MX64 Passthrough to Huawei Core switch compatibility

Jhunrik
Comes here often

MX64 Passthrough to Huawei Core switch compatibility

Greetings,

 

we have setup a MX64 in passthrough mode in between the Huawei Core and a Cisco router on one of our clients the MX can see the traffic  going through it. When we tried to make global policies it can block clients from accessing youtube but when we made group policies it can only block clients that are on the same vlan as the MX. further troubleshooting, it was found out that the link from core to MX was a trunk (maybe router on a stick setup) and client has given us an ip address from the guest vlan because it was the only vlan allowed to access the internet. 

 

now the question is that is it correct that the link from core switch to MX is a trunk?

if yes what vlan should we place the MX taking in consideration that the core switch is Huawei and has a confusing interface setup (access, trunk, hybrid?)?

 

 

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I believe group policies are applied based on client MAC address, so the MX needs to be in the same VLAN as the clients.  I would like someone to tell me I am wrong though.

 

It does not matter if it is a trunk of access port.

PhilipDAth
Kind of a big deal
Kind of a big deal

You could create a L3 (using FQDN) or L7 firewall rules and apply that based on subnet though - but you wont be able to see group policies.

Jhunrik
Comes here often

i need group policies because we will only block youtube on certain times and on certain users.

Jhunrik
Comes here often

will changing client tracking from MAC Address to IP Address do somethig about it?

PhilipDAth
Kind of a big deal
Kind of a big deal

No.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels