Silly question about Wireless L3 Firewall

RaphaelL
Kind of a big deal
Kind of a big deal

Silly question about Wireless L3 Firewall

Hi ,

 

According to the documentation : https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

 

An administrator can define a set of firewall rules that is evaluated for every request sent by a wireless user associated to that SSID

 

Let's say we have a Guest SSID and the DHCP server is on the same vlan and is also the default gateway for said vlan.

 

Would a Deny IPV4 any any in the MR L3 firewall deny the DHCP renews ? DHCP renews are unicast and the destination is the DHCP server that issued the DHCP lease.

 

It's early in the morning , and my brain isn't working today 🙂 

 

Thanks ,

3 Replies 3
ww
Kind of a big deal
Kind of a big deal

Yes , you wont even get a ip.

 

You could put the deny local lan before it, that allows dhcp https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

RaphaelL
Kind of a big deal
Kind of a big deal

Ahhh I feel dumb. I didn't find that piece of documentation ! 

 

SSID is in bridge mode. Clients are receiving the DHCP leases , but it seems that the DHCP renews are failing. I will have to troubleshoot a bit more

RaphaelL
Kind of a big deal
Kind of a big deal

I really feel like I'm hitting 

  • No DHCP response error is seen after a client performs a successful L3 roam (Wi-Fi 5 Wave 2 MRs/Wi-Fi 6 MRs)  on MR 28.6

But my SSID is in bridge mode. When clients are roaming , there is really often a no DHCP response error , but I don't see any DHCP trafic . 

 

Investigating... 

Get notified when there are additional replies to this discussion.