Meraki

Community

Inter-VLAN Firewall

Jonathan_Galvez
Here to help
‎Jun 10 2024 6:44 AM
‎Jun 10 2024 6:44 AM

Inter-VLAN Firewall

Hi guys,

 

I have a very weird scenario and I can not get an explanation by myself.

I want to isolate VLANs so I can block or allow the communication between VLANs.

 

In my test scenario I made the following:

 

My Computer: VLAN 1

My Handy: VLAN 2

I made a Firewall Rule ICMPv4 block from VLAN 1 to VLAN 2.

 

Picture 1: The rule seems to work and the ICMPs are blocked.

 

1.png

Picture 2: I allow the rule and the ICMP goes through.

2.png

Picture 3: When I change the rule again, no more packets are blocked.

3.png

Can please someone explain me, why it doesn't work anymore and how can I configure inter-VLAN Firewall.

I know this document: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal... 

But it seems to work only one time...

 

Thanks and regards,

 

Jonathan

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 6:51 AM
‎Jun 10 2024 6:51 AM

Just to confirm, is the MX the default gateway for both VLANs?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Jonathan_Galvez
Here to help
‎Jun 10 2024 6:53 AM
‎Jun 10 2024 6:53 AM

Yes

0 Kudos
In response to Jonathan_Galvez
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 6:57 AM
‎Jun 10 2024 6:57 AM

Have you ever tried to create an inboung rule instead of an outbound rule?

 

alemabrahao_0-1718027862198.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 7:43 AM
‎Jun 10 2024 7:43 AM

 you should wait like 10 minutes, and not generate any traffic on the tcp/udp port or in this case icmp

 

cmr
Kind of a big deal
Kind of a big deal
‎Jun 10 2024 8:41 AM
‎Jun 10 2024 8:41 AM

Changes to current flows are not reflected by blocks, only new flows.  Or if you stop the ping and restart it, is it still allowed?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Jonathan_Galvez
Here to help
‎Jun 12 2024 11:54 PM
‎Jun 12 2024 11:54 PM

Thanks guys, will try right now 😉 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.