Skip to content

Switch Ports Configuration

Dashboard Location: Switching > Switch Ports

Physical Port Management and Configuration with Action Batching

Section titled “Physical Port Management and Configuration with Action Batching”

Switch ports configuration in Meraki networks provides administrators with comprehensive control over individual switch port settings, enabling granular network access control, VLAN assignment, security policies, and performance optimization at the port level. This functionality supports network segmentation, access control policies, voice VLAN configuration, storm control, spanning tree protocol settings, and advanced features like MAC address filtering and port scheduling. The NAC-Meraki module utilizes action batching for switch port configurations, allowing efficient bulk operations and improved performance when managing multiple ports across devices. Switch port configuration is essential for implementing secure network access, optimizing network performance, enforcing organizational policies, and maintaining network stability through proper port-level controls.

Diagram

switch (meraki.domains.organizations.networks.devices)

Section titled “switch (meraki.domains.organizations.networks.devices)”
NameTypeConstraintMandatoryDefault Value
portsList[ports]No

ports (meraki.domains.organizations.networks.devices.switch)

Section titled “ports (meraki.domains.organizations.networks.devices.switch)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
tagsListString[min: 1, max: 255]No
enabledBooleantrue, falseNo
typeChoiceaccess, routed, stack, trunkNo
vlanAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
voice_vlanAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
allowed_vlansAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
stp_guardChoicebpdu guard, disabled, loop guard, root guardNo
link_negotiationStringmin: 1, max: 127No
udldChoiceAlert only, EnforceNo
access_policy_typeChoiceCustom access policy, MAC allow list, Open, Sticky MAC allow listNo
mac_allow_listListMACNo
sticky_mac_allow_listListMACNo
sticky_mac_allow_list_limitIntegermin: 1, max: 10No
peer_sgt_capableBooleantrue, falseNo
dai_trustedBooleantrue, falseNo
profileClass[profile]No
dot3azBooleantrue, falseNo
poeBooleantrue, falseNo
isolationBooleantrue, falseNo
rstpBooleantrue, falseNo
storm_controlBooleantrue, falseNo
flexible_stackingBooleantrue, falseNo
port_id_rangesList[port_id_ranges]No
port_schedule_nameStringmin: 1, max: 127No
access_policy_nameStringmin: 1, max: 127No
adaptive_policy_group_nameStringmin: 1, max: 127No

profile (meraki.domains.organizations.networks.devices.switch.ports)

Section titled “profile (meraki.domains.organizations.networks.devices.switch.ports)”
NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
inameStringmin: 1, max: 127No
nameStringmin: 1, max: 127No

port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)

Section titled “port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)”
NameTypeConstraintMandatoryDefault Value
fromAnyInteger[min: 1, max: 24] or String[matches: ^\d{1,3}$]Yes
toAnyInteger[min: 1, max: 24] or String[matches: ^\d{1,3}$]Yes

Example-1: The example below demonstrates switch port configuration using tested YAML configuration from pipeline fixtures with action batch support.

This configuration manages individual switch port settings for access control and traffic management. The example shows multiple port configurations with access modes, VLAN assignments, voice VLAN support, and security features including port isolation and storm control.

The switch named access_switch_01 is configured with ports 5, 7, 10, 11, and 12 grouped under the label “User Port” and tagged with tag1. These ports are enabled and operate in access mode, assigned to VLAN 1 for data and VLAN 100 for voice. Security and stability features are enabled, including port isolation, Rapid Spanning Tree Protocol (RSTP), BPDU Guard for STP protection, Unidirectional Link Detection (UDLD) in Enforce mode, and storm control to prevent broadcast storms. The ports use auto-negotiation for link settings, follow a “Weekend Only Port Schedule,” and are assigned to the adaptive policy group named “USERS.” MAC allow lists and sticky MAC configuration are present in the file but currently commented out and not enforced.

The switch named dmz_switch_01 has two sets of ports defined: port 7 labeled “DMZ port” and ports 3–4 and 6 labeled “Zone2 ports.” These ports are also enabled in access mode, assigned to VLAN 1 and voice VLAN 100, and explicitly allow VLANs in the range 1–100. They include the same security and stability features as above, specify a custom access policy named “Test Policy,” and are marked as DAI trusted ports.

meraki:
domains:
- name: !env domain
administrator:
name: !env org_admin
organizations:
- name: !env org
networks:
- name: !env network_name
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
devices:
- name: !env access_switch_01
switch:
ports:
- port_id_ranges:
- from: 5
to: 5
- from: 7
to: 7
- from: 10
to: 12
name: user facing ports
tags:
- tag1
enabled: true
type: access
vlan: 1
voice_vlan: 100
isolation: true
rstp: true
stp_guard: bpdu guard
link_negotiation: Auto negotiate
port_schedule_name: "Weekend Only Port Schedule"
udld: Enforce
# access_policy_type: Custom access policy
# access_policy_name: Test Policy
# mac_allow_list:
# - 00:11:22:33:44:55
# sticky_mac_allow_list:
# - 00:11:22:33:44:55
# sticky_mac_allow_list_limit: 1
storm_control: true
adaptive_policy_group_name: "USERS"
- name: !env dmz_switch_01
switch:
ports:
- port_id_ranges:
- from: 7
to: 7
name: DMZ port
tags:
- tag1
enabled: true
type: access
vlan: 1
voice_vlan: 100
allowed_vlans: 1-100
isolation: true
rstp: true
stp_guard: bpdu guard
link_negotiation: Auto negotiate
port_schedule_name: "Weekend Only Port Schedule"
udld: Enforce
access_policy_type: Custom access policy
access_policy_name: Test Policy
storm_control: true
dai_trusted: true
- port_id_ranges:
- from: 3
to: 4
- from: 6
to: 6
name: Zone2 ports
tags:
- tag1
enabled: true
type: access
vlan: 1
voice_vlan: 100
allowed_vlans: 1-100
isolation: true
rstp: true
stp_guard: bpdu guard
link_negotiation: Auto negotiate
port_schedule_name: "Weekend Only Port Schedule"
udld: Enforce
access_policy_type: Custom access policy
access_policy_name: Test Policy
storm_control: true
dai_trusted: true