Meraki H-series and 2-port MR access points feature additional ports that may be used for extending network connectivity to wired devices. MR port profiles is a feature delivered via the Meraki dashboard in order to apply the configuration to the LAN ports on a Meraki Access point.
AP Port Profiles
An SSID may be configured with a customized splash page, network access, and firewall rules to customize the experience of the wireless connection. These SSIDs can then be extended to wired connections via AP port profiles.
AP port profiles map an SSID to a wired port on an Access Point. The port profile for a given AP can be found on the Summary tab of an AP that contains multiple ports. The configuration page may be accessed either on the AP's Ports tab or on the Wireless > Configure > Port profiles page.
Configuring an AP Port Profile
To configure and manage port profiles, navigate to Wireless > Configure > Port profiles. Create a new Profile by clicking the Create new profile button or select an existing profile to adjust the configuration. Enable the ports via the toggle switches, name the port for future reference, and select the SSID intended to be extended to wired devices on each port
MR36H will use a 4-Port profile (same as MR30H), however, port 4 will not be used since the port does not exist on the AP. For more information about MR36H ports please visit installation guide.
Applying an AP Port Profile
The AP port profile that is currently configured on a given AP (with multiple ports) can be viewed and changed on the details page under the Summary tab. When an AP is initially added to the Dashboard, the default AP port profile will be applied to the Access Point. If only one default profile is needed, no additional configuration is necessary.
Setting a Default AP Port Profile for the Network
In most cases, it is common for a main AP port profile to be configured across all APs. Setting an AP port profile as the "Default" will configure all APs that don't have an existing override to inherent the default profile:
Overriding a Default Profile
Using the edit tool on the AP details page under the Summary tab, an AP port profile may be configured to the AP which overrides the default configuration. In the below configuration, the Suite Rooms configuration will be applied to this specific AP.
Bulk Override and Configure Profiles
On the Wireless > Configure > Port profile > Assign APs page, an administrator can bulk update the override configuration for the port profiles. Check the box next to each AP to assign a new profile or restore back to the default.
Applying profiles to APs with 2 ports
MR52/MR53/MR53E/MR84/MR57 APs feature a second Ethernet port that is typically used for uplink link aggregation. It is possible to assign a port profile initially designed for the MR30H/MR36H model to these 2-port APs to extend wired access to clients connected to the second Ethernet port.
Warning: Please note that port profiles and link aggregation on 2-port APs are mutually exclusive features. If you have a default port profile meant for your MR30H in the network you have to unassign this port profile from MR52/MR53/MR53E/MR84/MR57 (if applied by default) before link aggregation can be enabled on these models.
If link aggregation is enabled on MR52/MR53/MR53E/MR84/MR57 APs, the dashboard will disable port profiles for these APs. This means that the Ports tab is hidden, and the port profile section, on the Summary, is not displayed.
If link aggregation is disabled on MR52/MR53/MR53E/MR84/MR57 APs, port profiles can be assigned to these APs. The status of link aggregation can be view on the AP details page.
Link aggregation can be enabled/disabled by clicking the configuration button (pencil icon) on the AP details page.
When a port profile is assigned to MR52/MR53/MR53E/MR84/MR57 APs the secondary port on the AP honors the configuration assigned by port 1 on the port profile. In other words, assigning a port profile will disable link aggregation. Ports 2-4 can be configured on the profile but are not honored by the AP. All disabled SSIDs will become "wired-only" meaning that they can be configured on wired ports.
Mesh: This feature should not be enabled on 2-port APs when using mesh mode (repeater) as it is not possible to have two unique configurations on each port. Mesh repeaters will have the same configuration on both ports as specified by port 1 in the port profile.
Network-Wide Setting: When a port profile is assigned to MR52/MR53/MR53E/MR84/MR57 APs, the Network-wide > General > Clients wired directly to Meraki APs setting will no longer apply to the AP models listed above within in the network.
Monitoring the AP's Profile
The Ports tab on the AP details page (Wireless > Access Points > [select an AP]) is a single page used to view the status of the wired ports of an access point. This page allows administrators to view the current configuration of each port as well as see live status information for these ports:
Tagging VLANs on Wired AP Clients
It is ideal to use AP tags and a tag-to-VLAN mapping (set under Wireless > Configure > Access Control) in order to reduce the number of SSIDs and profiles necessary for a configuration. Wired ports will then honor the VLAN tag set. More information on VLAN tagging can be found here.
Any SSID can be mapped to a wired port even if it is not intended to serve wireless clients. SSIDs that are disabled become "wired only" when selected by a port profile. "Wired only" is an SSID mode that disables wireless connectivity, only allowing for wired connectivity. To remove wired access from a "wired only" SSID, the SSID must be removed from the AP port profiles.
Honored SSID Parameters on Wired Clients
As described throughout this article, wired clients inherent the configuration of the SSID. Below is a list of common configuration parameters that are honored when wired clients are mapped to an SSID:
|Wired Client on H series AP||Wired client on AP with 2 ports (detail above)|
|WPA2-PSK||Not honored (Open access)||Not honored (Open access)|
|WPA2-Ent||Honored as wired 802.1X||Not honored (Open access)|
|MAC Based Authentication||Honored as wired MAC authentication||Not honored (Open access)|
|Splash page settings||Honored||Honored|
|Firewall rules & traffic shaping||Honored||Honored|
|DAS (CoA)||Not honored||Not honored|
|URL redirect (CWA)||Not honored||Not honored|
|Bridging methods (Bridge mode, VPN Concentrator, ...)||Honored||Honored|