Source IP ANY destination 10.0.0.0/8

EddyCan
Just browsing

Source IP ANY destination 10.0.0.0/8

Hi everyone,

 

I would like a confirmation about security rule on Meraki MX64.

When I apply an ANY in Source IP address for example, which means that all subnets or IP address are authorized or only the subnets configured on my MX64 ?

If I have 2 VLans configured with 10.50.10.0/24 and 10.50.11.0/24, the ANY source IP address take only these 2 subnets ?

 

Thanks in advance for your answers.

4 REPLIES 4
jdsilva
Kind of a big deal

Hi @EddyCan ,

 

Any means any. Do you have reason to think it doesn't?

Hi @jdsilva

 

First of all thank you for your answer. 

I would like to challenge my network teams because it confirms me that source ANY only concerns the subnets configured locally on the Meraki mx64. 

I'm not be able to find any reason and any document on Meraki website that explain this. 

I don't want to open wide and not control the traffic properly. 

 

Thanks in advance. 

 

I believe ANY means any IP which traverses it as a L3 router. For example if you had a downstream switch, ANY on the MX would not apply to layer 2 adjacent traffic. Also, ANY on the MX is both for subnets local to the MX and any subnets coming over autovpn.
Uberseehandel
Kind of a big deal

If you wish to use a single sub-net address, to simplify the rule, then rather than 

 

10.50.10.0/24 and 10.50.11.0/24

 

try using

 

10.50.10.0/23

 

But you can't get too clever with this, the Dashboard doesn't like it.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels