Solved

Can't ping secondary subnet, possible routing issue?

Posted on 2004-09-09
10
2,418 Views
Last Modified: 2012-05-05
What I thought would be a simple project has me pulling my hair out. I'm sure the answer is right in front of me, but I can't seem to find it. I'm hoping someone can help.

I have a fairly simple network set up using a layer3 switch to manage 2 subnets through 1 firewall & T1 line.

10.0.0.- subnet 1 (uses 10.0.0.1 port/ip on switch as gateway)
192.168.2.- subnet 2 (uses 192.168.2.1 port/ip on switch as gateway)
10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch

The following is the routing table BEFORE i tried adding another subnet.
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

I wanted to add a 3rd subnet, so I enabled/configured another port on the switch. The routing table now looks like this:
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
10.0.2.0                 255.255.255.0      Local       0.7              10.0.2.2             Yes   <-- new entry
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

Now, I still have full functionality on the 10.0.0. and the 192.168.2. I can communicate freely between those 2 subnets as well as out through the firewall (10.0.1.1).

From both the 10.0.0 and the 192.168.2 I CAN ping the new 10.0.2.2 ip (which is the port on the switch) but I can't ping any other IP's on that subnet (10.0.2.1, 10.0.2.5, etc). All tracert's stop at the switch.

I have confirmed from a PC on the 10.0.2 subnet that I can ping the switch IP (10.0.2.2).
I can ping the same switch IP (10.0.2.2) from both the 10.0.0 subnet and the 192.168.2 subnet.
I can also use the switch's "internal" ping tool (run from the web interface) and can ping any IP on ANY subnet.

What am I missing????

Thanks in advance,
-Scott
0
Comment
Question by:spillsbury
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12017280
what model switch is it?
0
 

Author Comment

by:spillsbury
ID: 12017925
NetGear GSM7312 (Layer 3, 12 port, Gigabit)
0
 

Author Comment

by:spillsbury
ID: 12027781
Getting this fixed has taken a higher priority, so I'm adding more points.

Any help is appreciated.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12028423
Not particularly sure about configuring NetGear routers...  I'll post a pointer in Networking where you will get more exposure.
0
 
LVL 1

Expert Comment

by:Spankyxeon
ID: 12029668
based on what you're saying it would seem to me that the default gateway on the 10.0.2.1 and 10.0.2.5 devices have the wrong default gateway set.  Did you set the default gateway on the devices to 10.0.2.1 out of habit (the .1 part of it)?  It would need to be 10.0.2.2 based on what you've typed.

Another possibility, although I'm assuming it was just a typo on your
part:
"10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch"

I'm assuming you meant 10.0.1.2 instead of 10.0.2.2.  If you meant to type what you did, then that's a problem.  The 10.0.1.1 and the 10.0.2.2 would be on different subnets, but you mention that they are the only 2 ip addresses in use on the 10.0.1. subnet.  That obviously wouldn't work because those 2 IP (the ones you provided) are on different subnets, not the same.

Lastly, it could be a problem with your f/w.  The f/w needs to know what networks exist on the inside of their private interface.  You may need to had a route statement in the f/w that says the 10.0.2.x network exists behind the 10.0.1.2 (what I believe should be the IP address of the switch that connects to the f/w).
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12033626
It sounds like the machines in 10.0.2.* do not have a route back to any of the other networks in question, but the info provided is rather vague.  

Can you provide a list of IP addresses for *all* interfaces of *all* equipment in question, as well as their respective routing tables?

Such a list would go a long way toward solving this one...

BTW, I agree that there is likely a typo in the original post, although I've seen stranger mickeysoft configs that worked despite such horrible disagreements WRT subnet mathematics.

Cheers,
-Jon
0
 

Author Comment

by:spillsbury
ID: 12034917
Yikes... YES... there is a typo.
"10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch"
should read:
10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.1.2 is the port/ip on the switch

I'll collect the other IP's and route tables and post them ASAP.
0
 

Author Comment

by:spillsbury
ID: 12091857
Turns out it was an "easy" problem. It was something I had completely forgotten about and hadn't even considered.

When I created the second subnet (10.0.2.x) I inadvertently chose the same subnet that I had already used for my VPN connections.

To fix, all I did was change my that subnet from 10.0.2.x to 172.16.1.x

Things work fine now.

Thanks for all the suggestions.
-Scott
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13190526
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question