Meraki

Community

Local IP and implementing transit vlan

Solved
PeteStan
Here to help
‎May 8 2019 9:14 AM
‎May 8 2019 9:14 AM

Local IP and implementing transit vlan

Currently our Sonicwall firewall is directly connected to our Meraki MS425 core switch. The Sonicwall is in the same vlan as the corp data vlan, with a default route on the Meraki to the IP of the LAN interface of the Sonicwall.

In preparation for a firewall upgrade to a Palo Alto, I am going to be implementing a transit vlan to the firewall and am wanting to know if the local IP of the MS425 will need to change to an IP in the transit vlan. The local IP is currently in the corp data vlan.

I would lab this up to test, but don't have spare equipment right now.

 

Example: Corp data vlan 172.30.0.0 /24 vlan 1

Firewall IP: 172.30.0.254

SVI on Meraki core: 172.30.0.1

Local IP of core: 172.30.1.2

 

Transit vlan 10.0.0.0 /29 vlan 100

SVI of Transit vlan on Meraki: 10.0.0.1

New IP of Sonicwall LAN interface: 10.0.0.2

 

 

Thanks,

Pete

 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 8 2019 3:16 PM
‎May 8 2019 3:16 PM

Note that the layer 3 Meraki switches have both a management IP address used for talking to the cloud, as well as a layer 3 IP address which is used for routing.  These must both be in the uplink/transit vlan.

 

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing#Notes_regardi...

View solution in original post

3 Replies 3
GIdenJoe
Kind of a big deal
Kind of a big deal
‎May 8 2019 11:31 AM
‎May 8 2019 11:31 AM

If you want to keep management inline you'll have to use 10.0.0.1 IP as local IP on the switch and use 10.0.0.2 as default gw.
Do mind if you have a switch stack you'll need to have a big enough subnet to support all stackmembers and the SVI of the stack.

I never used an out of band solution for this since it gave me some headaches keeping the routing separate from the management.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 8 2019 3:16 PM
‎May 8 2019 3:16 PM

Note that the layer 3 Meraki switches have both a management IP address used for talking to the cloud, as well as a layer 3 IP address which is used for routing.  These must both be in the uplink/transit vlan.

 

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing#Notes_regardi...

In response to PhilipDAth
PeteStan
Here to help
‎May 8 2019 4:04 PM
‎May 8 2019 4:04 PM

Hi PhilipDAth,
Thanks for the confirmation.
I actually found an old TZ400 in our storeroom, so was able to lab this up with 2 Meraki switches (MS350 and 320) about 2 hours ago, and confirm what I suspected and you had confirmed.
The SVI I created was already in the transit vlan, and I left the management IP unchanged (what I was referring as the local IP), and changed the default route to the new sub interface I created on the Sonicwall (10.0.0.2). As soon as I did this I lost internet connectivity. After changing the management IP to 10.0.0.3 and vlan tag to 100, it worked.

Thanks for your assistance and confirmation 🙂

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.