cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX64 Passthrough to Huawei Core switch compatibility

Highlighted
Comes here often

MX64 Passthrough to Huawei Core switch compatibility

Greetings,

 

we have setup a MX64 in passthrough mode in between the Huawei Core and a Cisco router on one of our clients the MX can see the traffic  going through it. When we tried to make global policies it can block clients from accessing youtube but when we made group policies it can only block clients that are on the same vlan as the MX. further troubleshooting, it was found out that the link from core to MX was a trunk (maybe router on a stick setup) and client has given us an ip address from the guest vlan because it was the only vlan allowed to access the internet. 

 

now the question is that is it correct that the link from core switch to MX is a trunk?

if yes what vlan should we place the MX taking in consideration that the core switch is Huawei and has a confusing interface setup (access, trunk, hybrid?)?

 

 

5 REPLIES 5
Kind of a big deal

Re: MX64 Passthrough to Huawei Core switch compatibility

I believe group policies are applied based on client MAC address, so the MX needs to be in the same VLAN as the clients.  I would like someone to tell me I am wrong though.

 

It does not matter if it is a trunk of access port.

Kind of a big deal

Re: MX64 Passthrough to Huawei Core switch compatibility

You could create a L3 (using FQDN) or L7 firewall rules and apply that based on subnet though - but you wont be able to see group policies.

Comes here often

Re: MX64 Passthrough to Huawei Core switch compatibility

i need group policies because we will only block youtube on certain times and on certain users.

Comes here often

Re: MX64 Passthrough to Huawei Core switch compatibility

will changing client tracking from MAC Address to IP Address do somethig about it?

Kind of a big deal

Re: MX64 Passthrough to Huawei Core switch compatibility

No.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.