Meraki

Community

Block traffic over site-to-site and LAN Extention

Solved
TravisFleming1
Conversationalist
‎Jul 26 2021 8:34 AM
‎Jul 26 2021 8:34 AM

Block traffic over site-to-site and LAN Extention

We have a MX100 in our Minnesota and Saskatoon offices. The Saskatoon office is new to us (bought company), and we have routes in place for our network monitoring tools to do SNMP polls on UDP port 161 from Minnesota to Saskatoon. However we don't want to allow anything else. Wondering how I can block this?

 

This is the complicated part. We have a traditional site-to-site VPN where I can create a firewall rule, but then we also have an EVPL layer 2 extension. We have a LAN interface on each MX setup with a /30 IP address. We then have a static route on each MX saying to send traffic over the EVPL if the next hop gateway is available. So if the EVPL went down, it would fall back to our internet connections.

 

How the heck can I limit the traffic that goes over that LAN segment on the same VLAN? We don't have complete control of PC's on the far end, so we want to limit our exposure.

0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Jul 26 2021 8:47 AM
‎Jul 26 2021 8:47 AM

Create a group policy. Make your stateless fw rules. and apply it to the vlan that connects the evpl

View solution in original post

2 Replies 2
ww
Kind of a big deal
Kind of a big deal
‎Jul 26 2021 8:47 AM
‎Jul 26 2021 8:47 AM

Create a group policy. Make your stateless fw rules. and apply it to the vlan that connects the evpl

In response to ww
TravisFleming1
Conversationalist
‎Jul 26 2021 9:03 AM
‎Jul 26 2021 9:03 AM

Thanks, that worked. I'm new to Meraki, but CCNA in Cisco so...cousins? ha

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.