Skip to main content
Cisco Meraki

All VLANS can ping the Cisco Meraki AP's LAN Interface

By design, all devices connecting through a Meraki AP can ping the AP's Management Interface, even if they are on different VLANs.

This can be disconcerting when administrators expect ICMP traffic to be denied by their Inter-VLAN routing rules.

For example, a computer connected to a Guest SSID on 172.16.1.2 will be able to ping and AP with an IP address of 10.1.10.1, even if there are Deny Permissions set on the upstream router.

See Diagram:

fb619762-f460-4397-8c9f-ada589c42e7a

All other communication will follow the rules of the Inter-VLAN router.

For additional security, you can set the My.Meraki.com password by following this Knowledge Base Article:

Change My.meraki.com and Wired.meraki.com password

  • Was this article helpful?