Please excuse the brain-dump - trying to solve a problem that's had be running around in circles for an entire day!
TL;DR - Clients on two networks separated by a L3 switch can see and ping eachother, but only VLAN 99 can access the Internet, despite a default gateway being set (and routable) on the switch. Packets end up reaching the gateway and go no further, proven by traceroutes.
VLANs:
- 192.168.50.0/24 (Legacy - VLAN 99)
- 10.50.1.0/24 (New - VLAN 1)
Kit:
- SonicWALL NSA220 with a LAN interface on 192.168.50.1 and a WAN address. The SonicWALL is configured to NAT all LAN addresses to the WAN.
- HP 2920 Layer 3 switch, with interfaces on 192.168.50.254 and 10.50.1.254 and default gateway set to 192.168.50.1.
Default gateways:
- VLAN 99: 192.168.50.1 (SonicWALL)
- VLAN 1: 10.50.1.254 (HP)
Implementation details:
- I have pushed a static route via DHCP for 10.50.1.0/24 with the gateway 192.168.50.254 to avoid ICMP redirects from the SonicWALL to 2920.
- I have 10.50.1.0/24 statically routed to 192.168.1.254 and zoned as a LAN network on the SonicWALL.
Routing table on the 2920:
core-switch-01# show ip route
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.50.1 99 static 1 1
10.50.1.0/24 MGMT 1 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.50.0/24 OLD_NET 99 connected 1 0
Please comment if anyone needs further detail.
The SonicWall needs a route to the 10.50.1.0/24 network via 192.168.50.254. 10.50.1.0/24 is not directly connected to the SonicWall so it has no idea how to route traffic back to that network.
Also, I don't understand this statement:
I have pushed a static route via DHCP for 10.50.1.0/24 with the gateway 192.168.50.254 to avoid ICMP redirects from the SonicWALL to 2920.