Meraki

Community

Why are Vlan objects in L3 outbound showing in HA setup as an option

Solved
YoeriOppelaar1
Here to help
‎Jan 23 2024 12:19 PM
‎Jan 23 2024 12:19 PM

Why are Vlan objects in L3 outbound showing in HA setup as an option

Hi All,

today a colleague noticed that when creating MX L3 outbound FW rules, the Vlan object option was unavailable to select. after some digging between networks where it is available the only differences I could find is related to Single Unit (standalone MX setup, where the option is visible and configurable) vs a MX HA setup ( 2MX's, option not visible)

 

I also tried to set it via the API, but this gives errors on the networks with HA setup, where with single MX setup it works fine. 

 

Anyone else noticed?

Is this a bug or what could be the reason why in HA setup the MX FW L3 are not capable of using Vlan objects? (me and my colleague where unable to think of any reason)

 

As it is not a dealbreaker yet, I didn't raise a ticket for this one. (yet)

 

Hope someone could point me in right direction. 

with regards Yoeri

 

Labels:
0 Kudos
1 Accepted Solution
FeliA
Meraki Employee
Meraki Employee
‎Jan 25 2024 3:41 PM
‎Jan 25 2024 3:41 PM

Hello @YoeriOppelaar1,

@ww is correct - IPv6 LAN capabilities are a requirement for VLAN Objects and thus not supported on HA setups at this time, as MX HA pairs do not currently support IPv6. 

This information is officially documented in the VLAN objects article below:
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide...

FeliA_0-1706225992436.png


Best,
Feli

If you found this post helpful, please give it kudos. If this answer helped solve the issue, click "accept as solution" so that others can benefit from it.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Jan 23 2024 12:41 PM
‎Jan 23 2024 12:41 PM

It has something to do with ipv6 support. 

And Warm spare doesnt support ipv6

It would be great  if  the vlan in the firewall would be available in both modes

GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jan 23 2024 1:07 PM
‎Jan 23 2024 1:07 PM

The moment you have IPv6 support on you get the VLAN objects.

The reasoning is that VLAN objects match both IPv4 and all the different IPv6 addresses a certain host has in a certain VLAN.
I really like this dynamic object and would love it if Meraki would just enable this at all times regardless of the IPv6 support state.

In response to GIdenJoe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 23 2024 8:24 PM
‎Jan 23 2024 8:24 PM

That is actually awesome.

0 Kudos
FeliA
Meraki Employee
Meraki Employee
‎Jan 25 2024 3:41 PM
‎Jan 25 2024 3:41 PM

Hello @YoeriOppelaar1,

@ww is correct - IPv6 LAN capabilities are a requirement for VLAN Objects and thus not supported on HA setups at this time, as MX HA pairs do not currently support IPv6. 

This information is officially documented in the VLAN objects article below:
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Network_Objects_Configuration_Guide...

FeliA_0-1706225992436.png


Best,
Feli

If you found this post helpful, please give it kudos. If this answer helped solve the issue, click "accept as solution" so that others can benefit from it.
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.