Meraki

Community

How to block Inter-Vlan Routing Cisco Meraki MX64

Solved
hamidsattar
Here to help
‎Dec 14 2024 11:36 PM
‎Dec 14 2024 11:36 PM

How to block Inter-Vlan Routing Cisco Meraki MX64

Hello,

 

I have following LAN networks.

LAN1 >>> Vlan1  >>> 192.168.128.0/24

LAN2 >>> Vlan10 >>> 10.10.10.0/24

LAN3 >>>Vlan200 >>> 192.168.200.0/24

I want to block LAN1 and LAN2 to access LAN3. I created rules under outbound rules but they are not working. Please check Attached screenshots.

 

I think I am doing something wrong. Because when I ping from Vlan1 and Vlan10 it still works.

 

Please let me know what I am missing.

 

1.png2.pngThanks in Advance

 

0 Kudos
1 Accepted Solution
In response to hamidsattar
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 16 2024 9:56 AM
‎Dec 16 2024 9:56 AM

Your screenshot shows that 192.168.200.1 is the MX.  Remember - the MX is excluded from the firewall rules.

 

You have to ping from another device to a different device (something that is not the MX).

View solution in original post

5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal
‎Dec 15 2024 12:42 AM
‎Dec 15 2024 12:42 AM

Hi @hamidsattar , have you tried running the same ping from a device on the network as a simulated ping from the mx won’t get blocked as shown in your screenshots.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 15 2024 10:45 AM
‎Dec 15 2024 10:45 AM

Your firewall rules look correct - but they don't get applied to traffic generated from the MX itself.  You'll need to test with actual devices plugged into those VLANs.

In response to PhilipDAth
hamidsattar
Here to help
‎Dec 16 2024 7:48 AM
‎Dec 16 2024 7:48 AM

Hello Philip,

 

It's still not working. I tried from actual device and I can ping 192.168.200.1

 

Meraki.png

0 Kudos
In response to hamidsattar
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 16 2024 9:56 AM
‎Dec 16 2024 9:56 AM

Your screenshot shows that 192.168.200.1 is the MX.  Remember - the MX is excluded from the firewall rules.

 

You have to ping from another device to a different device (something that is not the MX).

In response to PhilipDAth
hamidsattar
Here to help
‎Dec 18 2024 4:32 AM
‎Dec 18 2024 4:32 AM

Hi,

 

Thank for the info, I will test it out and let you know the results.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.