MS-250,225 VLAN routing issue

molodoko
Here to help

MS-250,225 VLAN routing issue

Good Morning

 

I tried to review the threads for this issue, but it seems I could not find anything similar, OR I just missed it. 

 

This might come across as a little confusing....

 

I am running a switch expansion project for a client, they currently have 2 MS-250's stacked as the Core. I am adding 2 new 250s as well as adding 225 stacks in each IDF closet, removing old Dell switches. The client has a PC and MAC network, all elements of the network (wifi, servers, workstations) all in their own VLANs. I am attempting to replicate the environment in my lab and have configured the transit network (172.16.1.0/24) on an unused interface on our SonicWALL. I have configured all the Layer3 Routing as it exists on the prod switches. But unless i am on the 172 network, I am unable to reach the internet. If i plug into say port 9 of the core and assign that port VLAN 1000, I connect. If I change it to say VLAN 3 (10.3.3.0/24) I do pull an IP address within that subnet however I am unable to traverse out. 

 

I am ready to share the configs that I have so far, and am about ready to call into support, but I think there is just 1 stupid, little thing that I am missing and was hoping one of you geniuses might be able to assist. 

 

The first image is the development in my lab (TJP-Core4) the other is Prod (TJP-CoreStack) DevelopmentDevelopmentProdProd

8 Replies 8
ww
Kind of a big deal
Kind of a big deal

Your SonicWALL knows  all the routes  to all listed subnets in your screenshot?

molodoko
Here to help

Hmmm I'm actually attempting to log into it now to see if that is the case. I mean, no it isn't cause I sure didn't do that. 

 

I'm assuming that I'll need to create those vlans as sub interfaces?

 

 

ww
Kind of a big deal
Kind of a big deal

No . You have to create static routes back to 172.16.1.5.   For example  10.3.3.0 255.255.255.0 is behind  next hop 172.16.1.5

(Or run a routing protocol like ospf).

 

 

Yes  you could also  use subinterfaces  and make a trunk  between you sonicwall and MS but thats  a different  design.

molodoko
Here to help

I am writing this reply from VLAN3!!! You are correct, I needed to create the new Address Objects in the Sonicwall and then create the routes. The problem I am now facing is DNS, I have set VLAN3 to relay to 172.16.1.1 for the DHCP scope, i do get an IP address, however, without entering 8.8.8.8 on my NIC, I am unable to resolve hosts....

Roger_Beurskens
Building a reputation

What ip adress do you get back for dns? the sonicwall?

 

Is dns allowed on the zone where  172.16.1.1 ipadres is in?

molodoko
Here to help

Thanks for your reply! 

 

I actually just figured it out, since the SW I am using is the office Prod FW, when I chose to use the current DNS settings on the SW, I ended up using DNS for the internal network here, at the office. 

 

I will be changing the scope options to use 8s or Comcast DNS

Roger_Beurskens
Building a reputation

or use umbrella/opendns 😉

 

208.67.222.222 and 208.67.220.220

molodoko
Here to help

or that
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels