Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco 3750... two vlans two seperate gateways

Posted on 2014-09-10
9
Medium Priority
?
222 Views
Last Modified: 2014-12-19
I apologize if this question is stupid. I'm building experience.

So at our colo we have a cisco 3750. We have multiple windows servers in two different vlans each with a gateway on the switch.
Servers in vlan 17 have the gateway of 172.17.17.5 (my switch)
Servers in vlan 16 have the gateway of 172.17.16.5 (my switch)

we have a managed firewall service at the colo. They give us two zones. Each zone has it's own gateway on the managed service firewall.

172.17.17.5 (the switch) next hop is 172.17.17.1 (managed service firewall zone 1)
172.17.16.5 (the switch) next hop is 172.17.16.1 (managed service firewall zone 2)

Currently, all windows servers in .17 can access the internet and ping 172.17.17.1 (manged services zone 1).
Nothing in .16 can access the internet nor can they ping 172.17.16.1.

From my switch I can ping both 172.17.17.1 and 172.17.16.1.
The all zeros route is 0.0.0.0 0.0.0.0 172.17.17.1 10

I'm a little new to this, how can I get the 172.17.16.x servers to get to their next hop of 172.17.16.1?

Thanks,
0
Comment
Question by:mauisun
  • 5
  • 4
9 Comments
 
LVL 1

Author Comment

by:mauisun
ID: 40315719
... and the windows hosts are vmware vm's on the same hosts. vlan 16 on one NIC and vlan 17 on another NIC.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315746
do you have 2 connections to the firewall service? if so, change the default route to be .1
if not, you'll need to do policy based routing. this should help get you started.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315747
I have two connections from the firewall.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:rlarian
ID: 40315755
is there a reason that you have the gateway set as your switch? if you change the default gateway for the servers to .1, that should solve your issue.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315759
If I change the gateway to .1, I can see the internet but I lose connection internal, meaning from my desk at HQ I can't see the servers anymore.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315764
how are you connected to the servers? if the switch is acting as a router for other networks (your desk) add a static route for your network pointing to the .5 address.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40317806
I connect from my desk to our switch stack -->EPL-->Colocation Switch
The switch is the gateway for the network there.
I just got off the phone with the engineers at the colo, they said add a route to the switch that tells the switch to forward all zeros traffic from 172.17.16.x hosts to 172.17.16.1. How to do that?
0
 
LVL 4

Accepted Solution

by:
rlarian earned 2000 total points
ID: 40318217
you're getting in to policy based routing to do that.
if you add a route for your network (10.10.10.0 or what ever it is)  to point to 172.17.16.5 and change the gateway back to .1 - this should solve both internet access for servers and your access to the servers.
0
 
LVL 1

Author Closing Comment

by:mauisun
ID: 40509637
Good solution. I used this guidance to split my network physically.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question