Disable Layer 3 firewall rules for dry vlan

victorsanchez
Conversationalist

Disable Layer 3 firewall rules for dry vlan

Hello all,

Is it possible to disable Layer 3 firewall rules for a dry vlan. The idea is to have a dry vlan that works as a dry vlan (e.i. not L3 interaction at all). Just a "cable" connecting two offices without any interaction with the rest of the network.

 

I have set it on the switchports and it works fine, however for the SSID L3 rules are being applied and blocks the traffic. 2021-01-20 10_27_50-Firewall & traffic shaping - Meraki Dashboard — Mozilla Firefox.png

With any standard switch a dry vlan doesn't play any role on L3 level.

2 REPLIES 2
GreenMan
Meraki Employee

To my knowledge, there's no way to remove the firewall function from the MR traffic processing chain.   I'm guessing the SSID in question may be configured in NAT mode (because the default Destination:Local LAN is a deny - that mode is designed for Guest users)   You can, of course, set that to Allow but, if you want to use the most 'natural' setup, you would use bridge mode, for the SSID (configured under Wireless > Acess control).  For 'Dry' you definitely don't want the clients behind a NAT.

As the question relates to MR Access Points, I'd suggest this thread be moved to Wireless LAN

Hi GreenMan,


Thanks for your reply. Actually I have it set to bridge.

 

The allow rule to 192.168.0.0/16 I set, is to make work for now, but the issue is that the ranges might overlap with some future development in the network. I would need the range of the client to be completely independent from my network. This is why I created a dry vlan for him.

 

2021-01-20 11_25_04-Access Control Configuration - Meraki Dashboard — Mozilla Firefox.png

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels