Switch Access Policies Configuration

Dashboard Location: Switching > Configure > Access Policies

Network Access Control Management

Switch access policies configuration in Meraki switches provides comprehensive 802.1X network access control and RADIUS authentication management, enabling administrators to implement enterprise-grade security policies for port-based network access. This functionality supports hybrid authentication modes, dynamic VLAN assignment, voice VLAN management, and integration with RADIUS servers for centralized authentication and accounting. Switch access policies are essential for securing network access, implementing role-based connectivity, controlling device authentication, and maintaining compliance with enterprise security requirements.

Diagram

Classes

switch (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
access_policies	List	`[access_policies]`	No

access_policies (meraki.domains.organizations.networks.switch)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: `1`, max: `127`	No
radius_servers	List	`[radius_servers]`	No
radius	Class	`[radius]`	No
guest_port_bouncing	Boolean	`true`, `false`	No
radius_accounting_servers	List	`[radius_accounting_servers]`	No
radius_group_attribute	Choice	“, `11`	No
host_mode	Choice	`Multi-Auth`, `Multi-Domain`, `Multi-Host`, `Single-Host`	No
access_policy_type	Choice	`802.1x`, `Hybrid authentication`, `MAC authentication bypass`	No
increase_access_speed	Boolean	`true`, `false`	No
guest_vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
voice_vlan_clients	Boolean	`true`, `false`	No
url_redirect_walled_garden_ranges	List	String[min: `1`, max: `1024`]	No
radius_testing	Boolean	`true`, `false`	No
radius_coa_support	Boolean	`true`, `false`	No
radius_accounting	Boolean	`true`, `false`	No
url_redirect_walled_garden	Boolean	`true`, `false`	No
dot1x_control_direction	Choice	`both`, `inbound`	No

radius_servers (meraki.domains.organizations.networks.switch.access_policies)

Name	Type	Constraint	Mandatory
host	String	min: `1`, max: `127`	No
port	Integer	min: `0`, max: `65535`	No
secret	String	min: `1`, max: `127`	No
organization_radius_server_name	String	min: `1`, max: `127`	No
server_name	String	min: `1`, max: `127`	No

radius (meraki.domains.organizations.networks.switch.access_policies)

Name	Type	Constraint	Mandatory	Default Value
critical_auth	Class	`[critical_auth]`	No
failed_auth_vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
re_authentication_interval	Integer	min: `1`, max: `86400`	No
cache	Class	`[cache]`	No

radius_accounting_servers (meraki.domains.organizations.networks.switch.access_policies)

Name	Type	Constraint	Mandatory
host	String	min: `1`, max: `127`	No
port	Integer	min: `0`, max: `65535`	No
secret	String	min: `1`, max: `127`	No
organization_radius_server_name	String	min: `1`, max: `127`	No
server_name	String	min: `1`, max: `127`	No

critical_auth (meraki.domains.organizations.networks.switch.access_policies.radius)

Name	Type	Constraint	Mandatory	Default Value
data_vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
voice_vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
suspend_port_bounce	Boolean	`true`, `false`	No

cache (meraki.domains.organizations.networks.switch.access_policies.radius)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	No
timeout	Integer	min: `1`, max: `600`	No

Examples

Example-1: The example below demonstrates switch access policies configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              switch:
                access_policies:
                  - name: Test Policy
                    access_policy_type: Hybrid authentication
                    dot1x_control_direction: both
                    # guest_port_bouncing: false
                    host_mode: Multi-Auth
                    increase_access_speed: true
                    radius:
                      critical_auth:
                        suspend_port_bounce: false
                    radius_accounting: true
                    radius_accounting_servers:
                      - host: 100.64.0.230
                        port: 1813
                        secret: testing123
                    radius_coa_support: true
                    radius_group_attribute: ""
                    radius_servers:
                      - host: 100.64.0.230
                        port: 1812
                        secret: testing123
                    radius_testing: true
                    url_redirect_walled_garden: false
                    voice_vlan_clients: true