- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to block Inter-Vlan Routing Cisco Meraki MX64
Hello,
I have following LAN networks.
LAN1 >>> Vlan1 >>> 192.168.128.0/24
LAN2 >>> Vlan10 >>> 10.10.10.0/24
LAN3 >>>Vlan200 >>> 192.168.200.0/24
I want to block LAN1 and LAN2 to access LAN3. I created rules under outbound rules but they are not working. Please check Attached screenshots.
I think I am doing something wrong. Because when I ping from Vlan1 and Vlan10 it still works.
Please let me know what I am missing.
Thanks in Advance
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your screenshot shows that 192.168.200.1 is the MX. Remember - the MX is excluded from the firewall rules.
You have to ping from another device to a different device (something that is not the MX).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @hamidsattar , have you tried running the same ping from a device on the network as a simulated ping from the mx won’t get blocked as shown in your screenshots.
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your firewall rules look correct - but they don't get applied to traffic generated from the MX itself. You'll need to test with actual devices plugged into those VLANs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Philip,
It's still not working. I tried from actual device and I can ping 192.168.200.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your screenshot shows that 192.168.200.1 is the MX. Remember - the MX is excluded from the firewall rules.
You have to ping from another device to a different device (something that is not the MX).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank for the info, I will test it out and let you know the results.
