VLANs cannot obtain group policies on Meraki MX

Karlo_nico23
Here to help

VLANs cannot obtain group policies on Meraki MX

Hello Team ,

 

Why do our VLANs cannot obtain the group policies we have created. Unless we access the firewall and manually assigned the group policy. We are using Meraki MX. 

9 REPLIES 9
PhilipDAth
Kind of a big deal
Kind of a big deal

Is the MX the default gateway for the VLANs concerned, or is it some other device?

Yes sir . the MX is the default gateway

What makes you think the group policy is not being applied?

 

Are you applying it to the VLAN itself, or to machines in the VLAN?

Upon checking the Monitor>Clients the user under that VLAN the policy that was obtain is normal.

How are you applying the group policies to users?

 

Is it applied to the VLAN itself?

Perhaps manually to the machines?

Perhaps via AD integration?

Perhaps via a splash page?

It is applied to the VLAN itself and the clients who got the IPs from that VLAN did not get the group policy assigned to the vlan.

@PhilipDAth did all the heavy lifting on this one... But I'll bring this on home. 

 

When you have GP's assigned to a VLAN they won't show up on the clients in the clients page. However, if you test it out you will see that the settings in the GP are indeed enforced on any client that is on that VLAN.

 

It's a bit unintuitive, and makes for a gotcha when you're troubleshooting, but that is the way it is. It sorta makes sense if you think that the VLAN is actually applied to the VLAN as opposed to a client, and the policy specified is enforced on all traffic that the MX sees on that VLAN. Technically, since the VLAN is not applied to a client, it shouldn't show up on the clients page.

Hello sir,

So you mean that the GP should be working however it would reflect under Policy column in Client page as Normal?

That is correct.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels