Swapping in MX84 to replace SonicWALL TZ

OopsCymru243
New here

Swapping in MX84 to replace SonicWALL TZ

Hi:

In one of our sites we hot-swapped a SonicWALL TZ for a brand new shiny MX84.  The site has a Windows Domain Controller with DHCP, all laptops are domain attached, and there is a number of iPads/iPhones.  They mostly connected over site-to-site VPN to the HQ to access an IIS based application.  

 

After staging the MX at a testing area, the guys set it beside the TZ and once it booted, live moved the cables from old device to new.

 

All seemed well. Tunnel established with the MX250 at HQ (in VPN concentrator mode) and my laptop connected back over VPN and also out the local Internet fine. All working perfect - latency etc. just as expected.

 

However - many of the local laptops and all the iPads and printers needed a change of IP address to be able to access anything.  Some clients could ping everything back at HQ - EXCEPT the IIS server; and so were not able to access the application. Changing the IP address (same subset, just a previously unused address) seemed to fix it (mostly)

 

Now - for my next site we don't have enough free scope in DHCP to change ALL the addresses - its a much bigger operation.

 

Looking for a good process to switch over from TZ to MX without having to change every IP address!!

 

Thx

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

You really should not have had an issue because the DHCP was being done by Windows, and their should not have been any conflict.

 

Are you sure DHCP is disabled on the MX84?

 

 

Otherwise if their is a change in DHCP what I would normally do is drop all the switches and access points, so everything has to do a DHCP renew, and get a new IP address.

Yes - sure the Meraki was not doing DHCP - just changing IP seemed to fix the issue.

 

I am thinking that the issue is somehow ARP related as the Meraki has the same IP address as the SonicWALL TZ had, becuase all client use this as the default-gateway.  So- same IP, different MAC, of course.  Now if that messes up IIS or something I could understand I guess... although some devices were just fine. . .

 

 

If it was ARP then you could resolve it by doing a ping from the MX84 to any client with connectivity issues - or power cycle all the switches.

Indeed - That's what we did - but still able to ping everything - EXCEPT the one server back over the VPN in HQ that runs "THE" application. Crazy.  I think waiting long enough for 'something' to time out worked but we cannot usually afford to be purposely down for that long !

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels