Meraki

AreEyePea

I currently have 2 Vlans.

VLAN 1 - with Internet access for our users.

VLAN 20 - no Internet access. Everything on this VLAN is local for our AV gear. All the AV gear is using multicast.

What would be the best way to give access to VLAN 20 from VLAN 1? I will sometimes need access to get to the IPs of some of the AV devices. I also need to make sure, when allowing the VLAN 20, it will not flood multicast traffic into VLAN 1 which is the reason why VLAN 20 does not have access to the internet.

Will using group policy and making a firewall rule to allow VLAN 20 resolve my issue?

Thanks for the help as always!

alemabrahao

Look, what's usually done is to place the device on the specific VLAN in a group policy that temporarily grants access. This is because there's no way to grant access through another VLAN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth

Unless you have a firewall wall or group policy preventing VLAN1 from talking to VLAN20, it will already be able to talk to VLAN20 IPs using unicast. If you do have such a policy, and an exception for the traffic you want to allow.

If you need to use multicast, you'll need to configure Bonjour forwarding.

https://documentation.meraki.com/MX/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_...

Brash

If it's unicast is all that's needs from VLAN 1 to VLAN 20, just use Layer 3 firewall rules on your firewall.

Eg.
- A rule to restrict VLAN 20 connecting to any other subnets or Internet locations.

- A rule allowing VLAN 1 to communicate with VLAN 20.

If you need multicast, as said above bonjour forwarding might achieve what you're looking for.

Meraki

Community

Access to Vlan with no internet access

Access to Vlan with no internet access