Avatar of Chuck Brown
Chuck Brown
Flag for United States of America asked on

Switch cannot ping device connected to another switc

We have the configurations that are at the end of this description.  The 3750 is being used as the head end switch.  There is a 3560 in a department in another building.  The two are linked via a 3560 in between.  I've listed the configs for the two end points.

Here is what we're trying to accomplish:
There is a watchguard firewall at 10.0.0.1 that is the default gateway for the majority of the network.  On the 3560, port fa0/21 there is a sonic wall firewall at ip 192.168.215.1.  For the users in the 192.168.215.x network, we want them to all be in VLAN 114, and we want their Internet access to go to the sonic wall.  The rest of the network has 10.x addresses, and these 192.168.215.x users should be able to access this network.  However, what is happening is that they are able to go out the sonic wall for a couple of VPN access sites they have, that are 167.198.204.x addresses, but all other Internet access fails, as does access to the 10.x.x.x addresses.

One thing that seems odd... from the 3750 (10.10.0.1) we can ping the sonic wall firewall, but we cannot from the 3560 (10.10.0.56) which is where it is actually plugged in.

Cisco 3750
=========================================
hostname AdminFiberHost
!
switch 1 provision ws-c3750g-12s
ip subnet-zero
ip routing
ip dhcp excluded-address 10.100.0.1 10.100.0.20
ip dhcp excluded-address 10.100.0.225 10.100.0.255
ip dhcp excluded-address 10.114.0.225 10.114.0.255
ip dhcp excluded-address 10.214.0.1 10.214.0.20
ip dhcp excluded-address 192.168.215.1 192.168.215.99
ip dhcp excluded-address 192.168.215.200 192.168.215.255
!
ip dhcp pool Admin_Data
   network 10.100.0.0 255.255.0.0
   default-router 10.100.0.1
   option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=200"
   domain-name xxxx.org
   dns-server 10.0.0.11 10.0.0.9
   option 4 ip 10.0.0.11
   netbios-name-server 172.16.1.103
   netbios-node-type h-node
!
ip dhcp pool Admin_Voice
   network 10.200.0.0 255.255.0.0
   default-router 10.200.0.1
   option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=200"
   domain-name xxxx.org
   dns-server 10.0.0.11 10.0.0.9
   option 4 ip 10.0.0.11
   netbios-name-server 172.16.1.103
   netbios-node-type h-node
!
ip dhcp pool Health_Data
   network 192.168.215.0 255.255.255.0
   default-router 192.168.215.1
   option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=214"
   dns-server 64.192.56.20 64.192.56.22
!
ip dhcp pool Health_Voice
   network 10.214.0.0 255.255.0.0
   default-router 10.214.0.1
   option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=214"
   domain-name EffinghamCounty.org
   dns-server 10.0.0.11 10.0.0.9
   option 4 ip 10.0.0.11
   netbios-name-server 172.16.1.103
   netbios-node-type h-node
!
ip dhcp pool HD_wic1
   host 192.168.215.9 255.255.255.0
   client-identifier 0100.0802.52a8.f8
   client-name echdwic1
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_wic2
   host 192.168.215.11 255.255.255.0
   client-identifier 0100.0802.52b2.0c
   client-name echdwic2
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_wic3
   host 192.168.215.12 255.255.255.0
   client-identifier 0100.0802.50b9.06
   client-name echdwic3
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_win1
   host 192.168.215.5 255.255.255.0
   client-identifier 0100.6097.1e23.ae
   client-name echdwin1
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_win2
   host 192.168.215.6 255.255.255.0
   client-identifier 0100.a0cc.54e8.4f
   client-name echdwin2
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_win3
   host 192.168.215.7 255.255.255.0
   client-identifier 0100.508b.623c.4e
   client-name echdwin3
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_win4
   host 192.168.215.8 255.255.255.0
   client-identifier 0100.a0cc.54d5.4b
   client-name echdwin4
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_echdbill
   host 192.168.215.14 255.255.255.0
   client-identifier 0100.16d4.06c9.af
   client-name echdbill
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_japk
   host 192.168.215.13 255.255.255.0
   client-identifier 0100.0f20.fa57.ba
   client-name echdjapk
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
   netbios-node-type h-node
!
ip dhcp pool HD_echdscot
   host 192.168.215.15 255.255.255.0
   client-identifier 0100.a0cc.54e8.51
   client-name echdscott
   default-router 192.168.215.3
   dns-server 10.0.0.11 10.0.0.9
   netbios-node-type h-node
!
ip dhcp pool HD_ecdscot
   default-router 192.168.215.1
   dns-server 64.192.56.20 64.192.56.22
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls *** automatically generated qos statments omitted ***
mls qos
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 macro description cisco-switch
 auto qos voip trust
 spanning-tree link-type point-to-point
!
!
interface GigabitEthernet1/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 macro description cisco-switch
 auto qos voip trust
 spanning-tree link-type point-to-point
!
interface Vlan1
 ip address 10.0.0.13 255.255.0.0
!
interface Vlan10
 description MANAGEMENT VLAN
 ip address 10.10.0.1 255.255.0.0
 ip helper-address 10.0.0.11
 no ip route-cache cef
 no ip route-cache
!
interface Vlan114
 description Health Data
 ip address 192.168.215.3 255.255.255.0
!
!
interface Vlan214
 description Health Voice
 ip address 10.214.0.1 255.255.0.0
!
ip default-gateway 10.0.0.1
ip classless
ip default-network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 167.198.204.0 255.255.255.0 192.168.215.1
ip http server
!
AdminFiberHost#                
====================================================
Cisco 3560
hostname Health_3560_01
!
ip subnet-zero
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
m*** Generated mls statements omitted ***
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
 switchport trunk native vlan 114
 switchport mode trunk
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/21
 description Sonic Wall Soho3
 switchport access vlan 114
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/22
 description Link to Health_3560_02
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust cos
 macro description cisco-switch | cisco-switch
 auto qos voip trust
!
interface FastEthernet0/23
 description ShoreTel 60/12 Voice Switch
 switchport access vlan 214
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface FastEthernet0/24
 description Linksys EF3124 Switch
 switchport access vlan 114
 switchport mode access
 switchport nonegotiate
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 mls qos trust cos
 macro description cisco-switch | cisco-switch
 auto qos voip trust
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 10.0.0.56 255.255.0.0
 shutdown
!
interface Vlan10
 ip address 10.10.0.56 255.255.0.0
!
ip classless
ip http server
!
!
control-plane
!
Health_3560_01#
NetworkingHardware FirewallsDNS

Avatar of undefined
Last Comment
Chuck Brown

8/22/2022 - Mon
wrwiii12

Do you have a drawing?
Chuck Brown

ASKER
It's being worked on now; not one that would help much at the time...
ASKER CERTIFIED SOLUTION
Frabble

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Chuck Brown

ASKER
frabble,

Thanks.  We thought this might be the problem.   However, one thing we didn't understand... originally, we tried making the dg 192.168.215.3 for all of the workstations, so it would use our 3750 to route everything.  This allowed them access to the internet and our network, but not to their VPN connections.  We didn't understand this, since we have the routes set up in the 3750.  However, I think the problem may have been that the sonic wall still didn't know about our network, even though our network knew about the sonic wall.  The design goal, however, is to have all of the internet traffic from the 192.x addresses go through the sonic wall, not through our network.  We had shy'd away from this, because the sonic wall is owned/managed by a state agency, and getting them to make changes has not been the easiest.  It seems that this is simply a fact of life, though; we're going to have to get a static route added to that device in order for all of this to work...

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy