Meraki

Community

How to monitor real-time traffic/session logs between source and destination or inbound/outbound tra

Solved
This2shallpass
Getting noticed
2 weeks ago
2 weeks ago

How to monitor real-time traffic/session logs between source and destination or inbound/outbound tra

Hi Community,

I have a setup where the Meraki MX is handling:
Inter-VLAN routing, DHCP services, Firewall rules for VLAN-to-VLAN traffic

Meraki switches and APs are also part of the same network, and the clients are connected via these switches.

Now, I want to monitor or troubleshoot real-time communication between a Source & Destination at the same site — for example:

Source: VLAN 10 (IP: 192.168.10.5) Example - OT Endpoint
Destination: VLAN 20 (IP: 192.168.20.5) Example - Printer

The MX is routing between them, and firewall rules are allowing the traffic.

What I want to know:
1. How can I confirm in real time that packets are flowing between these two devices?
2. Is there a way to see active sessions or flow logs on the MX dashboard?
3. Can I view this in event logs or only via packet capture?
4. What’s the best practice for troubleshooting such inter-VLAN communication or any inbound or outbound communication through MX?

I’m not using a syslog server.

Appreciate any guidance or tips — especially for tools built into the Meraki dashboard.

0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

You can run a packet capture directly from the Meraki Dashboard.

Use this filter:
host 192.168.10.5 and host 192.168.20.5

Unfortunately, the MX doesn’t expose detailed flow/session tables like traditional firewalls, but you can use Security & SD-WAN > Security Center to show top clients, applications, and threats. It’s not granular by flow, but it does provide visibility into traffic patterns.

You can also use Network > Clients and filter by IP or MAC to see recent traffic, application usage, and destination IPs.

For me, Packet Capture is the best tool for real-time, low-level visibility because it can be run on MXs, switches, or APs and supports filters and live viewing.

As a best practice, you can do a ping test from a client or by using Dashboard > Tools > Ping on the MX. Run a Packet Capture, check Firewall Rules, use the client page to verify that both devices are visible and active, and use the client's traceroute or MX tools to view the path.
If you are not using a syslog server, consider enabling webhooks or API polling to log events externally for future analysis.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

You can run a packet capture directly from the Meraki Dashboard.

Use this filter:
host 192.168.10.5 and host 192.168.20.5

Unfortunately, the MX doesn’t expose detailed flow/session tables like traditional firewalls, but you can use Security & SD-WAN > Security Center to show top clients, applications, and threats. It’s not granular by flow, but it does provide visibility into traffic patterns.

You can also use Network > Clients and filter by IP or MAC to see recent traffic, application usage, and destination IPs.

For me, Packet Capture is the best tool for real-time, low-level visibility because it can be run on MXs, switches, or APs and supports filters and live viewing.

As a best practice, you can do a ping test from a client or by using Dashboard > Tools > Ping on the MX. Run a Packet Capture, check Firewall Rules, use the client page to verify that both devices are visible and active, and use the client's traceroute or MX tools to view the path.
If you are not using a syslog server, consider enabling webhooks or API polling to log events externally for future analysis.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

If the flows are over AutoVPN , you can see them in the VPN Status page, other than that alemabrahao did a nice summary for your options.

PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

As @alemabrahao says, packet capture would be my first choice.

 

But you can also use the Firewall Log in the dashboard.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Firewall_Logging

PhilipDAth_0-1748548309368.png

 

Dunky
Head in the Cloud
2 weeks ago
2 weeks ago

If you are running later firmware versions (I'm on 18.211.5.2) then you can see which packets are passing or getting blocked here.....

Dunky_0-1748617976653.png

I've found this to be invaluable in tracking down issues when we do LAN migrations and quicker than pcaps.

One thing to note though it is thinks rule numbering starts at zero and not 1, so when it reports the rule # it's out by one 🙂

 

 

This2shallpass
Getting noticed
2 weeks ago
2 weeks ago

Thank you @alemabrahao @PhilipDAth @PhilipDAth @Dunky 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.