Switch Ports Configuration
Dashboard Location: Switching > Switch Ports
Physical Port Management and Configuration with Action Batching
Section titled “Physical Port Management and Configuration with Action Batching”Switch ports configuration in Meraki networks provides administrators with comprehensive control over individual switch port settings, enabling granular network access control, VLAN assignment, security policies, and performance optimization at the port level. This functionality supports network segmentation, access control policies, voice VLAN configuration, storm control, spanning tree protocol settings, and advanced features like MAC address filtering and port scheduling. The NAC-Meraki module utilizes action batching for switch port configurations, allowing efficient bulk operations and improved performance when managing multiple ports across devices. Switch port configuration is essential for implementing secure network access, optimizing network performance, enforcing organizational policies, and maintaining network stability through proper port-level controls.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”switch (meraki.domains.organizations.networks.devices)
Section titled “switch (meraki.domains.organizations.networks.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ports | List | [ports] | No |
ports (meraki.domains.organizations.networks.devices.switch)
Section titled “ports (meraki.domains.organizations.networks.devices.switch)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| tags | List | String[min: 1, max: 255] | No | |
| enabled | Boolean | true, false | No | |
| type | Choice | access, routed, stack, trunk | No | |
| vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| voice_vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| allowed_vlans | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| stp_guard | Choice | bpdu guard, disabled, loop guard, root guard | No | |
| link_negotiation | String | min: 1, max: 127 | No | |
| udld | Choice | Alert only, Enforce | No | |
| access_policy_type | Choice | Custom access policy, MAC allow list, Open, Sticky MAC allow list | No | |
| mac_allow_list | List | MAC | No | |
| sticky_mac_allow_list | List | MAC | No | |
| sticky_mac_allow_list_limit | Integer | min: 1, max: 10 | No | |
| peer_sgt_capable | Boolean | true, false | No | |
| dai_trusted | Boolean | true, false | No | |
| profile | Class | [profile] | No | |
| dot3az | Boolean | true, false | No | |
| poe | Boolean | true, false | No | |
| isolation | Boolean | true, false | No | |
| rstp | Boolean | true, false | No | |
| storm_control | Boolean | true, false | No | |
| flexible_stacking | Boolean | true, false | No | |
| port_id_ranges | List | [port_id_ranges] | No | |
| port_schedule_name | String | min: 1, max: 127 | No | |
| access_policy_name | String | min: 1, max: 127 | No | |
| adaptive_policy_group_name | String | min: 1, max: 127 | No |
profile (meraki.domains.organizations.networks.devices.switch.ports)
Section titled “profile (meraki.domains.organizations.networks.devices.switch.ports)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | No | |
| iname | String | min: 1, max: 127 | No | |
| name | String | min: 1, max: 127 | No |
port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)
Section titled “port_id_ranges (meraki.domains.organizations.networks.devices.switch.ports)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| slot | Integer | No | ||
| module | String | No | ||
| from | Any | Integer[min: 1, max: 48] or String[matches: ^\d{1,3}$] | Yes | |
| to | Any | Integer[min: 1, max: 48] or String[matches: ^\d{1,3}$] | Yes |
Examples
Section titled “Examples”Example-1: The example below demonstrates switch port configuration using tested YAML configuration from pipeline fixtures with action batch support.
This configuration manages individual switch port settings for access control and traffic management. The example shows multiple port configurations with access modes, VLAN assignments, voice VLAN support, and security features including port isolation and storm control.
The switch named access_switch_01 is configured with ports 5, 7, 10, 11, and 12 grouped under the label “User Port” and tagged with tag1. These ports are enabled and operate in access mode, assigned to VLAN 1 for data and VLAN 100 for voice. Security and stability features are enabled, including port isolation, Rapid Spanning Tree Protocol (RSTP), BPDU Guard for STP protection, Unidirectional Link Detection (UDLD) in Enforce mode, and storm control to prevent broadcast storms. The ports use auto-negotiation for link settings, follow a “Weekend Only Port Schedule,” and are assigned to the adaptive policy group named “USERS.” MAC allow lists and sticky MAC configuration are present in the file but currently commented out and not enforced.
The switch named dmz_switch_01 has three sets of ports defined: port 7 labeled “DMZ port,” ports 3–4 and 6 labeled “Zone2 ports,” and ports on an expansion module labeled “Zone3 ports.” The first two groups are enabled in access mode, assigned to VLAN 1 and voice VLAN 100, and explicitly allow VLANs in the range 1–100. They include the same security and stability features as above, specify a custom access policy named “Test Policy,” and are marked as DAI trusted ports.
The third group, “Zone3 ports,” demonstrates the slot/module port ID format used for modular switches with expansion modules. Instead of plain numeric port IDs, each port_id_ranges entry includes a slot number and a module identifier alongside the from/to range. This produces port IDs in the format <slot>_<module>_<port> — for example, slot 1, module MA-MOD-8X10G, range 1–2 and 5–6 yields the port IDs 1_MA-MOD-8X10G_1, 1_MA-MOD-8X10G_2, 1_MA-MOD-8X10G_5, and 1_MA-MOD-8X10G_6. These ports are enabled in access mode on VLAN 2, with port isolation, RSTP, BPDU Guard, auto link negotiation, a port schedule, UDLD in Enforce mode, and DAI trusted enabled.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway devices: - name: !env access_switch_01 switch: ports: - port_id_ranges: - from: 5 to: 5 - from: 7 to: 7 - from: 10 to: 12 name: user facing ports tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce # access_policy_type: Custom access policy # access_policy_name: Test Policy # mac_allow_list: # - 00:11:22:33:44:55 # sticky_mac_allow_list: # - 00:11:22:33:44:55 # sticky_mac_allow_list_limit: 1 storm_control: true adaptive_policy_group_name: "USERS" - name: !env dmz_switch_01 switch: ports: - port_id_ranges: - from: 7 to: 7 name: DMZ port tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 allowed_vlans: 1-100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce access_policy_type: Custom access policy access_policy_name: Test Policy storm_control: true dai_trusted: true - port_id_ranges: - from: 3 to: 4 - from: 6 to: 6 name: Zone2 ports tags: - tag1 enabled: true type: access vlan: 1 voice_vlan: 100 allowed_vlans: 1-100 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce access_policy_type: Custom access policy access_policy_name: Test Policy storm_control: true dai_trusted: true - port_id_ranges: - slot: 1 module: MA-MOD-8X10G from: 1 to: 2 - slot: 1 module: MA-MOD-8X10G from: 5 to: 6 - slot: 1 module: C9300-NM-2Q from: 1 to: 1 - slot: 1 module: C9300-NM-2Y from: 1 to: 1 - slot: 1 module: C9300-NM-4G from: 1 to: 1 - slot: 1 module: C9300-NM-4M from: 1 to: 1 - slot: 1 module: C9300-NM-8X from: 1 to: 1 - slot: 1 module: MA-MOD-2X40G from: 1 to: 2 - slot: 1 module: MA-MOD-4X10G from: 1 to: 2 name: Zone3 ports tags: - tag1 enabled: true type: access vlan: 2 isolation: true rstp: true stp_guard: bpdu guard link_negotiation: Auto negotiate port_schedule_name: "Weekend Only Port Schedule" udld: Enforce dai_trusted: true