As part of our exciting switch launch, we’re rolling out functionality that has been requested in several Meraki wishes: port management roles. This new feature grants configuration privileges to specific Cisco Meraki MS switch ports based on custom tags. Dashboard administrators who receive these port privileges have read-only dashboard access otherwise, ensuring that they are only able to edit the specific ports in question — and nothing else. Port management roles let central IT administrators securely delegate port management to junior staff or contractors where appropriate.
This feature is a natural extension of the Meraki dashboard’s role-based access. For example, it’s already possible to grant varying levels of access (full dashboard privileges or read-only) to Organizational Admins for all of the networks contained within an organization. Going one level deeper, Network-wide Administrators can, likewise, have full privileges or read-only access to their respective networks. Finally Guest Ambassador accounts are available to provide guest access to networks.
How to configure port management roles
Creating granular port configuration privileges is easy: simply navigate to Configure > Alerts and administration, and select the “Add custom admin role” link in the Port management roles section. You are now able to specify the role type, which ports that role has access to, and whether they are allowed to take packet captures from within dashboard.
Here, we’ve specified 3 different roles for ports tagged as “Dorms,” “Labs,” and “VoIP” on our switches.
You identify the ports you’d like a role to have access to by specifying port tags. Tags are custom identifiers you can assign to specific ports in the Configure > switch ports page.
Once roles have been created, you can specify which network admins should receive which role:
If we assign the “Student IT” role to the “Student” account, that account will be able to manage ports tagged as “Dorms.”
We’ve just made this feature live for all MS switches, so existing switch customers can get started today with configuring port management roles.