Meraki

Community

Meraki Switching ACLs

Solved
RobertOcampo
Here to help
2 weeks ago
2 weeks ago

Meraki Switching ACLs

Greetings, 

 

We are are using our MS425 Switch for ACLs, we have an instance where our Staff VLAN on WIFI is allowed to printer to our Printer VLAN, however when we use ethernet the endpoint is no longer able to send print jobs to the Printer VLAN.

 

We have assess our Switching ACLs in the Meraki Dashboard. We are deny all ports in the Staff VLAN except for Port, 80, 443, 53, 67, 68, 515, 554, 631, 5353. 

 

Not sure as to why we are able to print via windows/Apple on WIFI and not using Ethernet. Shouldn't the ACLs apply to both WIFI and Ethernet?

 

Any thoughts, would be appreciated?

Rob

Labels:
0 Kudos
1 Accepted Solution
rhbirkelund
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

ACLs configured on the Switching page, are only applied to Switches. Not Wifi per se. They may impact ports that have APs connected. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

View solution in original post

0 Kudos
7 Replies 7
rhbirkelund
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

ACLs configured on the Switching page, are only applied to Switches. Not Wifi per se. They may impact ports that have APs connected. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
RobertOcampo
Here to help
2 weeks ago
2 weeks ago

Hi Rhbirkelund,

 

I appreciate the reply, my apologies I forgot to mention that all of our switching is MS Switches, from 425 aggregation switch to 390 Access Switch. we use MR APs that directly connect to the 390s. 

0 Kudos
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

That depends, who is the gateway for the network?

Can you send a screenshot of the settings?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

 

Take a packet capture for WiFi and Ethernet.  Compare them.  Find the difference.  🙂

0 Kudos
In response to PhilipDAth
RobertOcampo
Here to help
a week ago
a week ago

Hi PhilipDAth,

 

Thanks for the suggestions, I will give that a shot. 

0 Kudos
JonoM
Meraki Employee
Meraki Employee
a week ago
a week ago

Hi @RobertOcampo ,

 

@PhilipDAth's suggestion is excellent and will certainly help to see why WiFi traffic is being allowed on WiFi but not ethernet.

 

Since you are using all Meraki Switches, you can take packet captures directly from the dashboard.

 

I would recommend taking these captures on the switch port that your WiFi/Ethernet end client is connected to. You can filter the traffic captured using a filter expression 'host X.X.X.X' where X.X.X.X is the IP address of your end client. 

 

Example of what you packet capture might look likeExample of what you packet capture might look like

 

If you need any help reviewing the packet capture, you can reach out to the Meraki Support team and we will be happy to help!

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
In response to JonoM
RobertOcampo
Here to help
a week ago
a week ago

Hi JonoM,

 

That is super helpful, I will try that out.  Thanks

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.