WIFI and LAN Communication issue on Meraki Security Appliance MX-250

Yash_03
Here to help

WIFI and LAN Communication issue on Meraki Security Appliance MX-250

Hi Folks,

 

Can some one pls help out here?

 

There is an issue with communication between our WiFi VLAN (VLAN 60) and Data VLAN (VLAN 70). All SVI and DHCP is configured on MX-250 Security appliance where no security policies applied on MX-250 (only default policy any to any is allowed). after some t-shooting here are the observations:

  1. WiFi subnet (VLAN 60) cannot reach LAN subnet (VLAN 70) for machines with Windows OS and printers.
  2. WiFi subnet (VLAN 60) can reach LAN subnet (VLAN 70) for machines with macOS.
  3. WiFi subnet (VLAN 60) can reach other LAN subnets.
  4. LAN subnet (VLAN 70) can reach WiFi subnet (VLAN 60).
  5. LAN subnet (VLAN 70) can reach other LAN subnets.

 

It would be great help if someone can help me in this scenario.

 

Thanks in advance!!!

 

6 Replies 6
KarstenI
Kind of a big deal
Kind of a big deal

Sounds like if the Windows firewall is blocking incoming connections.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Yash_03
Here to help

Yes, I have turned off the Windows Firewall settings, but still encountering the same issue.

KarstenI
Kind of a big deal
Kind of a big deal

Capture the problematic traffic on the MX LAN-side to see if the traffic is entering and leaving the MX.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

Double check that hosts on the WiFi and LAN subnet are using the correct subnet mask and default gateway.

IvanJukic
Meraki Employee
Meraki Employee

Hi @Yash_03,

Sounds like Asymetric path selection is happening here. I'm assuming you have a Switch connected to the MX firewall to service all these VLANs and Hosts. If so, I would recommend confirming the ports on the MX and any downstream switch have the VLAN configuration matching .i.e. Same Trunk details (Native VLANs & Tagged VLANS) or Access VLANs etc.

The MX LAN ports do not behave like regular Switch ports. See below guide for further details.

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality

 

 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
GIdenJoe
Kind of a big deal
Kind of a big deal

If you capture on the MX LAN side you should have each packet twice in the capture.
Once with the source MAC address of the device in VLAN 60 and the MX as destination.  And the second time with the MAC address of the MX as source and the windows/printer device in VLAN 70.  If you see those packets twice, then the MX is forwarding correctly and you are experiencing issues on the switched network or on the end hosts.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels