Vlans can no longer communicate with login id and password

I have set up several vlans on my network.  Everything was working fine vlan 1 could talk to vlan 25 and vlan 25 could talk to vlan 1.  Vlan 1 has all of my servers and a few clients.  Vlan 25 has clients only.  I had previously outsourced my firewall but then I changed providers and brought the firewall back in house so that I had more flexibility.  Everything works fine EXCEPT that Vlan 25 clients cannot access my servers with being asked for a login id and password.  It's like Vlan 25 does not know who they are.  I can ping from Vlan 1 to Vlan 25 and from Vlan 25 to Vlan 1.  Only having issues access servers to connect for data files or print services.

This does not make sense.  The only change was the firewall which should have no affect on this.

Any thoughts are appreciated.

Lanee
LVL 1
Lanee KirbyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

atlas_shudderedSr. Network EngineerCommented:
Is this a new firewall or existing, just managed internally now?
0
Lanee KirbyAuthor Commented:
Yes.  Brand new Meraki firewall.  Everything seems to be configured correct.  Merkia support confirmed.  However, this is the only thing that changed but both vlans are on same side of network.  Traffic should not even have to pass thru the firewall.  I'm confused by this one.
0
atlas_shudderedSr. Network EngineerCommented:
The two VLANs may be on the same side of the firewall but they will still need a gateway to route between them.  Where is routing performed between the two VLANs?  Router?  Layer 3 Switch? etc.?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Lanee KirbyAuthor Commented:
I have servers (vlan 1) connected to Switch A (L3) and users (vlan 25) connected to Switch B (L2).  These two switches are connected together of course and my vlans are routed on my L3 switch.  Do both switches have to be a Layer 3 switch?
0
Lanee KirbyAuthor Commented:
Every time one of my users logs into our network on Vlan 25 and then tries to access a server on Vlan 1.  It makes them authenticate to each server again each time they log back in, if they try to communicate with it.

Anyone?
0
atlas_shudderedSr. Network EngineerCommented:
Okay, so your workstations can reach the server, they just have to log in each time?
0
Lanee KirbyAuthor Commented:
Yes, the traffic and ping across vlans but everytime someone from vlan 25 tries to connect to any server on vlan 1, they are prompted with a login screen, even though they are already logged into our network.

Started when I put in the firewall.  ????
0
atlas_shudderedSr. Network EngineerCommented:
Assuming you are running MSWIN, where are your AD servers located?
0
Lanee KirbyAuthor Commented:
they are all on vlan 1.  That is where all of my servers are, vlan 1.  Would it make a difference to add one to vlan 25 or maybe move one to the same switch it is connected to?
0
StolsieCommented:
Hi OP

Vlan 25 DHCP options need to contain the Domain that you need to authenticate to. so clients are natively on the correct domain.
Your DNS server for your local domain needs to be made aware of AD servers, so when a client is connected it knows what domain its apart of.  
at a guess that is possibly your issue.(sorry if that has already been done)  
also I would recommend following some best practises on your network for security reasons, if you would like to hear them please ask and i'll be happy to make recommendations.
0
Lanee KirbyAuthor Commented:
My DHCP options for vlan 25 already has my correct domain in it.  It also has DNS server from vlan 1 in it.  They have no problem logging into their laptops, it is only when they try to browse files on a networked drive to a server in vlan 1.  

Again, the only change that was made was adding an inhouse firewall when I changed providers.  This vlan 25 has existed for over a year now, setup the same way it is now  and this problem did not exist until with provider change and addition of internal firewall.

Just do not understand it at all.  Any more suggestions?  I would love to hear your recommendations as well.

Thank you
0
StolsieCommented:
that does sound like an odd ball of a problem, its going to be a typo somewhere or one of those problem where you go... "ohh yeah obviously it was that"
I blast some stuff your way you tell me to stop
we have a L3 switch A
interface Vlan 1  - 192.168.0.1?
interface Vlan 25 - 172.16.1.1?
has routing enabled
default route for WAN is in Vlan 1 - 192.168.0.254?
it has an access/native port on Vlan 25 to switch B?
switch B is configured only as a flat access switch for Vlan 25?
back to switch A
if you remove the Firewall from the scenario does everything work bar the internets?
intranet address are specified?
drive mapping is configured to reconnect at log in?
AD has a trust set up with your Vlan 25?
i'm fairly certain  you must have everything set up correctly its odd that by changing a firewall, if it doesn't interact with internal data cause you problems. must be down to a "Windows Feature"
could it be that routing all this time was handled by the firewall, now it still is just missing rules?(maybe... probably not... thinking out loud)
 
full disclosure i'm from a network background so is someone who is an AD guru wants to get stuck in please do lol
0
Lanee KirbyAuthor Commented:
As it turns out, I did not realize that my Meraki firewall that i incorporated into the mix was acting as a layer 3 switch also.  I have a layer 3 switch and I want it to remain a layer 3 switch.  Also turns out that DHCP was turned on for both Vlan 15 and Vlan 25.  I have a server that handles dhcp for Vlan 1 and Vlan 25 and the phone controller handles it for Vlan 15.  I have fixed those things now but now my Vloan 15 will not communicate at all with the other two Vlans.  All of my phones are down except to call within the office only.

I think I have a mess.  Any ideas on why that vlan 15 chose to stop talking at all over my switches?  How can I fix?
0
StolsieCommented:
VoIP not working is almost always down to DHCP option.
<<almost>>
your controller sitting on the network edge?
might be better if you could post a diagram with some IP information.

the conversation started with Vlan 1 and Vlan 25 now we got Vlan 15.
full picture is needed to help you out here buddy.
your controller is it in house
SIP direct or thought a gateway? (I suspect your issue is there and DHCP+ options)
its possible your phones are only working cause of their lease timers and could possibly stop working soon or after a reboot.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lanee KirbyAuthor Commented:
The problem here ended up being two issues,  The was another L3 switch in the rack that I did not realize was connected. And, there was an incorrect setting on our phone controller.  These two issues together caused my network to be completely confused.  Thanks for the help.
1
StolsieCommented:
Glad you got it solved and more then happy to help.
regards
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.