Group Policies per static route for clients behind a Layer 3 switch

Here to help

Group Policies per static route for clients behind a Layer 3 switch

So I was able to kludge together a working solution but I wanted to know if there is a better way.

  1. Put the MX in Track Clients by IP address mode
  2. Create VLAN on the L3 switch for clients
  3. Create VLAN for routing on the MX for communication with the L3 switch
  4. Create the same VLAN for routing on the L3 switch for communication with the MX
  5. Create Group Policy on the MX and apply to the Routing VLAN
  6. Create Static Route for the VLAN behind to the switch using the VLAN routing to the switch
  7. Create PBR (policy based routing) on the L3 switch using the MX's "VLAN for Routing" interface as the Default Gateway


Here is a screenshot for what it looks like MX side:

(Obviously PBR is different based on your switch vendor).PBR with Meraki for GP.png

Getting noticed

I've been wishing to do this same thing for an eternity now. We even bought a Meraki switch for our core thinking we could then have the L3 routing on that switch and the Meraki mojo would allow us to do filtering by MAC on the MX.

It doesn't.

I want to do the same thing that you're doing and filter the internet by VLAN, each VLAN gets different levels of access by default. I have yet to find a way without having every vlan terminate on the MX, which doesn't work so well...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.