Meraki

Community

InterVLAN traffic

Solved
FSaucedo
Here to help
yesterday
yesterday

InterVLAN traffic

hi all, 

hoping I can get some assistance here and apologies as I know enough to get into trouble but not enough to get all details done. We have an MX105 and setup VLANs on it for some of our devices:

Screenshot 2025-10-13 121723.png

From reading here and elsewhere, I was understanding that if we set the VLANs in the MX, traffic between separate VLANs can take place. I added the appropriate outbound Layer 3 rules in the fireall to allow traffic between VLAN 2 and VLAN 3:

Screenshot 2025-10-13 122346.pngbut I am not able to get one to ping from VLAN 3 to VLAN 2.

At the switch, I edited the ports for the appropriate VLAN identification:

Screenshot 2025-10-13 123102.png

Do I need to add VLAN interfaces in each switch? Do I need to add routes? Any assistance would be greately appreciated. Thanks in advance!

0 Kudos
1 Accepted Solution
In response to FSaucedo
IvanJukic
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
yesterday
yesterday

Hi @FSaucedo ,

As @ww & @RWelch  have mentioned. Most likley a filter or block rule preventing the traffic. Also check the switch ACL rules as well.

 

https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation

 

 

 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

15 Replies 15
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Curious if the port configuration you show is for a TRUNK (switch to switch) port or is this for an end device (access port)?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
FSaucedo
Here to help
yesterday
yesterday

Port is for an end device. Does this need to be switched to Access?

 

0 Kudos
In response to FSaucedo
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Yes.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
FSaucedo
Here to help
yesterday
yesterday

I changed the switch ports of two devices to Access and specified the VLAN ID's accordingly :

for VLAN2for VLAN2for VLAN3for VLAN3but I am still unable to ping from one to the other. Am i missing something else?

 

 

0 Kudos
In response to FSaucedo
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

The images you show above are for a MS switch and you alluded to having a MX105.

What are the port settings between the MX105 and switch (uplink to the MX)?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
FSaucedo
Here to help
yesterday
yesterday

We are using only port 5 in the MX. Here are the current port configurations Uplink port in switchUplink port in switchPorts in MXPorts in MX

0 Kudos
In response to FSaucedo
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Pings between VLANs should work.  

I just went back and looked at the FW rules and noticed there is missing /24 on the FW entry #9 (the 3 to 2 rule).

And technically since this is InterVLAN routing you don't have to add ALLOW because the default automatically allows VLAN traffic (unless specified otherwise as deny).

Screenshot 2025-10-13 at 13.20.57.png

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
FSaucedo
Here to help
yesterday
yesterday

typing too fast obviously.... 

Unfortunately, even after fixing the typo in the firewall rule, I am still unable to ping the device. 

0 Kudos
In response to FSaucedo
ww
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Does the destination client allow ping. For example:By default a windows pc cant be pinged.

 

Can they ping eachother when you put them both in the same vlan?

In response to ww
FSaucedo
Here to help
yesterday
yesterday

The devices I am testing with are a Windows PC (VLAN3) and a UPS (VLAN2). I have a station in default VLAN1 which can ping both devices in 2 and 3 and I can ping from devices in 2 and 3 to VLAN1. I moved the PC from VLAN3 to VLAN2 and I was able to ping the UPS within the same VLAN. But if I move the PC back to VLAN3, it is not able to ping the UP any longer.

 

Is there a setting(s) that blocks interVLAN traffic? I do not have any block rules in the outgoing firewall rules and I cannot think of anything else that could be affecting this at this time. 

 

0 Kudos
In response to FSaucedo
ww
Kind of a big deal
Kind of a big deal
yesterday
yesterday

So vlan 1 client can ping to vlan 3 client. But at the same time vlan2 client cant ping vlan 3 client?

 

Check if something is blocked if you filter on the vlan 3 client. And ping from vlan2 to vlan 3

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Firewall_Logging

In response to ww
FSaucedo
Here to help
8 hours ago
8 hours ago

That is correct, VLAN2 cannot ping VLAN3 and vice versa. I was not aware of the Firewall logging. I am currently trying it out to see if it catches anything but I cannot seem to get it working. When used, it comes up empty. Maybe I am not using it properly?

This might be part of the problem I am having... 

0 Kudos
In response to FSaucedo
IvanJukic
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
yesterday
yesterday

Hi @FSaucedo ,

As @ww & @RWelch  have mentioned. Most likley a filter or block rule preventing the traffic. Also check the switch ACL rules as well.

 

https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation

 

 

 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
In response to IvanJukic
FSaucedo
Here to help
8 hours ago
8 hours ago

Thank you. Found switch ACL rules that were blocking traffic between these two specific VLANs. Gonna have to have a serious talk with my assistant..

In response to FSaucedo
IvanJukic
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
24m ago
24m ago

Nice... Glad you managed to get it resolved @FSaucedo 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.