_name"
access_policy_type: Hybrid authentication
dot1x_control_direction: both
increase_access_speed: true
suspend_port_bounce: false
radius_accounting_servers:
radius_group_attribute: ""
- host: "!env radius_auth_server"
secret: "!env radius_auth_secret"