Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

same VLAN wired+wireless

braham2019
Here to help
‎Oct 11 2019 5:35 AM
‎Oct 11 2019 5:35 AM

same VLAN wired+wireless

I am trying to achieve the following using MX65 and MR33/18 AP:

I have a wired VLAN (10) for IOT devices that I don't want in my regular LAN (native VLAN). The MX hands out DHCP addresses (this works fine). I want to access the IOT VLAN from a wired or wireless device in my regular LAN, but not the other way around.  This works fine.

 

I have a separate SSID that sits in the same VLAN (10) and gets IP addresses in the same range from the DHCP server. This works fine.  The SSID is setup in bridge mode on VLAN 10. Wired and wireless devices in that VLAN can talk to each other.

 

However, I cannot access a wireless device in VLAN 10 through the LAN.

 

What am I doing wrong ?

0 Kudos
Subscribe
6 Replies 6
braham2019
Here to help
‎Oct 11 2019 5:51 AM
‎Oct 11 2019 5:51 AM

Seems I made a mistake and things work fine now. Can't delete this post.
0 Kudos
Subscribe
In response to braham2019
braham2019
Here to help
‎Oct 11 2019 6:17 AM
‎Oct 11 2019 6:17 AM

I stand corrected. Some wireless devices in VLAN 10 are reachable (pingable), others aren't...

0 Kudos
Subscribe
In response to braham2019
Nash
Kind of a big deal
‎Oct 11 2019 6:28 AM
‎Oct 11 2019 6:28 AM

What type of devices are the unpingables?

 

What are you trying to ping them from? If it's another computer, can you ping from the Meraki dashboard?

 

Do you see traffic flowing from them when you look at them in the Meraki dashboard?

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Subscribe
In response to Nash
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 13 2019 1:19 AM
‎Oct 13 2019 1:19 AM

Any chance you have "deny local LAN" configured on your WiFi network?

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_... 

0 Kudos
Subscribe
In response to PhilipDAth
braham2019
Here to help
‎Oct 13 2019 11:42 PM
‎Oct 13 2019 11:42 PM

I have tried multiple options, including the deny local LAN option on the wireless. When I enable that, also the communiction from the wired portion of the LAN to the wireless portion blocks all traffic (and not only from wireless to wired). I guess this working as designed.

 

I have the impression that my preferred setup (a single wired and wireless bridged IOT VLAN) does not seem to work with my setup.

 

Therefore, I've simply added another VLAN, and thus have one IOT VLAN for wired and one for wireless devices. That seems to do the trick for now. 

0 Kudos
Subscribe
In response to braham2019
BrechtSchamp
Kind of a big deal
‎Oct 14 2019 8:32 AM
‎Oct 14 2019 8:32 AM

I wonder if Proxy ARP is messing with your setup. I don't see any reason why your setup shouldn't work. I'd start by taking packet captures and seeing at what point packets go missing.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.