Meraki

Community

Not able to add VLANs to firewall rule

Solved
Jyrki_Halonen
Getting noticed
‎Oct 28 2024 5:16 AM
‎Oct 28 2024 5:16 AM

Not able to add VLANs to firewall rule

I can't use VLANs as an object in MX firewall rules. I only get potion to create new objects or use CIDR.
I would like to use VLANs as source and destination on the firewall rule.

 

I have used those in many organisations, but now for one new Meraki organisation I can't do that for some reason.

 

Any tips?

Labels:
0 Kudos
1 Accepted Solution
Jyrki_Halonen
Getting noticed
‎Oct 28 2024 6:06 AM
‎Oct 28 2024 6:06 AM

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

View solution in original post

4 Replies 4
MartinLL
Building a reputation
‎Oct 28 2024 5:40 AM
‎Oct 28 2024 5:40 AM

The VLAN object feature only works if your VLAN is only enabled for IPv4 last i checked. Try to disable IPv6 on the VLAN and see if it allows you to use VLAN objects then.

MLL
In response to MartinLL
Jyrki_Halonen
Getting noticed
‎Oct 28 2024 6:06 AM
‎Oct 28 2024 6:06 AM

VLAN can have both IPv4 and IPv6 and still VLAN rula can be used.

But I found the answer for this: it is related to MX with warm spare:
"IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed."

0 Kudos
Jyrki_Halonen
Getting noticed
‎Oct 28 2024 6:06 AM
‎Oct 28 2024 6:06 AM

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

In response to Jyrki_Halonen
Jyrki_Halonen
Getting noticed
‎Oct 28 2024 6:17 AM
‎Oct 28 2024 6:17 AM

This is quite annoying feature

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.