Switch Alternate Management Interface Configuration

Dashboard Location: Network-wide > Configure > General

Network Management Interface Isolation

Switch alternate management interface configuration in Meraki networks provides network administrators with the capability to isolate management traffic from user data traffic by designating a specific VLAN for network management protocols. This functionality enables enhanced security through network segmentation, improved network monitoring capabilities, and centralized management traffic control across distributed switch deployments. The alternate management interface supports protocols including RADIUS authentication, SNMP monitoring, Syslog reporting, and other critical network management functions while maintaining operational isolation from production traffic.

Diagram

Classes

switch (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
alternate_management_interface	Class	`[alternate_management_interface]`	No

alternate_management_interface (meraki.domains.organizations.networks.switch)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	No
vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
protocols	List	Choice[`radius`, `snmp`, `syslog`]	No
switches	List	`[switches]`	No

switches (meraki.domains.organizations.networks.switch.alternate_management_interface)

Name	Type	Constraint	Mandatory
alternate_management_ip	IP		Yes
subnet_mask	String	Regex: `^(255\|254\|252\|248\|240\|224\|192\|128\|0+)(\.0\|\.128\|\.192\|\.224\|\.240\|\.248\|\.252\|\.254\|\.255){0,3}$`	No
gateway	IP		No
device	Any	String[matches: `^[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}$`] or String[min: `1`, max: `127`]	Yes

Examples

Example-1: The example below demonstrates switch alternate management interface configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "!env network_name"
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              switch:
                alternate_management_interface:
                  enabled: false
                  protocols: ["radius", "snmp", "syslog"]
                  vlan_id: 100

Example-3: The example below demonstrates selective protocol management for specific network monitoring requirements.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "Selective-Management-Network"
              product_types:
                - switch
                - appliance
                - wireless
              switch:
                alternate_management_interface:
                  # Enable selective management isolation
                  enabled: true
                  # Only isolate authentication and monitoring
                  protocols: [
                    "radius",
                    "snmp"
                  ]
                  # Management VLAN for monitoring traffic
                  vlan_id: "!env monitoring_vlan_id"