Skip to content
Network as Code

Switch Access Policies Configuration

Dashboard Location: Switching > Configure > Access Policies

Network Access Control Management

Switch access policies configuration in Meraki switches provides comprehensive 802.1X network access control and RADIUS authentication management, enabling administrators to implement enterprise-grade security policies for port-based network access. This functionality supports hybrid authentication modes, dynamic VLAN assignment, voice VLAN management, and integration with RADIUS servers for centralized authentication and accounting. Switch access policies are essential for securing network access, implementing role-based connectivity, controlling device authentication, and maintaining compliance with enterprise security requirements.

Diagram

Diagram

Classes

switch (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
access_policiesList[access_policies]No

access_policies (meraki.domains.organizations.networks.switch)

NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
radius_serversList[radius_servers]No
radiusClass[radius]No
guest_port_bouncingBooleantrue, falseNo
radius_accounting_serversList[radius_accounting_servers]No
radius_group_attributeChoice“, 11No
host_modeChoiceMulti-Auth, Multi-Domain, Multi-Host, Single-HostNo
access_policy_typeChoice802.1x, Hybrid authentication, MAC authentication bypassNo
increase_access_speedBooleantrue, falseNo
guest_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
voice_vlan_clientsBooleantrue, falseNo
url_redirect_walled_garden_rangesListString[min: 1, max: 1024]No
radius_testingBooleantrue, falseNo
radius_coa_supportBooleantrue, falseNo
radius_accountingBooleantrue, falseNo
url_redirect_walled_gardenBooleantrue, falseNo
dot1x_control_directionChoiceboth, inboundNo

radius_servers (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127No
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
organization_radius_server_nameStringmin: 1, max: 127No
server_nameStringmin: 1, max: 127No

radius (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
critical_authClass[critical_auth]No
failed_auth_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
re_authentication_intervalIntegermin: 1, max: 86400No
cacheClass[cache]No

radius_accounting_servers (meraki.domains.organizations.networks.switch.access_policies)

NameTypeConstraintMandatoryDefault Value
hostStringmin: 1, max: 127No
portIntegermin: 0, max: 65535No
secretStringmin: 1, max: 127No
organization_radius_server_nameStringmin: 1, max: 127No
server_nameStringmin: 1, max: 127No

critical_auth (meraki.domains.organizations.networks.switch.access_policies.radius)

NameTypeConstraintMandatoryDefault Value
data_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
voice_vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
suspend_port_bounceBooleantrue, falseNo

cache (meraki.domains.organizations.networks.switch.access_policies.radius)

NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
timeoutIntegermin: 1, max: 600No

Examples

Example-1: The example below demonstrates switch access policies configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "!env network_name"
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              switch:
                access_policies:
                  - name: Test Policy
                    access_policy_type: Hybrid authentication
                    dot1x_control_direction: both
                    host_mode: Multi-Auth
                    increase_access_speed: true
                    radius:
                      critical_auth:
                        suspend_port_bounce: false
                    radius_accounting: true
                    radius_accounting_servers:
                      - host: 100.64.0.230
                        port: 1813
                        secret: testing123
                    radius_coa_support: true
                    radius_group_attribute: ""
                    radius_servers:
                      - host: "!env radius_auth_server"
                        port: 1812
                        secret: "!env radius_auth_secret"
                    radius_testing: true
                    voice_vlan_clients: true