Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

V-Lan - SSID - DHCP Wiht access to default lan

EamonnT
Conversationalist
‎Mar 16 2023 2:28 PM
‎Mar 16 2023 2:28 PM

V-Lan - SSID - DHCP Wiht access to default lan

Hi everyone, 

I have a Meraki MX84 Appliance and wn to know if its possibeto do the the following. 

 

My Defauld Lan is 192.168.10.x 

I have created a V-lan wint DHCP Ip address scheme of 192.168.11.x 

I want tos setup a new SSID  called HFSPD and give any device who joins an ip of 192.168.11 x 

 

All of the abouve is working fine and Im happy put.

But i need to give the V-lan 192.168.11.X access to the Default lan  of 192.168.10.X whilst kewping its ip Addres schem of 192.168.11.X 

Can any advise me what i have to do ?

 

many thanks and happy St Patricks weekend to you all from Dublin, Eire. 

0 Kudos
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Mar 16 2023 2:42 PM
‎Mar 16 2023 2:42 PM

That should work by default.

Unless you configured firewall rules that would deny it.

0 Kudos
Jonathan-S
Meraki Employee
Meraki Employee
‎Mar 16 2023 2:42 PM
‎Mar 16 2023 2:42 PM

Hi EamonnT,

 

You shouldn't have any issues with this desired configuration. Ensure that the SSID is set to bridge mode and is tagging its traffic with the VLAN ID for the 192.168.11.x network.

 

The MX84 will allow inter-VLAN communication by default but if you have stricter firewall rules in place, a simple set of layer 3 outbound rules allowing traffic between the 192.168.10.x and 192.168.11.x networks would give you the desired result. You can read more about the MX's firewall behavior and configuration options at the following Meraki resource:

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
In response to Jonathan-S
EamonnT
Conversationalist
‎Mar 17 2023 9:11 AM
‎Mar 17 2023 9:11 AM

Hey Jonathan, thanks for the reply! 

I have everythign setup i think, but i cant  ping anything from eihter the lan or the SSID 

so when i ping 10.0.3.50 from 10.0.0.50  and vice versa , im not getitng anything. 

 

I think mayne my forewall rules  are wrong . whast the best way to configure them ? 

 

thanks in advance for any help you can give me, 

cheers. 

Eamonnt 

0 Kudos
In response to EamonnT
Jonathan-S
Meraki Employee
Meraki Employee
‎Mar 27 2023 12:22 PM
‎Mar 27 2023 12:22 PM

Hi EamonnT,

 

My apologies for the delay as I was out on holiday.

 

You did not mention if you are leveraging our Meraki MR product line of wireless APs but if you are, be sure to check and confirm that we are not blocking layer 3 traffic destined for the "Local LAN" by navigating to Wireless > Firewall & traffic shaping from your Meraki Dashboard portal. Then be sure to select the SSID(s) in question from the SSID drop-down menu and see if the first rule in the "Outbound rules" section is set to "Allow" (Destination: Local LAN).

 

You can read more about how this rule is intended to work at the following Meraki resource:

 

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

 

If this is already set to "Allow" for the Local LAN destination, my recommendation here would be to contact our 24/7 Enterprise Support for further troubleshooting. You can view these options by navigating to Help / (Question Mark icon) > Get help from your Meraki Dashboard portal, selecting the "Still need help?" link, and then calling the Meraki Support Team or submitting an email case.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.