IP Forwarding trouble - hosts can't talk to hosts on a different vlan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-16-2015 03:14 AM
I have a x450e-24p I picked up recently and am trying to configure it as my core switch. I have two Vlans, BNS-MGMT and BNS-Net, that need to communicate. I have tagged both vlan's but all ports are left untaghed. BNS-MGMT 10.1.20.1 tag 20 Ports 17 & 18 untagged BNS-Net 10.1.30.1 tag 30 Ports 9-16 untagged BNS_Net has DHCP enabled with a range of 10.1.30.100 - 10.1.30.199/24. Default gateway is assigned vlan switch IP (10.1.30.1) BNS_MGMT does have the default gateway assigned at 10.1.20.1. DHCP is not enabled. There is only a sonic wall with a static IP 10.1.20.5/24. IP Forwarding is enabled on each vlan. The sonic wall can ping the switch address on its own network (10.1.20.1). The switch can ping it. The switch can ping all nodes on all vlan's. I have a host on BNS-Net (10.1.30.100/24) that can ping the switch's IP on the BNS-MGMT network and the BNS-NET network. However, it cannot ping the firewall (10.1.20.5). The firewall cannot ping it either. What am I missing here? I don't think RIP is necessary here when I'm on a single switch. I'm using the "VR-Default" router.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-16-2015 04:01 AM
Hi Brian,
If 10.1.20.10 can reach 10.1.30.1, then the AP has a gateway to reach any other network and that is 10.1.20.1. Similarly, are you able to reach 10.1.20.1 from 10.1.30.100? If not, please check if the default gateway is configured. Trunking is not necessary to the link connecting to the firewall as switch is acting as Layer 3. However, each host in the network should know how to reach other subnets with default gateway pointing to the switch VLAN IP address.
Hope this helps!
P.S. If these hosts are windows PCs, just check if the ping is allowed by the firewall..
If 10.1.20.10 can reach 10.1.30.1, then the AP has a gateway to reach any other network and that is 10.1.20.1. Similarly, are you able to reach 10.1.20.1 from 10.1.30.100? If not, please check if the default gateway is configured. Trunking is not necessary to the link connecting to the firewall as switch is acting as Layer 3. However, each host in the network should know how to reach other subnets with default gateway pointing to the switch VLAN IP address.
Hope this helps!
P.S. If these hosts are windows PCs, just check if the ping is allowed by the firewall..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-16-2015 03:42 AM
As Zdenek wrote, the hosts routing tables are the likely issue here. The forwarding of packets on the switch can be verified with the "show ipstats" command, but I am willing to bet that the switch is forwarding OK.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-16-2015 03:31 AM
Have you configured the default route in firewall?
Check the appropriate routes are configured on firewall for this subnet.
Check the appropriate routes are configured on firewall for this subnet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-16-2015 03:20 AM
Check routing table on your firewall. Seems as those user subnets are not known to your firewall.
Regards
Zdeněk Pala
