Meraki

Tanin · ‎Jan 19 2022

Hi, I have created a vlan on my meraki MX and I have set up the subnet, MX IP, and vlan ID! The deployment mode is routed. Under security > Firewall, I have allowed "any" for ICMP (ping). The port where the switch is connected (downstream MX port) has the native vlan (which is not the vlan I have created) and then under allowed vlan I have "ALL VLANs"!

I am unable to ping the MX IP (default gateway for the client)! Is there anything that I might miss on the configuration or maybe something else I should check?

Thank you

ww · ‎Jan 19 2022

check if the mx port set to native vlan x, allow all

Check if the switchport connecting to the mx is set to native vlan x allow all.

Check if switchport connecting the client is a access port with vlan set to "your new vlan id"

Does the client now get a dhcp address in the subnet from the new vlan?

Brash · ‎Jan 19 2022

What @ww said is a great starting point.

Just to add, you said you enabled ping any under Security -> Firewall.
Was that under outbound rules or security appliance services?
The setting under security appliance services is to allow remote IP's to ping the MX via the upstream WAN interface. It doesn't impact downstream.

Traffic coming from downstream will adhere to L3 firewall rules and ACL's, so I suggest ensuring that they're setup correctly to allow ICMP.

Tanin · ‎Jan 19 2022

Hi WW & Brash,

Thank you for your reply.

I have found the cause of issue is the wireless controller firewall rule.

Meraki

Community

I cannot ping gateway (interface vlan on MX) from cilent in same vlan

I cannot ping gateway (interface vlan on MX) from cilent in same vlan