Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

vlan lan routing

Posted on 2008-10-22
15
Medium Priority
?
283 Views
Last Modified: 2012-05-05
VLAN 20 can connect to Domain in VLAN10
But VLAN 20 cannot connect to Firewall in VLAN10

whats the solution?
lan.jpg
0
Comment
Question by:ammadeyy2020
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
15 Comments
 

Author Comment

by:ammadeyy2020
ID: 22774399
Domain Server is unable to connect internet
domain server, if i add gw 192.168.10.2 it can connect to internet
but then vlan 20 cant connect to domain server
if i add both 10.2 and 10.1 the traffic is slow gets time out often
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774400
add route on firewall to vlan 20 network via catalyst address in vlan10 network.
0
 
LVL 4

Expert Comment

by:damalano
ID: 22774402
can you ping to the firewall ?
is there a route on the firewall so he can find his way back to vlan 20?
Is the routing done on the 1701 or  on the catalyst ?
can't you connect to the firewall or the internet isn't working ?

0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 21

Expert Comment

by:from_exp
ID: 22774408
because you can see, that domain has gw to 192.168.10.1, but more likely your firewall has default gw to internet
so you have to add route:

route add 192.168.20.0 mask 255.255.255.0 gateway 192.168.10.1
0
 

Author Comment

by:ammadeyy2020
ID: 22774438
do i have to add to firewall or router?
0
 

Author Comment

by:ammadeyy2020
ID: 22774450
from domain i can ping to 192.168.10.2
but i cant connect to ISP DNS
to domain if i add gw 192.168.10.2, then i can ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774497
I can see, that your firewall is connected directly to 3548 switch on your picture, so I suppose you have to add route to firewall
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774511
so my idea is:
1. your 3548 is routing switch for vlan 10 and vlan 20
2. all pc's should have default gws to 3548
3. firewall should have static route to 192.168.20.0/24 network via 3548 (192.168.10.1)
4. 3548 should have default gw set to firewall
5. if you have some networks behind 1701, then you have to define them on 3548 via 1701
6. add route on 1701 to 192.168.20.0/24 network via 3548
0
 

Author Comment

by:ammadeyy2020
ID: 22774612
router is used for routing, switch is used for vlan since 3548 is L2 switch
router ip is 192.168.1.1
switch ip is 192.168.1.2

router i have created sub-interface pointin to vlans on the switch


client1,
ip address 192.168.10.20
gw : 192.168.1.1 (router ip)

firewall
ip address 192.168.10.2

client can ping to 192.168.1.1
but cant ping to ISP, using proxy can browse internet


if client gw change to 192.168.10.2, then can ping to ISP and browse. but cant ping to router
i need vlan interface as gateway on client machines, or else clients are unable to connect to my PC

0
 
LVL 21

Expert Comment

by:from_exp
ID: 22775067
hm-hm, then seems you have incorrect picture.

however the idea is the same: you have correct your routing :)

please paste here CORRECT network topology and I'll be able to point you what should be changed.
0
 

Author Comment

by:ammadeyy2020
ID: 22775561
VLAN 10 can talk to VLAN 20
VLAN 20 can talk to VLAN 10

VLAN 20 and 10 can ping to both router and switch

VLAN 30 USER 192.168.30.15  can talk to VLAN, 10, 20,

Internet Firewall, can talk to only VLAN 30 users
if i add gw to firwall all vlans can talk to firewall

i cant add gw because cant have 2 gateways in firewall

i want all vlans to be able to talk to internet firewall





lan.jpg
0
 
LVL 21

Accepted Solution

by:
from_exp earned 2000 total points
ID: 22775654
ok you don't need to add second default gw to firewall, you have to add only two routes: to vlan 10 and vlan 20 networks.
simple static routes

if firewall is windows, just add:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.30.1
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

if it is cisco, then
ip route 192.168.10.0 255.255.255.0 192.168.30.1
ip route 192.168.20.0 255.255.255.0 192.168.30.1

if it is other firewall with gui, you should go somewhere like advanced routing and add two static routes
0
 

Author Comment

by:ammadeyy2020
ID: 22775817
im using microsoft isa server 2006

i added route
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

but from firewall im unable to ping to 192.168.20.2
and from 192.168.20.2 i cant ping to firewall
from 192.168.20.2 i can ping to 192.168.30.1

0
 

Author Comment

by:ammadeyy2020
ID: 22775878
now i can ping, i have added ranges to firewall
i can ping to firewall internal interface
but i cant ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22776171
possibly you have also to configure routes on 1701 router
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question