Hello there,

I configured VLANs with Mikrotik CRS326-24G-2S+ and Meraki MX64. Here, I set up Meraki as the router, which also creates VLANs. Meanwhile, I use Mikrotik as a distribution switch. The issue I encountered is that some VLANs cannot communicate with other VLANs. For example:

VLAN2 and VLAN14 can communicate with each other, both between gateways and between users directly from Mikrotik, and I've tested communication from users as well.
However, VLAN9 and VLAN14 cannot communicate with each other. I've tried pinging from users and Mikrotik directly; VLAN14 can ping the VLAN9 gateway, but the IP addresses of users in VLAN9 cannot communicate.
Even though I've matched all the settings, both in the bridge, ports, and VLANs in interfaces. Also, in Meraki, the DHCP configurations are the same with no differences. Where do you think the problem might be located?

Well if the MT is solely acting as a switch it should have nothing to do with L3 access.

I have found the issue. When I activate the firewall on each computer and enable 'Allow edge traversal,' users can ping between VLANs. The question is, what should I do on MikroTik so that I don't have to configure the firewall settings individually on all computers?

The question is, what should I do on MikroTik so that I don't have to configure the firewall settings individually on all computers?

Since computers block traffic to/from other IP subnets, the only thing you can do on MT is make computers believe they're communicating with members of own IP subnet even if they're not. NAT allows that (both SRC-NAT and DST-NAT will have to be deployed).

IMO idea of doing it is terrible.

Hi there,

It sounds like you've encountered a specific communication issue between VLANs on your Mikrotik and Meraki setup. While it's difficult to pinpoint the exact cause without further details, here are some areas to investigate:

1. VLAN Trunking (Meraki): Double-check if VLAN trunking is enabled on the Meraki ports connected to the Mikrotik. This allows carrying multiple VLANs over a single physical link.

2. Port Isolation (Mikrotik): Ensure port isolation is disabled on both the Mikrotik and Meraki ports involved. This feature isolates ports and prevents communication between them, even within the same VLAN.

3. Security Policies (Meraki): Verify there are no firewall rules in the Meraki blocking traffic between VLANs. Check for rules that might restrict communication between specific IP addresses or protocols.

4. Mikrotik Routing: If your Mikrotik acts as a Layer 3 device (router) for some VLANs, ensure proper routing configuration exists to direct traffic between VLANs.

5. VLAN ID Mismatch: Make sure the VLAN IDs are consistent across both devices. Any discrepancies can lead to communication issues.

Additional Tips:

Try temporarily removing VLANs from one device and see if communication improves, helping to isolate the source of the problem.
Review the logs on both devices for any error messages related to VLAN communication.
Consider consulting the official documentation or forums for both Mikrotik and Meraki for troubleshooting specific configurations.
By systematically checking these areas and referring to detailed documentation, you should be able to identify the root cause of the communication issue and resolve it effectively.