Meraki H-series MR access points feature additional ports that may be used for extending network connectivity to wired devices. MR port profiles is a feature delivered via the Meraki dashboard in order to apply configuration to the LAN ports on a Meraki Access point.
An SSID may be configured with a customized splash page, network access, and firewall rules to customize the experience of the wireless connection. These SSIDs can then be extended to wired connections via AP port profiles.
AP port profiles map an SSID to a wired port on an Access Point. The port profile for a given AP can be found on the Summary tab of an AP that contains multiple ports. The configuration page may be accessed either on the AP's Ports tab or on the Wireless > Configure > Port profiles page.
To configure and manage port profiles, navigate to Wireless > Configure > Port profiles. Create a new Profile by clicking the Create new profile button or select an existing profile to adjust the configuration. Enable the ports via the toggle switches, name the port for future reference, and select the SSID intended to be extended to wired devices on each port
The AP port profile that is currently configured on a given AP (with multiple ports) can be viewed and changed on the details page under the Summary tab. When an AP is initially added to the Dashboard, the default AP port profile will be applied to the Access Point. If only one default profile is needed, no additional configuration is necessary.
In most cases, it is common for a main AP port profile to be configured across all APs. Setting an AP port profile as the "Default" will configure all APs that don't have an existing override to inherent the default profile:
Using the edit tool on the AP details page under the Summary tab, an AP port profile may be configured to the AP which overrides the default configuration. In the below configuration, the Suite Rooms configuration will be applied to this specific AP.
On the Wireless > Configure > Port profile > Assign APs page, an administrator can bulk update the override configuration for the port profiles. Check the box next to each AP to assign a new profile or restore back to the default.
Some APs feature a second Ethernet port that is typically used for uplink link aggregation. A beta UI feature makes it is possible to assign a port profile to extend wired access to printers and projectors. The rest of the article below covers the compatibility of advanced features on the wired ports of these APs.
With this feature enabled, link aggregation is disabled on all APs in the dashboard network in favor of providing wired client access even if an AP is not assigned a profile. The secondary port on the AP honors the configuration assigned by port 1 on the profile. Ports 2-4 can be configured on the profile but are not honored by the AP. Covered below in more detail, all disabled SSIDs will become "wired only" meaning that they can be configured on wired ports.
This feature should not be enabled on 2-port APs when using mesh mode (repeater) as it is not possible to have two unique configurations on each port. Mesh repeaters will have the same configuration on both ports as specified by port 1 in the port profile.
Network Wide Setting:
Once this feature is enabled, the Network-wide > General > Clients wired directly to Meraki APs setting will no longer apply to the AP models listed above within in the network.
Please contact support to have this feature enabled. Once enabled you will find that the Ports tab will be shown on the Access Point details page for the supported APs as listed above.
The Ports tab on the AP details page (Wireless > Access Points > [select an AP]) is a single page used to view the status of the wired ports of an access point. This page allows administrators to view the current configuration of each port as well as see live status information for these ports:
It is ideal to use AP tags and a tag-to-VLAN mapping (set under Wireless > Configure > Access Control) in order to reduce the number of SSIDs and profiles necessary for a configuration. Wired ports will then honor the VLAN tag set. More information on VLAN tagging can be found here.
Any SSID can be mapped to a wired port even if it is not intended to serve wireless clients. SSIDs that are disabled become "wired only" when selected by a port profile. "Wired only" is an SSID mode that disables wireless connectivity, only allowing for wired connectivity. To remove wired access from a "wired only" SSID, the SSID must be removed from the AP port profiles.
As described throughout this article, wired clients inherent the configuration of the SSID. Below is a list of common configuration parameters that are honored when wired clients are mapped to an SSID:
|Wired Client on H series AP||Wired client on AP with 2 ports (detail above)|
|WPA2-PSK||Not honored (Open access)||Not honored (Open access)|
|WPA2-Ent||Honored as wired 802.1x||Not honored (Open access)|
|MAC Based Authentication||Honored as wired MAC authentication||Not honored (Open access)|
|Splash page settings||Honored||Honored|
|Firewall rules & traffic shaping||Honored||Honored|
|DAS (CoA)||Not honored||Not honored|
|URL redirect (CWA)||Not honored||Not honored|