HELP : Need to communicate specific IP address between VLANS

jvelasco
Here to help

HELP : Need to communicate specific IP address between VLANS

Hi CISCO Community,

I have been searching for this here but it still it does not work 😞

I need help on how to communicate our Private VLAN to other VLANs as well. We are using a MX84.

Our Private VLAN is tagged as VLAN2 at 142.63.4.0/24 using port no. 5.
I need to access our File Server tagged as VLAN6 at 172.9.0.3/32 using port no. 10.

I configure it to the firewall settings to allow traffic from VLAN2 going to VLAN10 but still, I can't access our file server.

Please see my configuration below. Thank you.

VLAN SETTINGSVLAN SETTINGSPORT SETTINGSPORT SETTINGSFirewall settings.png





15 Replies 15
PhilipDAth
Kind of a big deal
Kind of a big deal

The file server is on VLAN6 not VLAN10, but that is not the issue.

 

Your layer 3 firewalls are all "permits" - so that is not the issue.

 

I assume that a host on each network can get to the Internet - which will prove you have the correct gateway's configured?

 

Are you trying to access the file server via its IP address?  If not, what method are you using to provide name to IP address mapping?

 

 

My next guess is Windows firewall on the file server.  Have you tried disabling it?

 

 

Also, why are you using public IP addressing on an internal VLAN?

jvelasco
Here to help

Hi @PhilipDAth ,

Thank you for the correction 🙂 on VLANs

Yes, I am accessing it via IP Address. It is on a FreeNas so that no windows firewall is needed to configure. It is working properly before when I am using our Fortigate Switch but when I used our Meraki it does not work anymore.

is there a way to communicate different VLANs within different ports? I think my Layer 3 Firewall is configured correctly. 

Thanks!

PhilipDAth
Kind of a big deal
Kind of a big deal

Have you got AMP or IPS enabled?  If so, could you trying turning them off for 1 minute and see if it changes the problem.  If not, restore them to their original settings.

PhilipDAth
Kind of a big deal
Kind of a big deal

I've come to realise I have made a giant assumption.

 

When it is not working - what is actually happening?  Do you get an error message?

jvelasco
Here to help

It is working properly when I am using our old fortigate. I just configure the firewall settings and it will be accessible. I think I just did the same way in Meraki MX but it does not work.


But when I transfer our File Server to our Team's VLAN 142.63.4.0/24, which is 142.63.4.20 it is accessible.
They are on the different built-in ports, is that the issue?
PhilipDAth
Kind of a big deal
Kind of a big deal

You didn't answer this question either.

 

"Have you got AMP or IPS enabled?  If so, could you trying turning them off for 1 minute and see if it changes the problem.  If not, restore them to their original settings."

jvelasco
Here to help

@PhilipDAth 

Hi Philip,

AMP and IPS are not enabled at the moment because I am just starting to set this up.

Freenas Box can is on local only, and I don't think it is on the internet? Lan port of our FreeNAS box is directly connected to PORT 10 of MX84.

PhilipDAth
Kind of a big deal
Kind of a big deal

If you SSH into your FreeNas box - can you ping www.google.com?

jvelasco
Here to help

Hi Philip,

Yes, I can ping the google.com if I go into the Freenas GUI and SSH

jvelasco
Here to help

Hi All,

Thanks for the supports. This is my fault, I am used to Fortigate so I thought the MX84 works the same as a switch.

I correctly configured our layer 2 manageable switch for this.
BrechtSchamp
Kind of a big deal

So the default gateway on the FreeNAS is set to 172.9.0.1, and on the hosts 142.63.4.1 with subnet masks on both set to 255.255.255.0 right?

jvelasco
Here to help

Hi Brecht,

That is right. My default gateway is 172.9.0.1 and the IP address of the File Server is 172.9.0.3. Our Team's VLAN is 142.63.4.0/24.

But when I transfer our File Server to our Team's VLAN 142.63.4.0/24, which is 142.63.4.20 it is accessible.

They are on the different built-in ports, is that the issue?
PhilipDAth
Kind of a big deal
Kind of a big deal

Can you access the file server from any of the VLANs using private IP addressing?

jvelasco
Here to help

Hi Philip,

"Can you access the file server from any of the VLANs using private IP addressing?"

I am just new to meraki mx, about "Private IP addressing" how can I do that?
PhilipDAth
Kind of a big deal
Kind of a big deal

Can the Freenas box access the Internet?

Can you client access the Internet?

 

I need to know these answers to verify basic connectivity.

 

 

 

VLAN 3, 4 , 5, 6 and 99 are using private IP addressing in your network.

Get notified when there are additional replies to this discussion.