I am trying to block a host from communication with other hosts on the same VLAN on a MX. I am setting the Device Policy as blocked for the host. The host can still communicate with other hosts on the same VLAN. The is blocked from communicating with hosts on the Internet.
I saw this in the documentation:
"...Firewall rule applied to block all communication with other devices on the Network (Only applies to traffic that traverses the Cisco Meraki Device that has the block is configured)..."
I guess what I am seeing is a L3 block at the firewall level, not the switch port level. Can anyone confirm this is the case?
If it is the case, is there any other way to achieve the results that I am looking for?
I work at ForeScout. I have a test bed to simulate one of my customer's environments. They will have an MX, MRs and MS' at remote sites. They will be using the MX switch ports as access ports if there are not enough switch ports available in the MS' at that branch office.
Once the ForeScout appliance determines that an unauthorized device has connected to the the MX, I want to prevent it from communicating to any local device using API calls. It seems the only options I have available are DevicePolicy since the MX does not support COA.
I'm not familiar with Forescout so maybe others can chime in on that. But with a standard 802.1x Windows NPS Meraki deployment it can be configured to drop the computer into a guest VLAN if it fails 802.1x so it is isolated.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.