We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Weird Network Connectivity problem

Medium Priority
Last Modified: 2012-05-11
Ok I doubt anyone has any kind of solution, but I guess I'll ask anyway.  I have this really weird issue where when certain users (and it's always the same ones) try to connect my unified messaging system (glorified Instant Messenger), they are unable to connect\ping the host.  If I ping the switch in front of the host then they can connect.

So there's a bit of network setup here to take into account as well.  The unified messaging system is part my my IP PBX.  The IP address they are connecting to is on a different subnet (my voice subnet).  So, users have IP's in the and are trying to access the host at  

On my phone side, I have an L3 switch that is routing between the two subnets over a VLAN with IP  This is the switch that if I ping it, I can get to the PBX at  On the data side my routing is done by my firewall - routes to

So for the short term I've setup a ping to the switch on my users log in scripts, but this is hardly a solution.  I hope to completely switch out my voice switches soon as they are aging pretty bad.

Any Suggestions?
Watch Question

On the non-working PCs -- if you add a static route

(route add /? for syntax)

> route ADD MASK METRIC 3 IF 2
         destination^      ^mask      ^gateway     metric^    ^

something like

route add mask (gateway) metrick 10 if (use route print to find interface #)

Does it have any impact -- I'd give that a shot.

So your L3 switch has an IP of on the VLAN interface?
And your subnet is

You cannot assign .130 if that is the subnet.

Or do you have a different subnet mask on the L3 switch?  If so, that could be your problem.
Top Expert 2014
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

It seem like a problem with ARP on you L3 switch. Perhaps you should have look at its arp table.

Your pc is sending the packet to the firewall, that will forward to the switch. Packets will arrive with source ip of pc but source mac of firewall, so the switch will put that in its arp table.

When the reply comes from the pbx, with destination ip of pc, the switch will forward to the firewall because of the content of the switch arp table.

Now, the firewall should forward to the pc, but possible there is no rule allowing forwarding from pbx ip to pc range.

You can either try to install such a rule on the firewall, or you can enter some static mac settings into the arp table of the switch - so that it does not return packets via the firewall.

A whole different but better design is to connect the firewall on third vlan on the switch. Both voice and data lans would have the L3 switch as their default gateway, and the switch would have a default gateway pointing to the firewall. Obviously it means that the two lans will not be directly connected to the firewall, so it needs statics routes sending those networks to the switch. Firewall rules and nat also need to be set for those subnets.
Top Expert 2014

Um, thanks for the points, but I did not post a solution.  I posted a request for more info.  

If my question led you to a solution could you describe what the solution was so it may help others?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.