Meraki

Community

Group policy across networks

Solved
AndreaBagliano
Comes here often
‎Dec 1 2020 7:32 AM
‎Dec 1 2020 7:32 AM

Group policy across networks

Related devices:  MX100
 meraki_policy.PNG

 

 
I have an MX100 with 2 networks:
192.168.40.0/40 on port 3  VLAN 1 of MX100
192.168.50.0/24 on port 5 VLAN 10 of MX100
 
Suppose we have 2: 
host A (connected to port 3)
host B (connected to port 5)
 
I want to block traffic when HOST B communicates with HOST A but allow traffic when HOST A communicates to HOST B, in other words  I would like that is permitted the connection only if is started from HOST A to Host B then:
 
 A trying to ping B should get reply.
 B trying to ping A should fail
 
There is a way to activate this policy
Thaks in advance
0 Kudos
1 Accepted Solution
kYutobi
Kind of a big deal
‎Dec 1 2020 7:50 AM
‎Dec 1 2020 7:50 AM

Check this out. Hope it helps.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Enthusiast

View solution in original post

0 Kudos
2 Replies 2
kYutobi
Kind of a big deal
‎Dec 1 2020 7:50 AM
‎Dec 1 2020 7:50 AM

Check this out. Hope it helps.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Enthusiast
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2020 1:39 PM
‎Dec 1 2020 1:39 PM

Host-based group policy is not stateful - so you can not use that.

 

You would need to give the hosts a static IP address (could be a DHCP reservation) and use standard L3 firewall rules to accomplish this.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.