Switch Ports Configuration
Dashboard Location: Switching > Switch Ports
Physical Port Management and Configuration with Action Batching
Section titled “Physical Port Management and Configuration with Action Batching”Switch ports configuration in Meraki networks provides administrators with comprehensive control over individual switch port settings, enabling granular network access control, VLAN assignment, security policies, and performance optimization at the port level. This functionality supports network segmentation, access control policies, voice VLAN configuration, storm control, spanning tree protocol settings, and advanced features like MAC address filtering and port scheduling. The NAC-Meraki module utilizes action batching for switch port configurations, allowing efficient bulk operations and improved performance when managing multiple ports across devices. Switch port configuration is essential for implementing secure network access, optimizing network performance, enforcing organizational policies, and maintaining network stability through proper port-level controls.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”switch (meraki.domains.organizations.networks.devices)
Section titled “switch (meraki.domains.organizations.networks.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ports | List | [ports] | No |
ports (meraki.domains.organizations.networks.devices.switch)
Section titled “ports (meraki.domains.organizations.networks.devices.switch)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| tags | List | String[min: 1, max: 255] | No | |
| enabled | Boolean | true, false | No | |
| type | Choice | access, routed, stack, trunk | No | |
| vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| voice_vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| allowed_vlans | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| stp_guard | Choice | bpdu guard, disabled, loop guard, root guard | No | |
| link_negotiation | String | min: 1, max: 127 | No | |
| udld | Choice | Alert only, Enforce | No | |
| access_policy_type | Choice | Custom access policy, MAC allow list, Open, Sticky MAC allow list | No | |
| mac_allow_list | List | MAC | No | |
| sticky_mac_allow_list | List | MAC | No | |
| sticky_mac_allow_list_limit | Integer | min: 1, max: 10 | No | |
| peer_sgt_capable | Boolean | true, false | No | |
| dai_trusted | Boolean | true, false | No | |
| profile | Class | [profile] | No | |
| dot3az | Boolean | true, false | No | |
| poe | Boolean | true, false | No | |
| isolation | Boolean | true, false | No | |
| rstp | Boolean | true, false | No | |
| storm_control | Boolean | true, false | No | |
| flexible_stacking | Boolean | true, false | No | |
| port_id_ranges | List | [port_id_ranges] | No | |
| port_schedule_name | String | min: 1, max: 127 | No | |
| access_policy_name | String | min: 1, max: 127 | No | |
| adaptive_policy_group_name | String | min: 1, max: 127 | No |
profile (meraki.domains.organizations.networks.devices.switch.ports)
Section titled “profile (meraki.domains.organizations.networks.devices.switch.ports)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | No | |
| iname | String | min: 1, max: 127 | No | |
| name | String | min: 1, max: 127 | No |
port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)
Section titled “port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| from | Any | Integer[min: 1, max: 24] or String[matches: ^\d{1,3}$] | Yes | |
| to | Any | Integer[min: 1, max: 24] or String[matches: ^\d{1,3}$] | Yes |
Examples
Section titled “Examples”Example-1: The example below demonstrates switch port configuration using tested YAML configuration from pipeline fixtures with action batch support.
This configuration manages individual switch port settings for access control and traffic management. The example shows multiple port configurations with access modes, VLAN assignments, voice VLAN support, and security features including port isolation and storm control.
The switch named access_switch_01 is configured with ports 5, 7, 10, 11, and 12 grouped under the label “User Port” and tagged with tag1. These ports are enabled and operate in access mode, assigned to VLAN 1 for data and VLAN 100 for voice. Security and stability features are enabled, including port isolation, Rapid Spanning Tree Protocol (RSTP), BPDU Guard for STP protection, Unidirectional Link Detection (UDLD) in Enforce mode, and storm control to prevent broadcast storms. The ports use auto-negotiation for link settings, follow a “Weekend Only Port Schedule,” and are assigned to the adaptive policy group named “USERS.” MAC allow lists and sticky MAC configuration are present in the file but currently commented out and not enforced.
The switch named dmz_switch_01 has two sets of ports defined: port 7 labeled “DMZ port” and ports 3–4 and 6 labeled “Zone2 ports.” These ports are also enabled in access mode, assigned to VLAN 1 and voice VLAN 100, and explicitly allow VLANs in the range 1–100. They include the same security and stability features as above, specify a custom access policy named “Test Policy,” and are marked as DAI trusted ports.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway devices: - name: !env access_switch_01 switch: ports: - port_id_ranges: - from: 5 to: 5 - from: 7 to: 7 - from: 10 to: 12 name: user facing ports tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce # access_policy_type: Custom access policy # access_policy_name: Test Policy # mac_allow_list: # - 00:11:22:33:44:55 # sticky_mac_allow_list: # - 00:11:22:33:44:55 # sticky_mac_allow_list_limit: 1 storm_control: true adaptive_policy_group_name: "USERS" - name: !env dmz_switch_01 switch: ports: - port_id_ranges: - from: 7 to: 7 name: DMZ port tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 allowed_vlans: 1-100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce access_policy_type: Custom access policy access_policy_name: Test Policy storm_control: true dai_trusted: true - port_id_ranges: - from: 3 to: 4 - from: 6 to: 6 name: Zone2 ports tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 allowed_vlans: 1-100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce access_policy_type: Custom access policy access_policy_name: Test Policy storm_control: true dai_trusted: true