block inter-vlan but share a printer and a nas

Solved
mishcazzulani
Here to help

block inter-vlan but share a printer and a nas

hello

i have 2 vlans: 10.0.0.0/24 for production and 10.0.1.0/24 for guests

i'd like to block inter-vlan traffic and share a printer (10.0.0.50) and a nas (10.0.0.10) between the 2 vlans

i configured the mx as shown in the screenshot: 

 

Immagine.pngthe problem is that from a guest computer i can see the nas but not the printer.

1 Accepted Solution
mishcazzulani
Here to help

sorry guys i've got it....

 

the printer had a wrong gateway configured....

View solution in original post

11 Replies 11
Mr_IT_Guy
A model citizen

A couple of things to try that always work for me:

  • When setting up allow/deny rules, put allow rules up top and deny at the bottom
  • When granting access to a single host, use a /32 on the host versus the /24

 

Doing these two things usually allow me to make my exceptions with zero issues.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
mishcazzulani
Here to help

thank you @Mr_IT_Guy for the suggestion but it doesnt work 😞

NolanHerring
Kind of a big deal

Are these guests on the wireless or hardwired?

If wireless, you'll need to check the MR firewall settings too
Nolan Herring | nolanwifi.com
TwitterLinkedIn
mishcazzulani
Here to help

they are on the same wired network

NolanHerring
Kind of a big deal

Try this and let us know results:

 

try_this.JPG

Nolan Herring | nolanwifi.com
TwitterLinkedIn
mishcazzulani
Here to help

that's what @Mr_IT_Guy  suggested, i already tried it but nothing changes!

NolanHerring
Kind of a big deal

it might not be instant but that is how you would do it. I would give it some time for new flows to kick in etc.

Are the ports the devices configured on set on the correct VLAN?
Do the ports happen to have Isolation enabled?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
mishcazzulani
Here to help

yes all the ports are configured on the right vlan and no isolation. 

 

the nas port and the printer one are configured in the same way

NolanHerring
Kind of a big deal

Any of the clients have group-policies applied that might be overriding default firewall rules?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
mishcazzulani
Here to help

sorry guys i've got it....

 

the printer had a wrong gateway configured....

NolanHerring
Kind of a big deal

Glad you got it working 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels