Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WIFI and LAN Communication issue on Meraki Security Appliance MX-250

Yash_03
Here to help
‎Jul 28 2024 8:20 AM
‎Jul 28 2024 8:20 AM

WIFI and LAN Communication issue on Meraki Security Appliance MX-250

Hi Folks,

 

Can some one pls help out here?

 

There is an issue with communication between our WiFi VLAN (VLAN 60) and Data VLAN (VLAN 70). All SVI and DHCP is configured on MX-250 Security appliance where no security policies applied on MX-250 (only default policy any to any is allowed). after some t-shooting here are the observations:

  1. WiFi subnet (VLAN 60) cannot reach LAN subnet (VLAN 70) for machines with Windows OS and printers.
  2. WiFi subnet (VLAN 60) can reach LAN subnet (VLAN 70) for machines with macOS.
  3. WiFi subnet (VLAN 60) can reach other LAN subnets.
  4. LAN subnet (VLAN 70) can reach WiFi subnet (VLAN 60).
  5. LAN subnet (VLAN 70) can reach other LAN subnets.

 

It would be great help if someone can help me in this scenario.

 

Thanks in advance!!!

 

0 Kudos
6 Replies 6
KarstenI
Kind of a big deal
Kind of a big deal
‎Jul 28 2024 9:21 AM
‎Jul 28 2024 9:21 AM

Sounds like if the Windows firewall is blocking incoming connections.

0 Kudos
In response to KarstenI
Yash_03
Here to help
‎Jul 28 2024 9:32 AM
‎Jul 28 2024 9:32 AM

Yes, I have turned off the Windows Firewall settings, but still encountering the same issue.

0 Kudos
In response to Yash_03
KarstenI
Kind of a big deal
Kind of a big deal
‎Jul 28 2024 9:40 AM
‎Jul 28 2024 9:40 AM

Capture the problematic traffic on the MX LAN-side to see if the traffic is entering and leaving the MX.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 28 2024 1:14 PM
‎Jul 28 2024 1:14 PM

Double check that hosts on the WiFi and LAN subnet are using the correct subnet mask and default gateway.

IvanJukic
Meraki Employee
Meraki Employee
‎Jul 29 2024 12:14 AM
‎Jul 29 2024 12:14 AM

Hi @Yash_03,

Sounds like Asymetric path selection is happening here. I'm assuming you have a Switch connected to the MX firewall to service all these VLANs and Hosts. If so, I would recommend confirming the ports on the MX and any downstream switch have the VLAN configuration matching .i.e. Same Trunk details (Native VLANs & Tagged VLANS) or Access VLANs etc.

The MX LAN ports do not behave like regular Switch ports. See below guide for further details.

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality

 

 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 1 2024 10:46 AM
‎Sep 1 2024 10:46 AM

If you capture on the MX LAN side you should have each packet twice in the capture.
Once with the source MAC address of the device in VLAN 60 and the MX as destination.  And the second time with the MAC address of the MX as source and the windows/printer device in VLAN 70.  If you see those packets twice, then the MX is forwarding correctly and you are experiencing issues on the switched network or on the end hosts.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.