Why secured VLANs are still accessible through Samba connection?

Mak
Here to help

Why secured VLANs are still accessible through Samba connection?

I created two VLANs on Meraki Go GX50 Firewall and activate the “secured” button within the VLAN setting. One VLAN 5 is setup on Port No. 5 of GX50 (with IP addressing 192.168.1.xxx) for IoT devices and this Port is connected directly to anOrbi RBR850 setup as an Access Point. Another VLAN 2 is setup on Port No. 2 of GX50 (with different IP addressing 10.0.0.xx) and is connected to my Network Attached Storage Server “NAS” through a switch (with only the NAS attached to it, no other device besides the NAS). Since both VLANs are secured respective from accessing each other, I am under the impression they would not be able to communicate with each other.

 

Then on my MacBook connected to the SSID on Orbi through WiFi, theoretically I should be on the IoT VLAN 5. A check on GX50’s DHCP allocation I could confirm my MacBook was assigned to VLAN 5 with an IP 192.168.1.xx.

 

However, despite both VLANs are secured and should not be able to communicate with each other, I was surprise that I could still able to access my NAS (in VLAN 2) from my MacBook in VLAN 5 through the SAMBA connection. In fact, I can still do basically anything in my NAS (add/copy file, delete file, move file etc).

 

My question is, what’s the point of creating VLANs and establish firewall rules, when they are not really secured as I thought?

 

Can you please advise in which step or procedure I have done incorrectly that may lead to the VLANs not being properly secured as intended?

 

Thanks!

 

Regards-

 

Mak

1 REPLY 1
TyShawn
Building a reputation

@Mak ,

 

I think there might be a bug when creating  a new secured VLAN. For me I did the following and got the same result that you did. 

 

1. Created a new wired VLAN enabling the secure network feature and DHCP server.

2. Created a new SSID.

3. Connect my laptop to the new SSID and attempted to pin across the VLANs.

 

To verify my work I went to settings / Local Network Addressing / "Select the VLAN" / Edit / Configure VLAN. It was here that I saw that the 

Secure this network option was still disabled. Once I enabled the option and waited 2 minutes I was no longer able to cross VLANs.