Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group policy for VLAN problem

jumpy
Here to help
‎Jul 21 2019 8:44 PM
‎Jul 21 2019 8:44 PM

Group policy for VLAN problem

Hi there,

 

I'm newbie to Meraki and having some problem group policy in VLAN.

 

There are 2 sites in my client environments HQ and branch. HQ has one MX86 and branch has one MX64. They also do Site to Site VPN.

 

 

For HQ, Applying group policy in VLAN is working properly but not the branch. After appiled policy in VLAN, Client cannot go outside either HQ or internet. I have checked the policy and no deny rule there. Just only Youtube not allowed.

 

There is something suspicious that the branch basically use single LAN(Disabled VLAN). In order to apply policy to all client, I have to enable VLAN and then clients can't go outside after that.

 

Currently, I have done alternative way which is applying policy by client that no need to do VLAN enabled.

 

I think the problem is about VLAN. May I have some advice from you guys on this?

 

PS. The branch has 2 unmanaged switches. 

 

Thank you

 

 

 

 

 

 

 

 

 

0 Kudos
Subscribe
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 21 2019 9:21 PM
‎Jul 21 2019 9:21 PM

If you only have one VLAN (it was disabled) and you want to apply a group policy to the VLAN - why not make this whole thing much simpler.

 

Disable the VLAN again.  Forget about using group policy.  Just apply the rules globally to that network.

0 Kudos
Subscribe
In response to PhilipDAth
jumpy
Here to help
‎Jul 21 2019 9:25 PM
‎Jul 21 2019 9:25 PM

Hi Phiilip,

 

Sorry I missed some point to explain. I need to do scheduling policy which group policy can afford me.

 

0 Kudos
Subscribe
AjitKumar
Head in the Cloud
‎Jul 21 2019 9:27 PM
‎Jul 21 2019 9:27 PM

Hi @jumpy 

 

This is what I understand at Branch

1. If you use single LAN(Disabled VLAN). Everything is works fine (Internet and VPN).

2. When VLAN is enabled services stops working as there a group policy applied on the VLAN.

 

Could you try doing the following and let us know the results

 

1. Enable VLAN without Policy.

2. Configure the Port as Access Port (down-link to Switches)

    Addressing & VLANs > Per-port VLAN Settings > Type Access

 

If this works. Try to apply the Apply the policy on the VLAN.

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
0 Kudos
Subscribe
In response to AjitKumar
jumpy
Here to help
‎Jul 23 2019 2:28 AM
‎Jul 23 2019 2:28 AM

Hi Ajit,

 

Thank you for your advice but I have done as you said before and it's not work..

 

So, I have tried to configure as Trunk and it's work! Client can go both VPN and internet but group policy is not working as gp applied in VLAN . Client can access to Youtube even I have blocked it in group policy.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.