Hi,
I don't want all clients to be able to access each other.
Only clients defined by me should have these rights.
Do I always have to create rules for both directions?
it does not work like that
With this setting it works
I am a bit surprised because I only have to configure one direction in the appliance firewall.
I hope you can briefly explain the differences.
Thanks a lot
Solved! Go to solution.
I noticed this:
ACLs configured on Meraki switches operate statelessly: each packet is evaluated individually. Thus while traffic may be allowed in one direction, the response can still be blocked. When creating ACL rules, it is important to keep this in mind and create rules that allow desired traffic in both directions.
So you really need to create in both directions.
No, it's not necessary to create on both directions.
https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation
Hi alemabrahao,
then I don't understand something correctly.
I would like to block the clients in the subnet 10.99.28.0/24 from accessing each other. Only 10.99.28.2 should have access to 10.99.28.3.
Here are the two clients with the following rules:
and now I have deleted a rule
The most specific rule should be at the top.
Your rule looks ok. But what is the source IP that you are testing?
A question, what is the network gateway? Is it switch itself? If not, you must create the ACL on the device that is the network gateway.
Delete
Sorry, I didn't read your whole post.
I test the connection in both directions
The gateway is on the switch where I also configure the ACL.
The DHCP server is on the MX. But that should not matter
I noticed this:
ACLs configured on Meraki switches operate statelessly: each packet is evaluated individually. Thus while traffic may be allowed in one direction, the response can still be blocked. When creating ACL rules, it is important to keep this in mind and create rules that allow desired traffic in both directions.
So you really need to create in both directions.
Ah ok I didn't read that. But I already thought so.
Thanks a lot