Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are access lists handled differently in ms and mx?

Satoh3
Comes here often
‎Jul 6 2022 7:58 AM
‎Jul 6 2022 7:58 AM

Are access lists handled differently in ms and mx?

I have set up an access list for layer3 of mx using the same design concept as the access list for layer3 of ms, but I cannot confirm the expected behavior.
Is there a difference in the way the access list is processed in mx and in ms?

 

Actually Configration

 

List num1 Deny any 192.168.10.0/24 any 192.168.20.0/24 any

List num2 deny any 192.168.20.0/24 any 192.168.10.0/24 any

List num3 allow any any any any any

 

I would think the  192.168.10.0/24 to 192.168.20.0/24 packet would be denied, but for some reason it is allowed.

0 Kudos
Subscribe
2 Replies 2
ww
Kind of a big deal
Kind of a big deal
‎Jul 6 2022 8:08 AM
‎Jul 6 2022 8:08 AM

You did not deny 192.168.10.0/24 to 192.168.10.0/24. And both client most propably do not traverse the mx when communicating in the same vlan

 

Also note that the acl in the switch is stateless and at the mx the normal fw rules statefull

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 6 2022 2:33 PM
‎Jul 6 2022 2:33 PM

The other thing to note is the MS access lists are always stateless.  MX group policy firewall rules are also stateless.

 

The "general" or standard MX firewall rules are stateful.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.