Meraki

Community

How can i make a Vlan see other Vlan? (MX64)

Solved
Vbrites
Getting noticed
‎Oct 19 2022 12:33 PM
‎Oct 19 2022 12:33 PM

How can i make a Vlan see other Vlan? (MX64)

Hello!

 

I have an Meraki MX64 and I've just started to separete my network in Vlans. However, I would like to know how I can make an Vlan A to be able to talk to Vlan B.

 

For exemple: 

- my NAS needs to be in a different Vlan from productivity macs so I can block external access to the NAS, however, I want the "PRODUCTION Vlan" to be able to access my NAS.

 

I think that one solution would be to make the macs part of the two Vlans. But I dont like this ideia, since it seems to be more a bad alternative than an inteligent solution.

0 Kudos
1 Accepted Solution
In response to alemabrahao
Vbrites
Getting noticed
‎Oct 21 2022 6:13 AM
‎Oct 21 2022 6:13 AM

Thank you very much for your extreme proactivety to help me!

Well, I found the problem. The Macs and swtiches configurations was ok, but I found out that MACs have problems with inter-Vlan connection because they kind of lost DNS direction, when dealing with multi subnets, since they use Bonjour protocol. So the solution was to enable "Bonjuour Forwarding" to every Vlan and every service on Meraki dashboard!!!

"Bonjour forwarding enables interVLAN communication between Bonjour devices and applications on your LAN. Natively, Bonjour functions on a single subnet; Bonjour forwarding removes this limitation by forwarding the multicast DNS traffic between the client and service VLANs as  needed."

https://documentation.meraki.com/MX/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_...

https://documentation.meraki.com/MX/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_...

Well, the problem is solved. But I still wonder if adding other DNS configs to every individual MACs can also solve this problem. Thank you everybody!

View solution in original post

13 Replies 13
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 19 2022 12:56 PM
‎Oct 19 2022 12:56 PM

Hi ,

 

Please refer to this documentation to create vlans on a MX : https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia...

 

By default , inter-vlan routing is enabled and there are no firewall rules blocking the trafic. You might need to check that also : https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Using_Layer_3_Firewal...

0 Kudos
In response to RaphaelL
Vbrites
Getting noticed
‎Oct 19 2022 1:06 PM
‎Oct 19 2022 1:06 PM

Thank you for your help!

 

RaphaelL, I've already created an layer 3 allow rule, but this was not able to allow the comunication between the two Vlans. The rule that I created was this:

 

outbound: 
ALLOW -> any protocol -> 10.0.1.0/24 (vlan A) -> any protocol -> 192.168.0.0/24 (vlan B) -> any port
ALLOW -> any protocol -> 192.168.0.0/24 (vlan B) -> any port -> 10.0.1.0/24 (vlan A) -> any port

 

Untill now, its not beeing allowed Vlans to see computers in others Vlans, unless the COMPUTER X belongs to the same vlan than COMPUTER Y

0 Kudos
In response to Vbrites
alemabrahao
Kind of a big deal
‎Oct 19 2022 1:22 PM
‎Oct 19 2022 1:22 PM

Probably It's the Windows firewall, try to disable the Windows firewall.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Oct 19 2022 1:25 PM
‎Oct 19 2022 1:25 PM

And unsure that you configured the default gateway on your NAS network settings.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Vbrites
Getting noticed
‎Oct 19 2022 1:28 PM
‎Oct 19 2022 1:28 PM

It's not a windows, it's a Mac. 😞

 

I created the Vlans already, and created the firewall layer 3 outbound rule to allow communication between those subnets through any protocol, but it's still not working. What did I miss? 

0 Kudos
In response to Vbrites
ww
Kind of a big deal
Kind of a big deal
‎Oct 19 2022 1:38 PM
‎Oct 19 2022 1:38 PM

Check the gateway of the nas and client if its the correct gateway ip,(mx vlan ip) like @alemabrahao suggests.  

 

Also let us know what protocol is used for this session, and how you access it ,by name/ip?

0 Kudos
In response to RaphaelL
Vbrites
Getting noticed
‎Oct 19 2022 1:48 PM
‎Oct 19 2022 1:48 PM

My friend, I forgot to tell. My setup has a Switch manageable no layer 3.

 

My macs are connected to a switch and then the switch is connected to the Meraki. Maybe this is the problem. Is there a configuration that I need to do? Maybe the switch is not routing the packages correctly between Vlans. 

0 Kudos
In response to Vbrites
alemabrahao
Kind of a big deal
‎Oct 19 2022 2:13 PM
‎Oct 19 2022 2:13 PM

Yes definitely, because you have to create VLAN on the switch and then configure the VLAN on ports, but your switch is not capable to do that.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Oct 19 2022 2:15 PM
‎Oct 19 2022 2:15 PM

It's a layer 2 issue. I suggest you read some articles.

 

https://www.geeksforgeeks.org/virtual-lan-vlan/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Vbrites
Getting noticed
‎Oct 19 2022 3:21 PM
‎Oct 19 2022 3:21 PM

Actually my switch allows Vlan creation, but not routing. Its model is SG220-26. The physical port is configured as Trunk and allows all vlans as tagged. Is thre other thing that i need to do?

0 Kudos
In response to Vbrites
alemabrahao
Kind of a big deal
‎Oct 19 2022 3:59 PM
‎Oct 19 2022 3:59 PM

Have you created the VLANs  on switch? Have you configured the access VLAN on ports that client are connected? The switch are configured as a L3 switch or L2 switch? Can you share the switch configuration?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Oct 20 2022 2:48 AM
‎Oct 20 2022 2:48 AM

 

Look at this example:

The MX Is the router, so on the switch L2 you just need to create the VLANs then configure a trunk port between the MX and the Switch, and the access port for your hosts on target VLAN.

 

 

Topologia Lógica - Localidades.jpg

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Vbrites
Getting noticed
‎Oct 21 2022 6:13 AM
‎Oct 21 2022 6:13 AM

Thank you very much for your extreme proactivety to help me!

Well, I found the problem. The Macs and swtiches configurations was ok, but I found out that MACs have problems with inter-Vlan connection because they kind of lost DNS direction, when dealing with multi subnets, since they use Bonjour protocol. So the solution was to enable "Bonjuour Forwarding" to every Vlan and every service on Meraki dashboard!!!

"Bonjour forwarding enables interVLAN communication between Bonjour devices and applications on your LAN. Natively, Bonjour functions on a single subnet; Bonjour forwarding removes this limitation by forwarding the multicast DNS traffic between the client and service VLANs as  needed."

https://documentation.meraki.com/MX/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_...

https://documentation.meraki.com/MX/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_...

Well, the problem is solved. But I still wonder if adding other DNS configs to every individual MACs can also solve this problem. Thank you everybody!

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.