Good video, yours was the only one I seen that explained that the config of vlans on a FW need to be reflective to a SW in order for vlan routing to be successful. Maybe it was common sense but thank you for your break down
@itbestpractice2741
Жыл бұрын
Hi Keith, I'm glad the video was helpful to you. Yeah, as you keep expanding the network you need to keep in the mind the vlan on the truck and access ports.
@niitian1990
8 ай бұрын
when i have 2 MX BOX with warm spare - routed, and terminated on the 1 single switch. then what would be the uplink configratuiion from switch towards meraki firewall.
@bluesriderDF
Жыл бұрын
Thank you for videos like this. I have a PC network on Port 1. I want to switch from Single LAN to VLANs, so that I can add a VoIP phone network on Port 2. All the endpoints on each port will belong to the same subnet, so I will not have endpoints with different VLANs on the same switch. In this case, I would only need to config VLANs on the Meraki, not on the downstream switches, right?
@itbestpractice2741
Жыл бұрын
Hello BluerideDF. help me understand your question better. For starters you are referring to the configuration on the MX, right? All the ports have the default configuration (all in the native vlan), and you want to have the pc (vlan) network on port 1 ( on the mx), and phones on port (vlan) network on port 2. And you will connect downstream switches to port 1 and 2 correspondingly, Right? If that's the case, you don't need to configure the downstream switch's ports with vlan tagging. I hope it helps.
@bluesriderDF
Жыл бұрын
@IT Best Practice Yes, the way you described it is correct. Thanks much!
@Jacob1701
Жыл бұрын
Did you have to create a firewall rule in the MX to allow Vlan 5 to be able to ping Vlan 50?
@itbestpractice2741
Жыл бұрын
Hi Jacob, traffic is allowed by default. If you want to restrict it that's when you create a L3 FW rule.
@Jacob1701
Жыл бұрын
@@itbestpractice2741 OK. I just thought vlans did not allow traffic by default and that was one of their purposes. Thanks, I did not know vlan's can communicate by default
@itbestpractice2741
Жыл бұрын
Meraki's default behavior is to allow inter vlan routing by default, but other vendors may restrict all traffic inter vlan routing unless explicitly allowed. For instance, that's the case of cisco ASA FW where inter vlan traffic is restricted.
@Jacob1701
Жыл бұрын
@@itbestpractice2741 I see. Maybe I learned that in my cisco class a long time ago was because of the ASA. It has been awhile since I studied the subject. I think Meraki should have it denied by default since Vlans are usually used to segregate them so why let them talk? Thanks for this useful info.
@shajiuddin1581
Жыл бұрын
Hi, really helpfull video, do you take 1:1 class to teach meraki? please
@itbestpractice2741
Жыл бұрын
I'm glad the video was useful to you. Sure, we can talk about 1:1 meraki training.
@jayclas4023
Жыл бұрын
You make a few mistakes but I understood what you meant.. around 5:25 you said port 1 on the firewall and port 8 of the firewall which should’ve been port 8 on the switch. Then you said port 1 on the firewall and port 1 on the switch😆 I’m sure you mean port 8 on the switch. Got a beginner I’m sure you totally confused them🤦🏽♂️
@itbestpractice2741
Жыл бұрын
thanks for pointing out Jay, I'll try to add a comment to the video to point out the mistake
Пікірлер: 15