Why secured VLANs are still accessible through Samba connection?

Mak
Here to help

Why secured VLANs are still accessible through Samba connection?

I created two VLANs on Meraki Go GX50 Firewall and activate the “secured” button within the VLAN setting. One VLAN 5 is setup on Port No. 5 of GX50 (with IP addressing 192.168.1.xxx) for IoT devices and this Port is connected directly to anOrbi RBR850 setup as an Access Point. Another VLAN 2 is setup on Port No. 2 of GX50 (with different IP addressing 10.0.0.xx) and is connected to my Network Attached Storage Server “NAS” through a switch (with only the NAS attached to it, no other device besides the NAS). Since both VLANs are secured respective from accessing each other, I am under the impression they would not be able to communicate with each other.

 

Then on my MacBook connected to the SSID on Orbi through WiFi, theoretically I should be on the IoT VLAN 5. A check on GX50’s DHCP allocation I could confirm my MacBook was assigned to VLAN 5 with an IP 192.168.1.xx.

 

However, despite both VLANs are secured and should not be able to communicate with each other, I was surprise that I could still able to access my NAS (in VLAN 2) from my MacBook in VLAN 5 through the SAMBA connection. In fact, I can still do basically anything in my NAS (add/copy file, delete file, move file etc).

 

My question is, what’s the point of creating VLANs and establish firewall rules, when they are not really secured as I thought?

 

Can you please advise in which step or procedure I have done incorrectly that may lead to the VLANs not being properly secured as intended?

 

Thanks!

 

Regards-

 

Mak

1 Reply 1
TyShawn
Head in the Cloud

@Mak ,

 

I think there might be a bug when creating  a new secured VLAN. For me I did the following and got the same result that you did. 

 

1. Created a new wired VLAN enabling the secure network feature and DHCP server.

2. Created a new SSID.

3. Connect my laptop to the new SSID and attempted to pin across the VLANs.

 

To verify my work I went to settings / Local Network Addressing / "Select the VLAN" / Edit / Configure VLAN. It was here that I saw that the 

Secure this network option was still disabled. Once I enabled the option and waited 2 minutes I was no longer able to cross VLANs.
If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.