Link to home
Start Free TrialLog in
Avatar of jaysonfranklin
jaysonfranklin

asked on

VLAN Routing problems on 3560

I have vlan2 ip address 201.1, my ip is 201.2, i can ping the 201.1 from my pc. The documentation also calls for the 'routing' port of the switch to be on the same subnet as the router or 'default route' so i gave it a 10.10 and the inside int of the firewall is 10.1. I from my box at 201.2 I can ping 10.10 on the switch, but thats all.

I have a default route for 0.0.0.0 0.0.0.0 192.168.10.1

what am i doing wrong?
Avatar of nodisco
nodisco
Flag of New Zealand image
hi jayson

if you can ping the switch on the local address, and the switch can ping the firewall using the 10.10 to 10.1 address then it looks like the problem is with your firewall.  You have a default route on the switch to send all traffic to the inside of the firewall.  But as you are using a 192.168.201.2 source ip address, the firewall will need to know how to route traffic back to it.  What firewall is it?

For example - if its a Cisco PIX - you would need a route statement like:
route inside 192.168.201.0 255.255.255.0 192.168.10.10

hth
Avatar of jaysonfranklin
jaysonfranklin

ASKER

i have a route on the pix that looks like this:

route inside 192.168.0.0 255.255.0.0 192.168.10.10 -this way it covers all vlans...

....and actually i got it to work now....the pix was failed over to a secondary. i can ping the pix at 10.1 but cannot ping any of the other devices on the 10.0 network.
Avatar of jaysonfranklin
jaysonfranklin

ASKER

why can't i ping any other devices on the network though?
Avatar of nodisco
nodisco
Flag of New Zealand image
Are the other devices you are trying to ping using the PIX as their default gateway?
Avatar of jaysonfranklin
jaysonfranklin

ASKER

yes. so, i need to put them on a vlan too..?
Avatar of jaysonfranklin
jaysonfranklin

ASKER

ah...so i need to just make them have a gateway of the 10.10?
Avatar of jaysonfranklin
jaysonfranklin

ASKER

how can i pass dns traffic from one vlan to another?
ASKER CERTIFIED SOLUTION
Avatar of predragpetrovic
predragpetrovic
Flag of Qatar image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of predragpetrovic
predragpetrovic
Flag of Qatar image
All of the routing is being managed by Cisco 3560 not PIX. As well all traffic is enabled, if you wish to apply access lists please think what is supposed to be allowed and what is supposed to be forbidden, after start implementing them.
Avatar of predragpetrovic
predragpetrovic
Flag of Qatar image
And I have forgot, you must add a default route on the switch...
configure terminal
ip route 0.0.0.0 0.0.0.0 $PIXINSIDEADDRESS
exit

Replace the address with the real IP address of the inside interface of the PIX
Avatar of jaysonfranklin
jaysonfranklin

ASKER

Ok, Everything is working great now...it turns out, one of our techs who was given the vlan map for the topology, plugged a bunch of stuff into the wrong ports.. Thanks much for your help though!