Skip to content

Wireless Alternate Management Interface Configuration

Dashboard Location: Network-wide > Configure > General > Alternate Management Interface

Wireless Management Network Isolation

Wireless alternate management interface configuration in Meraki networks provides administrators with comprehensive out-of-band management capabilities for wireless access points, enabling management traffic isolation, dedicated management VLAN assignment, protocol-specific routing, and enhanced network security. This functionality supports network segmentation, management traffic separation, administrative access control, and security boundary enforcement. Alternate management interfaces are essential for creating secure management networks, isolating administrative traffic, implementing network access policies, and ensuring reliable management connectivity in enterprise wireless deployments.

Diagram

Diagram

Classes

wireless (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
alternate_management_interfaceClass[alternate_management_interface]No

alternate_management_interface (meraki.domains.organizations.networks.wireless)

NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
protocolsListChoice[ldap, radius, snmp, syslog]No
access_pointsList[access_points]No

access_points (meraki.domains.organizations.networks.wireless.alternate_management_interface)

NameTypeConstraintMandatoryDefault Value
alternate_management_ipIPYes
subnet_maskStringRegex: ^(255|254|252|248|240|224|192|128|0+)(\.0|\.128|\.192|\.224|\.240|\.248|\.252|\.254|\.255){0,3}$No
gatewayIPNo
dns1IPNo
dns2IPNo
deviceAnyString[matches: ^[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}$] or String[min: 1, max: 127]Yes

Examples

Example-1: The example below demonstrates wireless alternate management interface configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
wireless:
alternate_management_interface:
enabled: true
vlan_id: 100
protocols:
- ldap
- radius
- snmp
- syslog
access_points:
- device: "!env ap_01"
alternate_management_ip: 1.1.1.1
subnet_mask: 255.255.255.0
gateway: 1.1.1.254
dns1: 8.8.8.8

Configuration Parameters

ParameterTypeRequiredDescription
alternate_management_interfaceobjectNoAlternate management interface configuration
alternate_management_interface.enabledbooleanYesEnable alternate management interface (true/false)
alternate_management_interface.vlan_idintegerNoVLAN ID for management traffic (1-4094)
alternate_management_interface.protocolsarrayNoList of protocols to route via alternate interface
alternate_management_interface.access_pointsarrayNoList of access point specific configurations

Access Point Configuration Parameters

ParameterTypeRequiredDescription
access_points[].devicestringYesAccess point device name
access_points[].alternate_management_ipstringYesManagement IP address for the access point
access_points[].subnet_maskstringYesSubnet mask for management network
access_points[].gatewaystringYesGateway IP for management network
access_points[].dns1stringNoPrimary DNS server
access_points[].dns2stringNoSecondary DNS server

Supported Protocols Reference

ProtocolPurposeDefault PortUse Case
ldapLDAP authentication389/636User authentication
radiusRADIUS authentication1812/1813802.1X authentication
snmpNetwork monitoring161/162Device monitoring
syslogSystem logging514Log collection