Meraki

Community

Port communication between VLANs

Solved
NickKova
Getting noticed
‎Sep 24 2022 4:57 AM
‎Sep 24 2022 4:57 AM

Port communication between VLANs

Hi guys, 

 

I am first time posting, since I have odd issue so I would like if someome could please help. I would really appreciate, as I am out of solutions. Have Meraki MX appliance and 2 VLANs, first: 172.16.16.0/24 and second: 10.0. 0.0/24. Have camera surveillance server Exacqvision, in second VLAN,with IP 10.0.0.9, and 2 ports, web access port 8081 for web acces to server and cameras, and 22609 port for client app. All computers in second VLAN can use web and desktop app to access cameras on both ports, either via web, or using app. But computers in first VLAN can only use web access via port 8081 as it works without issues, but not through app, as app requires to work over port 22609, but it is not working accross from second VLAN to the first VLAN. I tried adding firewall rule to allow any ip any port from first VLAN to server IP and port 22609 in second VLAN, but it is not working. App says "can not find server, blocked by firewal or router". Can someone maybe help with advice, I would really appreciate. Thank you.

0 Kudos
1 Accepted Solution
NickKova
Getting noticed
‎Sep 26 2022 10:04 AM
‎Sep 26 2022 10:04 AM

Hey guys just to let you know, issue has been resolved. You helped me tremendously. While I was slowly analyzing packets from .pcap file, I have noticed that TCP conversation was always incomplete, and (so stupid of me did not check this before, but I guess you sometimes miss the trees while looking into the woods 🙂 ) did not look at the Layer7 firewall rules on Meraki. It looked like app requested P2P to be allowed, so once I enabled P2P traffic, app started working. Thank you all for joining in this topic and for your help. Best whishes for all of you guys!!!

View solution in original post

17 Replies 17
alemabrahao
Kind of a big deal
‎Sep 24 2022 5:54 AM
‎Sep 24 2022 5:54 AM

I have never worked with this system, but in some surveillance systems it is necessary to configure IP ranges that are allowed to access the system, have you checked It? It looks like a system issue, not an MX issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Sep 24 2022 5:58 AM
‎Sep 24 2022 5:58 AM

You can perform a packet capture on the server too.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
NickKova
Getting noticed
‎Sep 24 2022 6:17 AM
‎Sep 24 2022 6:17 AM

Thank you very much alemabrahao. When you say packet capture, do you mean like I use wireshark, and install on the server? 

0 Kudos
In response to NickKova
alemabrahao
Kind of a big deal
‎Sep 24 2022 10:35 AM
‎Sep 24 2022 10:35 AM

Yes, but you can perform a packet capture on Meraki dashboard. Do you know how to do this?

 

alemabrahao_0-1664040904752.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Sep 24 2022 7:23 AM
‎Sep 24 2022 7:23 AM

From the second vlan can you ping the CCTV server in the other vlan?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
NickKova
Getting noticed
‎Sep 24 2022 8:48 AM
‎Sep 24 2022 8:48 AM

Thank you. Yes i can ping server. What troubles me is that inter VLAN connection works on port 8081, that is reserved for web service. Also, in servers VLAN, all computers can use both ports for access, 8081, and app port 22609.It is just that somehow 22609 is not available from other VLAN. I can ping server from any VLAN. 8081 web access works from any VLAN. People are used to app, so that is why I am looking for solution. 

0 Kudos
In response to NickKova
cmr
Kind of a big deal
Kind of a big deal
‎Sep 24 2022 8:57 AM
‎Sep 24 2022 8:57 AM

Is the port 22609 traffic unicast, or multicast?  If the latter, thst could be the problem, do you have a managed switch available? 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
NickKova
Getting noticed
‎Sep 24 2022 10:54 AM
‎Sep 24 2022 10:54 AM

Yes, I have Unifi switch. 

0 Kudos
In response to NickKova
cmr
Kind of a big deal
Kind of a big deal
‎Sep 25 2022 1:09 AM
‎Sep 25 2022 1:09 AM

Are you able to enable an IGMP querier (or similar) in the CCTV VLAN on the Ubiquiti switch? 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
NickKova
Getting noticed
‎Sep 25 2022 1:39 AM
‎Sep 25 2022 1:39 AM

I can try enabling IGMP for second VLAN

3b8504f7-6beb-4ebf-a87c-5c831618c196.png

 (never mind IP shown in pic, I just downloaded pic) 

In response to NickKova
alemabrahao
Kind of a big deal
‎Sep 25 2022 5:16 AM
‎Sep 25 2022 5:16 AM

@NickKova 

 

Can you provide more detail about your network? Like a topology or something like that. I'm confused now, because I noticed that the IP ranges is not the same that you described when you started the topic.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
NickKova
Getting noticed
‎Sep 26 2022 5:17 AM
‎Sep 26 2022 5:17 AM

Screenshot 2022-09-26 080541.png

Screenshot 2022-09-26 080834.png

 Topology consists of one Unifi 16port switch, Meraki MX appliance, with 2 setup VLANs. I tried with enabling IGMP snooping on 10.0.0.0/24 network, same result. Picture I posted for IGMP was just downloaded from internet, so just to clarify, 2 VLANs are 172.16.20.0/24 and 10.0.0.0/24. CCTV server resides on second VLAN (I am really sorry if I made confusion for you guys with that picture - also I noticed I mistyped in first post network details regarding first VLAN - it is 172.16.20.0/24). Devices from first VLAN can ping devices on second VLAN, and can access web service for CCTV server at 10.0.0.9:8081 without problems. It is just the app that uses 22609 port and it is not working. 

0 Kudos
In response to alemabrahao
NickKova
Getting noticed
‎Sep 26 2022 5:41 AM
‎Sep 26 2022 5:41 AM

Screenshot 2022-09-26 084115.png

0 Kudos
In response to cmr
NickKova
Getting noticed
‎Sep 24 2022 12:08 PM
‎Sep 24 2022 12:08 PM

Also forgot to mention, on servers Win firewall, port 22609 is allowed for inbound as TCP and UDP, with allowed edge traversal. 

0 Kudos
In response to NickKova
alemabrahao
Kind of a big deal
‎Sep 24 2022 2:24 PM
‎Sep 24 2022 2:24 PM

Have you tried to disable Windows firewall? Just for test.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
NickKova
Getting noticed
‎Sep 24 2022 11:28 PM
‎Sep 24 2022 11:28 PM

Yes, tried that too, still the same. 

0 Kudos
NickKova
Getting noticed
‎Sep 26 2022 10:04 AM
‎Sep 26 2022 10:04 AM

Hey guys just to let you know, issue has been resolved. You helped me tremendously. While I was slowly analyzing packets from .pcap file, I have noticed that TCP conversation was always incomplete, and (so stupid of me did not check this before, but I guess you sometimes miss the trees while looking into the woods 🙂 ) did not look at the Layer7 firewall rules on Meraki. It looked like app requested P2P to be allowed, so once I enabled P2P traffic, app started working. Thank you all for joining in this topic and for your help. Best whishes for all of you guys!!!

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.