Meraki

Jhunrik · ‎Mar 22 2018

Greetings,

we have setup a MX64 in passthrough mode in between the Huawei Core and a Cisco router on one of our clients the MX can see the traffic going through it. When we tried to make global policies it can block clients from accessing youtube but when we made group policies it can only block clients that are on the same vlan as the MX. further troubleshooting, it was found out that the link from core to MX was a trunk (maybe router on a stick setup) and client has given us an ip address from the guest vlan because it was the only vlan allowed to access the internet.

now the question is that is it correct that the link from core switch to MX is a trunk?

if yes what vlan should we place the MX taking in consideration that the core switch is Huawei and has a confusing interface setup (access, trunk, hybrid?)?

PhilipDAth · ‎Mar 22 2018

I believe group policies are applied based on client MAC address, so the MX needs to be in the same VLAN as the clients. I would like someone to tell me I am wrong though.

It does not matter if it is a trunk of access port.

PhilipDAth · ‎Mar 22 2018

You could create a L3 (using FQDN) or L7 firewall rules and apply that based on subnet though - but you wont be able to see group policies.

Jhunrik · ‎Mar 22 2018

i need group policies because we will only block youtube on certain times and on certain users.

Jhunrik · ‎Mar 22 2018

will changing client tracking from MAC Address to IP Address do somethig about it?

PhilipDAth · ‎Mar 22 2018

No.

Meraki

Community

MX64 Passthrough to Huawei Core switch compatibility

MX64 Passthrough to Huawei Core switch compatibility