Solved

Can't ping secondary subnet, possible routing issue?

Posted on 2004-09-09
10
2,408 Views
Last Modified: 2012-05-05
What I thought would be a simple project has me pulling my hair out. I'm sure the answer is right in front of me, but I can't seem to find it. I'm hoping someone can help.

I have a fairly simple network set up using a layer3 switch to manage 2 subnets through 1 firewall & T1 line.

10.0.0.- subnet 1 (uses 10.0.0.1 port/ip on switch as gateway)
192.168.2.- subnet 2 (uses 192.168.2.1 port/ip on switch as gateway)
10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch

The following is the routing table BEFORE i tried adding another subnet.
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

I wanted to add a 3rd subnet, so I enabled/configured another port on the switch. The routing table now looks like this:
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
10.0.2.0                 255.255.255.0      Local       0.7              10.0.2.2             Yes   <-- new entry
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

Now, I still have full functionality on the 10.0.0. and the 192.168.2. I can communicate freely between those 2 subnets as well as out through the firewall (10.0.1.1).

From both the 10.0.0 and the 192.168.2 I CAN ping the new 10.0.2.2 ip (which is the port on the switch) but I can't ping any other IP's on that subnet (10.0.2.1, 10.0.2.5, etc). All tracert's stop at the switch.

I have confirmed from a PC on the 10.0.2 subnet that I can ping the switch IP (10.0.2.2).
I can ping the same switch IP (10.0.2.2) from both the 10.0.0 subnet and the 192.168.2 subnet.
I can also use the switch's "internal" ping tool (run from the web interface) and can ping any IP on ANY subnet.

What am I missing????

Thanks in advance,
-Scott
0
Comment
Question by:spillsbury
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12017280
what model switch is it?
0
 

Author Comment

by:spillsbury
ID: 12017925
NetGear GSM7312 (Layer 3, 12 port, Gigabit)
0
 

Author Comment

by:spillsbury
ID: 12027781
Getting this fixed has taken a higher priority, so I'm adding more points.

Any help is appreciated.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12028423
Not particularly sure about configuring NetGear routers...  I'll post a pointer in Networking where you will get more exposure.
0
 
LVL 1

Expert Comment

by:Spankyxeon
ID: 12029668
based on what you're saying it would seem to me that the default gateway on the 10.0.2.1 and 10.0.2.5 devices have the wrong default gateway set.  Did you set the default gateway on the devices to 10.0.2.1 out of habit (the .1 part of it)?  It would need to be 10.0.2.2 based on what you've typed.

Another possibility, although I'm assuming it was just a typo on your
part:
"10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch"

I'm assuming you meant 10.0.1.2 instead of 10.0.2.2.  If you meant to type what you did, then that's a problem.  The 10.0.1.1 and the 10.0.2.2 would be on different subnets, but you mention that they are the only 2 ip addresses in use on the 10.0.1. subnet.  That obviously wouldn't work because those 2 IP (the ones you provided) are on different subnets, not the same.

Lastly, it could be a problem with your f/w.  The f/w needs to know what networks exist on the inside of their private interface.  You may need to had a route statement in the f/w that says the 10.0.2.x network exists behind the 10.0.1.2 (what I believe should be the IP address of the switch that connects to the f/w).
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12033626
It sounds like the machines in 10.0.2.* do not have a route back to any of the other networks in question, but the info provided is rather vague.  

Can you provide a list of IP addresses for *all* interfaces of *all* equipment in question, as well as their respective routing tables?

Such a list would go a long way toward solving this one...

BTW, I agree that there is likely a typo in the original post, although I've seen stranger mickeysoft configs that worked despite such horrible disagreements WRT subnet mathematics.

Cheers,
-Jon
0
 

Author Comment

by:spillsbury
ID: 12034917
Yikes... YES... there is a typo.
"10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch"
should read:
10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.1.2 is the port/ip on the switch

I'll collect the other IP's and route tables and post them ASAP.
0
 

Author Comment

by:spillsbury
ID: 12091857
Turns out it was an "easy" problem. It was something I had completely forgotten about and hadn't even considered.

When I created the second subnet (10.0.2.x) I inadvertently chose the same subnet that I had already used for my VPN connections.

To fix, all I did was change my that subnet from 10.0.2.x to 172.16.1.x

Things work fine now.

Thanks for all the suggestions.
-Scott
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13190526
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now