Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco 3750... two vlans two seperate gateways

Posted on 2014-09-10
9
193 Views
Last Modified: 2014-12-19
I apologize if this question is stupid. I'm building experience.

So at our colo we have a cisco 3750. We have multiple windows servers in two different vlans each with a gateway on the switch.
Servers in vlan 17 have the gateway of 172.17.17.5 (my switch)
Servers in vlan 16 have the gateway of 172.17.16.5 (my switch)

we have a managed firewall service at the colo. They give us two zones. Each zone has it's own gateway on the managed service firewall.

172.17.17.5 (the switch) next hop is 172.17.17.1 (managed service firewall zone 1)
172.17.16.5 (the switch) next hop is 172.17.16.1 (managed service firewall zone 2)

Currently, all windows servers in .17 can access the internet and ping 172.17.17.1 (manged services zone 1).
Nothing in .16 can access the internet nor can they ping 172.17.16.1.

From my switch I can ping both 172.17.17.1 and 172.17.16.1.
The all zeros route is 0.0.0.0 0.0.0.0 172.17.17.1 10

I'm a little new to this, how can I get the 172.17.16.x servers to get to their next hop of 172.17.16.1?

Thanks,
0
Comment
Question by:mauisun
  • 5
  • 4
9 Comments
 
LVL 1

Author Comment

by:mauisun
ID: 40315719
... and the windows hosts are vmware vm's on the same hosts. vlan 16 on one NIC and vlan 17 on another NIC.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315746
do you have 2 connections to the firewall service? if so, change the default route to be .1
if not, you'll need to do policy based routing. this should help get you started.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315747
I have two connections from the firewall.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 4

Expert Comment

by:rlarian
ID: 40315755
is there a reason that you have the gateway set as your switch? if you change the default gateway for the servers to .1, that should solve your issue.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315759
If I change the gateway to .1, I can see the internet but I lose connection internal, meaning from my desk at HQ I can't see the servers anymore.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315764
how are you connected to the servers? if the switch is acting as a router for other networks (your desk) add a static route for your network pointing to the .5 address.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40317806
I connect from my desk to our switch stack -->EPL-->Colocation Switch
The switch is the gateway for the network there.
I just got off the phone with the engineers at the colo, they said add a route to the switch that tells the switch to forward all zeros traffic from 172.17.16.x hosts to 172.17.16.1. How to do that?
0
 
LVL 4

Accepted Solution

by:
rlarian earned 500 total points
ID: 40318217
you're getting in to policy based routing to do that.
if you add a route for your network (10.10.10.0 or what ever it is)  to point to 172.17.16.5 and change the gateway back to .1 - this should solve both internet access for servers and your access to the servers.
0
 
LVL 1

Author Closing Comment

by:mauisun
ID: 40509637
Good solution. I used this guidance to split my network physically.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Identify bottom to remote server 2 59
Network cabling explanation? Copper, twinaxial, SFP+, fiber? 4 64
spanning tree loop even though stp is enabled 10 53
logon time 6 37
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question