Skip to main content
Cisco Meraki Documentation

AP Port Profiles

Meraki H-series and 2-port MR access points feature additional ports that may be used for extending network connectivity to wired devices. MR port profiles is a feature delivered via the Meraki dashboard in order to apply the configuration to the LAN ports on a Meraki Access point.

AP Port Profiles

An SSID may be configured with a customized splash page, network access, and firewall rules to customize the experience of the wireless connection. These SSIDs can then be extended to wired connections via AP port profiles.

AP port profiles map an SSID to a wired port on an Access Point. The port profile for a given AP can be found on the Summary tab of an AP that contains multiple ports. The configuration page may be accessed either on the AP's Ports tab or on the Wireless > Configure > Port profiles page.

Configuring an AP Port Profile

To configure and manage port profiles, navigate to Wireless > Configure > Port profiles. Create a new Profile by clicking the Create new profile button or select an existing profile to adjust the configuration. Enable the ports via the toggle switches, name the port for future reference, and select the SSID intended to be extended to wired devices on each port Screen Shot 2017-01-19 at 12.12.24 PM.png

MR36H will use a 4-Port profile (same as MR30H), however, port 4 of the profile will not be used since the port does not exist on the AP. For more information about MR36H ports please visit installation guide.

AP Port Profiles with USB-Compatible Devices

Some APs come equipt with a USB port that is configurable from the Wireless > Configure > Port Profiles page. For example the MR57, CW9166/64/62 will have USB labeled as a configurable port.

Screenshot 2023-07-06 at 12.15.27 PM.png

There are a few supported USB devices that can be used with these ports and port profiles. Please refer to Hanshow Electronic Shelf Labels, and SoluM Electronic Shelf Labels for more information on their integration with Meraki MRs and Meraki Managed Catalyst Wireless APs.

Applying an AP Port Profile 

The AP port profile that is currently configured on a given AP (with multiple ports) can be viewed and changed on the details page under the Summary tab. When an AP is initially added to the Dashboard, the default AP port profile will be applied to the Access Point. If only one default profile is needed, no additional configuration is necessary.

Setting a Default AP Port Profile for the Network

In most cases, it is common for a main AP port profile to be configured across all APs. Setting an AP port profile as the "Default" will configure all APs that don't have an existing override to inherent the default profile:
Screen Shot 2017-01-19 at 12.13.47 PM.png

Overriding a Default Profile

Using the edit tool on the AP details page under the Summary tab, an AP port profile may be configured to the AP which overrides the default configuration. In the below configuration, the Suite Rooms configuration will be applied to this specific AP.

Screen Shot 2016-12-06 at 4.35.11 PM.png

Bulk Override and Configure Profiles

On the Wireless > Configure > Port profile > Assign APs page, an administrator can bulk update the override configuration for the port profiles. Check the box next to each AP to assign a new profile or restore back to the default.
Screen Shot 2016-12-06 at 4.36.24 PM.png

Applying profiles to APs with 2 ports

MR52/MR53/MR53E/MR84/MR57 APs feature a second Ethernet port that is typically used for uplink link aggregation. It is possible to assign a port profile initially designed for the MR30H/MR36H model to these 2-port APs to extend wired access to clients connected to the second Ethernet port.




Warning: Please note that port profiles and link aggregation on 2-port APs are mutually exclusive features. If you have a default port profile meant for your MR30H in the network you have to unassign this port profile from MR52/MR53/MR53E/MR84/MR57 (if applied by default) before link aggregation can be enabled on these models.


If link aggregation is enabled on MR52/MR53/MR53E/MR84/MR57 APs, the dashboard will disable port profiles for these APs. This means that the Ports tab is hidden, and the port profile section, on the Summary, is not displayed.


If link aggregation is disabled on MR52/MR53/MR53E/MR84/MR57 APs, port profiles can be assigned to these APs. The status of link aggregation can be view on the AP details page.



Link aggregation can be enabled/disabled by clicking the configuration button (pencil icon) on the AP details page.

When a port profile is assigned to MR52/MR53/MR53E/MR84/MR57 APs the secondary port on the AP honors the configuration assigned by port 1 on the port profile. In other words, assigning a port profile will disable link aggregation. Ports 2-4 can be configured on the profile but are not honored by the AP. All disabled SSIDs will become "wired-only" meaning that they can be configured on wired ports.

Mesh: This feature should not be enabled on 2-port APs when using mesh mode (repeater) as it is not possible to have two unique configurations on each port. Mesh repeaters will have the same configuration on both ports as specified by port 1 in the port profile.

Network-Wide Setting: When a port profile is assigned to MR52/MR53/MR53E/MR84/MR57 APs, the Network-wide > General > Clients wired directly to Meraki APs setting will no longer apply to the AP models listed above within in the network.

Monitoring the AP's Profile

The Ports tab on the AP details page (Wireless > Access Points > [select an AP]) is a single page used to view the status of the wired ports of an access point. This page allows administrators to view the current configuration of each port as well as see live status information for these ports:

Screen Shot 2016-12-06 at 4.42.46 PM.png

Tagging VLANs on Wired AP Clients

It is ideal to use AP tags and a tag-to-VLAN mapping (set under Wireless > Configure > Access Control) in order to reduce the number of SSIDs and profiles necessary for a configuration. Wired ports will then honor the VLAN tag set. More information on VLAN tagging can be found here.

Wired-only SSIDs

Any SSID can be mapped to a wired port even if it is not intended to serve wireless clients. SSIDs that are disabled become "wired only" when selected by a port profile. "Wired only" is an SSID mode that disables wireless connectivity, only allowing for wired connectivity. To remove wired access from a "wired only" SSID, the SSID must be removed from the AP port profiles.

Screen Shot 2016-11-19 at 12.05.55 PM.png

Honored SSID Parameters on Wired Clients

As described throughout this article, wired clients inherent the configuration of the SSID. Below is a list of common configuration parameters that are honored when wired clients are mapped to an SSID:

SSID Parameter

Wired Client on H series AP Wired client on AP with 2 ports (detail above)
Open access Honored Honored
WPA2-PSK Not honored (Open access) Not honored (Open access)
WPA2-Ent Honored as wired 802.1X Not honored (Open access)
MAC Based Authentication Honored as wired MAC authentication Not honored (Open access)
Splash page settings Honored Honored
VLAN override Honored Honored
Firewall rules & traffic shaping Honored Honored
DAS (CoA) Not honored Not honored
URL redirect (CWA) Not honored Not honored
Bridging methods (Bridge mode, VPN Concentrator, ...) Honored Honored
  • Was this article helpful?