?
Solved

Cisco 3750... two vlans two seperate gateways

Posted on 2014-09-10
9
Medium Priority
?
212 Views
Last Modified: 2014-12-19
I apologize if this question is stupid. I'm building experience.

So at our colo we have a cisco 3750. We have multiple windows servers in two different vlans each with a gateway on the switch.
Servers in vlan 17 have the gateway of 172.17.17.5 (my switch)
Servers in vlan 16 have the gateway of 172.17.16.5 (my switch)

we have a managed firewall service at the colo. They give us two zones. Each zone has it's own gateway on the managed service firewall.

172.17.17.5 (the switch) next hop is 172.17.17.1 (managed service firewall zone 1)
172.17.16.5 (the switch) next hop is 172.17.16.1 (managed service firewall zone 2)

Currently, all windows servers in .17 can access the internet and ping 172.17.17.1 (manged services zone 1).
Nothing in .16 can access the internet nor can they ping 172.17.16.1.

From my switch I can ping both 172.17.17.1 and 172.17.16.1.
The all zeros route is 0.0.0.0 0.0.0.0 172.17.17.1 10

I'm a little new to this, how can I get the 172.17.16.x servers to get to their next hop of 172.17.16.1?

Thanks,
0
Comment
Question by:mauisun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 1

Author Comment

by:mauisun
ID: 40315719
... and the windows hosts are vmware vm's on the same hosts. vlan 16 on one NIC and vlan 17 on another NIC.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315746
do you have 2 connections to the firewall service? if so, change the default route to be .1
if not, you'll need to do policy based routing. this should help get you started.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315747
I have two connections from the firewall.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 4

Expert Comment

by:rlarian
ID: 40315755
is there a reason that you have the gateway set as your switch? if you change the default gateway for the servers to .1, that should solve your issue.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315759
If I change the gateway to .1, I can see the internet but I lose connection internal, meaning from my desk at HQ I can't see the servers anymore.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315764
how are you connected to the servers? if the switch is acting as a router for other networks (your desk) add a static route for your network pointing to the .5 address.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40317806
I connect from my desk to our switch stack -->EPL-->Colocation Switch
The switch is the gateway for the network there.
I just got off the phone with the engineers at the colo, they said add a route to the switch that tells the switch to forward all zeros traffic from 172.17.16.x hosts to 172.17.16.1. How to do that?
0
 
LVL 4

Accepted Solution

by:
rlarian earned 2000 total points
ID: 40318217
you're getting in to policy based routing to do that.
if you add a route for your network (10.10.10.0 or what ever it is)  to point to 172.17.16.5 and change the gateway back to .1 - this should solve both internet access for servers and your access to the servers.
0
 
LVL 1

Author Closing Comment

by:mauisun
ID: 40509637
Good solution. I used this guidance to split my network physically.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Is your computer hacked? learn how to detect and delete malware in your PC
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question