AP Port Profiles

Last updated
Save as PDF

Meraki H-series and 2-port MR access points have extra ports that connect wired devices to the network. The Meraki dashboard uses MR port profiles to manage and apply settings to the LAN ports on a Meraki access point (AP).

AP Port Profiles

An SSID may be configured with a customized splash page, network access, and firewall rules to customize the experience of the wireless connection. These SSIDs can then be extended to wired connections via AP port profiles.

AP port profiles map an SSID to a wired port on an AP. The port profile for a given AP can be found on the Summary tab of an AP that contains multiple ports. The configuration page may be accessed either on the AP's Ports tab or on the Wireless > Configure > Port profiles.

When an AP uses port profiles and all ports in the profile are disabled, it resets its radios every 20 minutes if it cannot connect to the Meraki cloud. This behavior is a known limitation. Contact Meraki support if you experience issues related to this.

Configuring an AP Port Profile

To configure and manage port profiles, navigate to Wireless > Configure > Port profiles. Create a new Profile by clicking the Create new profile button or select an existing profile to adjust the configuration. Enable the ports via the toggle switches, name the port for future reference, and select the SSID intended to be extended to wired devices on each port

This image shows how to create or edit port profiles by enabling ports, naming them, and selecting SSIDs to extend to wired devices.

MR36H uses a 4-port profile like the MR30H, but port 4 is not used because the MR36H does not have that port. For more details about MR36H ports, refer to the MR36H Installation Guide.

AP Port Profiles with USB-Compatible Devices

Some access points have a USB port configurable from the Wireless > Configure > Port Profiles page. For example, the MR57, CW9166/64/62 models have a USB port labeled as configurable.

The image is displayed to show the USB port configuration on access points, highlighting that some models like the MR57 and CW9166/64/62 have a USB port labeled as configurable.

A few USB devices are supported for use with these ports and port profiles. Refer to Hanshow Electronic Shelf Labels and SoluM Electronic Shelf Labels for details on their integration with Meraki MR APs and Meraki Managed Catalyst Wireless APs.

Applying an AP Port Profile

The AP port profile assigned to an AP with multiple ports can be viewed and changed on the details page under the Summary tab. When an AP is first added to the Dashboard, the default AP port profile is applied automatically. If only one default profile is required, no further configuration is needed.

Setting a Default AP Port Profile for the Network

A main AP port profile is usually configured on all APs. Setting an AP port profile as the "Default" applies it to all APs that do not have an existing override.

Illustration showing how setting a main AP port profile as the default applies the profile to all access points without an existing override.

Overriding a Default Profile

Using the edit tool on the AP details page under the Summary tab, an AP port profile may be configured to the AP which overrides the default configuration. In the below configuration, the Suite Rooms configuration will be applied to this specific AP.

Screenshot showing the AP details page where the Suite Rooms port profile is configured to override the default profile for this specific access point.

Bulk Override and Configure Profiles

On the Wireless > Configure > Port profile > Assign APs page, an administrator can bulk update the override configuration for the port profiles. Select the Check the box next to each AP to assign a new profile or restore back to the default.
Screenshot of the Wireless > Configure > Port profile > Assign APs page showing how an administrator can bulk update port profile overrides by selecting checkboxes next to access points to assign new profiles or restore defaults.

Applying profiles to APs with 2 ports

MR52/MR53/MR53E/MR84/MR57 APs feature a second Ethernet port that is typically used for uplink link aggregation. It is possible to assign a port profile, initially designed for the MR30H/MR36H models, to these 2-port APs to extend wired access to clients connected to the second Ethernet port.

Live data page next to port status will show AP port profile that has been assigned.

Port profiles and link aggregation on 2-port APs cannot be used together. If a default port profile for the MR30H is applied in the network, unassign it from MR52, MR53, MR53E, MR84, and MR57 before enabling link aggregation on these models.

When link aggregation is enabled on MR52, MR53, MR53E, MR84, or MR57 APs, the dashboard disables port profiles for these APs. The Ports tab is hidden, and the port profile section on the Summary page is not shown.

This image is displayed to show that when link aggregation is enabled on MR52/MR53/MR53E/MR84/MR57 APs, the dashboard disables port profiles for these APs, hiding the Ports tab and the port profile section on the Summary page.

Link aggregation can be enabled/disabled by clicking the configuration button (pencil icon) on the AP details page.

Assigning a port profile to MR52, MR53, MR53E, MR84, or MR57 APs causes the secondary port to follow the configuration of port 1 in the profile. This assignment disables link aggregation. Ports 2 to 4 can be set in the profile but are ignored by the AP. All disabled SSIDs become "wired-only" and can be configured on wired ports.

Mesh: This feature should not be enabled on 2-port APs when using mesh mode (repeater) as it is not possible to have two unique configurations on each port. Mesh repeaters will have the same configuration on both ports as specified by port 1 in the port profile.

Network-Wide Setting: When a port profile is assigned to MR52, MR53, MR53E, MR84, or MR57 APs, the Network-wide > General > Clients wired directly to Meraki APs setting no longer applies to these AP models in the network.

Monitoring the AP's Profile

The Ports tab on the AP details page (Wireless > Access Points > [select an AP]) provides a single view to monitor the status of the access point's wired ports. It allows administrators to see the current configuration and live status information for each port.

Ports tab under AP will show full profile configuration.

Tagging VLANs on Wired AP Clients

Use AP tags and a tag-to-VLAN mapping (set under Wireless > Configure > Access Control) to reduce the number of SSIDs and profiles necessary for a configuration. Wired ports will then honor the VLAN tag set. For more information, refer to the VLAN Tagging on MR Access Points documentation.

Named VLANs are not supported; use VLAN IDs instead.

Wired-only SSIDs

Any SSID can be mapped to a wired port, even if it is not intended for wireless clients. SSIDs that are disabled become "wired only" when selected by a port profile. The "wired only" mode disables wireless connectivity and allows only wired connectivity. To remove wired access from a "wired only" SSID, remove the SSID from the AP port profiles.

Change SSID to wired only under dropdown menu -- default is enabled.

Honored SSID Parameters on Wired Clients

As described throughout this article, wired clients inherent the configuration of the SSID. Below is a list of common configuration parameters that are honored when wired clients are mapped to an SSID:

SSID Parameter	Wired Client on H series AP	Wired client on AP with 2 ports (detail above)
Open access	Honored	Honored
WPA2-PSK	Not honored (Open access)	Not honored (Open access)
WPA2-Ent	Honored as wired 802.1X	Not honored (Open access)
MAC Based Authentication	Honored as wired MAC authentication	Not honored (Open access)
Splash page settings	Honored	Honored
VLAN override	Honored	Honored
Firewall rules & traffic shaping	Honored	Honored
DAS (CoA)	Not honored	Not honored
URL redirect (CWA)	Not honored	Not honored
Bridging methods (Bridge mode, VPN Concentrator, ...)	Honored	Honored

RADIUS guest VLAN settings are not honored by the port profiles.

Template AP Port Profile Override

Network administrators have the ability to assign unique AP port profiles to individual access points within a network which is bound to a configuration template. Additionally, Dashboard allows filtering based on AP tags to select APs in the network to assign the AP port profile.

The AP port profiles will be defined in the template. The child networks will inherit the AP port profiles from the template configuration.

Network administrators can then choose the specified, defined port profile to be assigned to individual APs bound to the child network.

Configuration

1. Navigate to Wireless > Configure > Port Profiles.

2. Use the Tags column in the AP table to filter by the associated tag.

3. Once you assign the unique port profile to the AP, you can view it on the AP Summary page under the Port profile component.

Template Unbinding

When a network admin unbinds the child network from the template and selects the option Unbind and Retain Configurations, the AP port profiles assigned to individual nodes will be retained.

API Configuration

Assign AP port profile:

The following API assigns an AP port profile to an AP in a network bound to a template.
Use this API to list AP serial numbers for a specific tag and the desired profile Id (configured in the template network) to assign the profile to all APs with that tag.

/networks/{networkId}/wireless/ethernet/ports/profiles/assign

Assign AP port profile based on AP Tags:

To assign the AP port profile to APs with a specific tag, you can use the following API to retrieve the serial numbers of APs with that tag.

/organizations/{orgId}/inventory/devices?networkIds[]={networkId}&tags[]={tag}&productTypes[]=wireless

Retrieve AP port profiles:

The following API can be used to retrieve the profiles (names, IDs) on the child networks bound to templates.

/networks/{networkId}/wireless/ethernet/ports/profiles