Meraki

Dizzle · ‎Aug 22 2024

I have an acl entry that denies any/any for the assigned range (10.100.100.0/24) which is used for security cameras at one of our remote sites. Until a week ago the security camera server (20.200.200.20/32) was able to talk to the security cameras and vice versa security cameras were able to talk to the camera server. However, they were not allowed to the internet or to talk to each other. These rules were working as described above until seven days ago when they stopped working. Now as soon as I switch the deny any rule to a allow any rule communication is restored between the server and cameras.

The acl rules that were working in the past

Policy - IP Version - Protocol - Source - Src port - Destination - Dst port - Vlan - Comment

I am sure at this point I have over analyzed and complicated this simple problem.

Desperate times call for desperate desperateness.

KH · ‎Aug 22 2024

Hey @Dizzle

Have you confirmed the two are still using the exact same IP/ranges? It might be hard to tell if you are using some kind of web GUI . Can you share a PCAP from one of the ports where a server or camera lives and show what you see? If some kind of hostname is now involved, you might want to ensure you are allowing DNS as well.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

Brash · ‎Aug 22 2024

Something like this is probably best troubleshot on a call with Meraki support as they can assist checking different bits of configuration within your network and pulling captures during testing.

Meraki

Community

ACL Rule Troubleshooting (Deny/Any/Any)

ACL Rule Troubleshooting (Deny/Any/Any)