I created two VLANs on Meraki Go GX50 Firewall and activate the “secured” button within the VLAN setting. One VLAN 5 is setup on Port No. 5 of GX50 (with IP addressing 192.168.1.xxx) for IoT devices and this Port is connected directly to anOrbi RBR850 setup as an Access Point. Another VLAN 2 is setup on Port No. 2 of GX50 (with different IP addressing 10.0.0.xx) and is connected to my Network Attached Storage Server “NAS” through a switch (with only the NAS attached to it, no other device besides the NAS). Since both VLANs are secured respective from accessing each other, I am under the impression they would not be able to communicate with each other.
Then on my MacBook connected to the SSID on Orbi through WiFi, theoretically I should be on the IoT VLAN 5. A check on GX50’s DHCP allocation I could confirm my MacBook was assigned to VLAN 5 with an IP 192.168.1.xx.
However, despite both VLANs are secured and should not be able to communicate with each other, I was surprise that I could still able to access my NAS (in VLAN 2) from my MacBook in VLAN 5 through the SAMBA connection. In fact, I can still do basically anything in my NAS (add/copy file, delete file, move file etc).
My question is, what’s the point of creating VLANs and establish firewall rules, when they are not really secured as I thought?
Can you please advise in which step or procedure I have done incorrectly that may lead to the VLANs not being properly secured as intended?
Thanks!
Regards-
Mak
