Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About JonathanShapiro

Re: Blocking routing between VLANS on my MX

by in Security & SD-WAN
5 hours ago
5 hours ago
Thanks for all the suggestions.  I wonder if I just didn't wait long enough when applying the policies to test.  I stopped and retried pings, but I only waiting about 2 minutes or so.  From what you are saying, it might have to be 10 minutes or more or possibly even a reboot to kick in.  This makes testing pretty hard. ... View more

Re: Blocking routing between VLANS on my MX

by in Security & SD-WAN
Sunday
Sunday
I have a Cisco switch downstream of this router.  I created an ACL and applied it to the incoming port on my switch from the Meraki.  This is accomplishing what I'm after and couldn't seem to do at the MX.  I'm blocking the camera subnet from coming into the switch. ... View more

Re: Blocking routing between VLANS on my MX

by in Security & SD-WAN
Sunday
2 Kudos
Sunday
2 Kudos
Thanks for the quick reply.  Here's the firmware version:  MX 18.211.2.  Yes, my initial thought was just to create an outbound firewall rule blocking traffic from the camera vlan to the general vlan by vlan name.  Didn't work.  I tried using the subnet IDs instead.  That didn't work.  It seems like the default allow rule may be opening up traffic even as the other rules block it.  Like I said, no matter how I structured the rule, I could ping from a PC in the camera vlan to a pc in the general vlan.  The only way I could block traffic was to override the default allow rule by placing my own custom DENY from ANY to ANY above it.  Then all outbound traffic everywhere was blocked.  Now I could begin to layer in allow rules above that.  The problem with the blanket deny rule is how do you allow the cameras to the Internet (basically everywhere) while continuing to block them from the other subnet.  Full lockdown between vlans and opening up the Internet doesn't seem possible. ... View more

Blocking routing between VLANS on my MX

by in Security & SD-WAN
Sunday
Sunday
Hello:   I have a Meraki MX75, and I have two VLANS carved out on the LAN side of the unit.  The first VLAN is for general LAN traffic.  I added a second VLAN working with a security vendor who needs a pathway to the Internet for the camera network.  I want his cameras to have Internet access but want to restrict routing between the general vlan and the camera network.  I have tried and tried, but nothing works.  I have tried creating an outbound block rule with the camera VLAN as the source and the general  VLAN as the destination.  Doesn't work.  I have tried doing same by subnet IP rather than VLAN name, and same issue.  Just to prove that any kind of outbound firewalling is possible, I wrote a block rule to block all traffic from any to any, and that got a higher priority than the default allow rule.  This does block outbound traffic.  Then I can layer in an allow rule to allow traffic from my general vlan to anywhere.  This works too.  OK great, but then the camera vlan needs Internet traffic but not access to my other vlan.  If I allow the camera network to any to allow the Internet, then it can get to the general vlan too.  So it seems like it would be possible to block the camera network from everywhere and then allow it to the general network, but probably not the other way around - allow the camera network to the Internet without allow it to the general network.       ... View more
Labels:
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.