Re: Making a 2610XM w/NM-ESW16 and multiple subnets pass traffic

mikejonesninaza · ‎01-21-2005

I've been given the task by my employer to build a new network,

I've purchased what I thought were all the needed bits and bobs,

but I just can't seem to get the final bit to work. I have an ok amount

of experience with Cisco gear, and I can fumble my way around IOS...

but I've run into a snag...

Here's the bits...

(existing stuff)

- 2620XM (ISP owns this, it's for our T1, we don't touch it)

- PIX 515E (ours, basic firewall)

(new stuff)

- 2610XM w/a 16 port Ethernet Switch Module (ours, core router)

- Two Catalyst 5500 switches, Sup III's, loaded with 24 port 10/100 modules

Both running VTP, trunked SC/SC fiber connection between the two

(they're in opposite ends of the building). So it's really just one

big switch cut into six VLAN slices.

So in building the new network the first thing I did was set up the

Cat5500's with VTP and cut them into VLAN slices. Those six VLANs

being Corp, Ops, Lab, Dev, QA, and Admin. I've got a crossover cable

going from one port on each VLAN into one port each on the 2610XM

Ethernet Switch Module.

To keep things simple I cut everything into /22's and gave each VLAN

it's own network segment. IE Corp got .100/22, QA got .104/22,

Dev got .108/22, etc... Each network segment is configured on the 2610XM

and bound to a port on the etherswtich module using a nifty little

feature called 'Switch Virtual Interface'.

I configured the 2610XM to handle all the networks with RIP, and this

part works fine. Hosts can talk to each other from the various

network segments just fine. So the 2610XM is allowing all the networks

that are directly connected to it via the Ethernet Switch Module

to talk to each other no problem.

But when I try to hop out of the 2610XM to the PIX to talk to the outside

world, that's when I have a problem.

The Fa0/0 interface on the 2610XM is configured as 192.168.99.2/24, and the

inside interface on the PIX is configured as 192.168.99.1/24. I thought

I had a gateway of last resort set on the 2610XM to point to the inside

interface on the PIX. ie 'ip route 0.0.0.0 0.0.0.0 192.168.99.1'

When I'm logged into the PIX I can ping the 2610 at .99.2, and I can ping

all the interfaces/default gateways configured on it for the network

segments, IE .100.1, .104.1, .108.1, etc... But I can't ping hosts

down in those network segments... IE I can't ping a laptop using 100.100

from the PIX. But I can ping it from the 2610XM.

And the laptop can ping all the interfaces on the 2610XM, and even the

Fa0/0 .99.2 interface that's connected to the PIX, but it can't ping

the other side of that connection, the PIX, at .99.1.

The following URL is to a visio diagram of the network

as I need to implement it.

http://moike.net/tech-support-network-detail.jpg

What am I doing wrong/how do I make this work?

Thanks,

-Mike-

mhussein · ‎01-21-2005

More infomration is needed, please post the output of the following commands:

1. From the 2610: "show ip route"

2. From the PIX: "show route"

For privacy and security, remember to remove public ip addresses or any confidential info from the output of these commands.

What version of RIP is running on the router? On the PIX if any? RIP v1 does not support VLSM (/22 in this case). Moreover, since all subnets are directly connected, RIP is useless if it is only running on the router.

I suspect that the static or rip routes are not configured properly in the PIX, a "route inside 192.168.100.0 255.255.224.0 192.168.99.2 1" PIX config may fix the problem.

Mustafa

mikejonesninaza · ‎01-26-2005

sorry for the delayed followup... Thanks for the

mental kick in the pants. Yeah, I had Rip v2

configured on the 2610 but I didn't have the static

routes set up right on the PIX. A little tweaking

and things are running just fine now.

Thanks again.

Some times a second pair of eyes is all it takes.

-Mike-

Making a 2610XM w/NM-ESW16 and multiple subnets pass traffic to PIX 515E