03-29-2024 09:40 AM
Hello, this is most likely a firewall problem but I wanted to ask here before I go that route.
I have 2 locations that are connected with the same fiber run. The primary site has an MX250, and 3 stacks of 2960x switches each with 3-4 switches in the stack. We need to setup a separate VLAN/network for guests that does not touch production at the off-site location.
I made a DHCP scope of 10.x.x.x on my MX250 with a /24 subnet. DNS is just going through 8.8.8.8 / 8.8.4.4. I tagged it with VLAN 9.
My main stack with the uplink to the Meraki has a port tagged with VLAN 9, it's configured as such:
interface Vlan9
description Wired Guest
ip address 10.101.9.1 255.255.254.0
ip helper-address 10.101.9.254
I've confirmed on a separate port on this stack that I'm able to get DHCP from it, everything works. When I switch to my off-site location, plug in, and add a port to VLAN 9, I get nothing. I can't ping the 10.101.9.x addresses, and renewing my IP gets me no results. I've assigned a static 10.101.9.29 IP to my device and still can't reach it.
This "shouldn't" be touching our firewall, but before contacting our security team I wanted to make sure logistically that everything makes sense here. Am I missing any other factors?
Thanks.
03-29-2024 12:19 PM - edited 03-29-2024 12:20 PM
Some information not clear ?
IP configured main switch - 10.101.9.1 (on Meraki what ip configured - can they able to ping each other - before we go to DHCP issue ?)
DHCP Server running on MX device have IP address 10.101.9.254 ?
make sure your subnet matches also when you configuring the DHCP Server.
if the end device configured 10.101.9.29 with subnet 255.255.254.0 - that should ping - 10.101.9.1 (since Switch hold the SVI IP address.
can you post show run from 2900 switch and provide what port connect to meraki.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide