09-08-2005 02:43 PM - edited 03-02-2019 11:59 PM
Hello all,
I have a 3750 switch with 4 vlans. Vlans 1 through 4 all route perfectly to the internet. The 4th vlan does not route out to the internet. I have an ip helper-address configured for the vlan and also I have a gateway of last resort set as the candidate default and it is a static route.
I can ping any server in the vlan where the ip helper-address is set and also any node in the same vlan of the ip helper-address can ping outside the network.
To summarize my problem, I cannot ping outside the network from this newly created Vlan. Can anyone offer some suggestions? Thank you.
Keith.
09-08-2005 03:24 PM
Can you paste your configs ? and a show ip route ?
Can you ping from vlan 4 to the default gateway (your ISPs router or Internet router)
09-09-2005 03:45 AM
Here is the running config and the show ip route. From Vlan 4(60.xxx network) I can ping the vlan 4 interface, which would be the default gateway for the node in vlan 4. I can also ping any node in Vlan 1(49.xxx network) however I cant ping 192.168.49.1 which is the gateway to our ISP. Can our PIX firewall somehow be preventing this?
ip subnet-zero
ip routing
!
no ip domain-lookup
mls qos
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface GigabitEthernet1/0/23
description Connected to Pix Firewall
no ip address
duplex full
speed 100
no mdix auto
interface Vlan1
description Prim Network (192.168.49.XXX)
ip address 192.168.49.2 255.255.255.0
!
interface Vlan2
description Voice Network (192.168.50.XXX)
ip address 192.168.50.1 255.255.255.0
ip helper-address 192.168.49.48
!
interface Vlan3
description Wireless Network (192.168.48.XXX)
ip address 192.168.48.1 255.255.255.0
ip helper-address 192.168.49.48
!
interface Vlan4
description VPN Network (192.168.60.XXX)
ip address 192.168.60.2 255.255.255.0
ip helper-address 192.168.49.48
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.49.1
ip route 10.215.0.0 255.255.0.0 192.168.49.9
ip route 172.16.66.0 255.255.255.0 192.168.49.1
ip route 192.168.30.0 255.255.255.0 192.168.49.1
ip route 192.168.103.0 255.255.255.0 192.168.49.9
ip route 192.168.104.0 255.255.255.252 192.168.49.9
ip http server
!
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.49.1 to network 0.0.0.0
192.168.104.0/30 is subnetted, 1 subnets
S 192.168.104.0 [1/0] via 192.168.49.9
S 192.168.30.0/24 [1/0] via 192.168.49.1
C 192.168.60.0/24 is directly connected, Vlan4
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.66.0 [1/0] via 192.168.49.1
10.0.0.0/16 is subnetted, 1 subnets
S 10.215.0.0 [1/0] via 192.168.49.9
C 192.168.50.0/24 is directly connected, Vlan2
S 192.168.103.0/24 [1/0] via 192.168.49.9
C 192.168.49.0/24 is directly connected, Vlan1
C 192.168.48.0/24 is directly connected, Vlan3
S* 0.0.0.0/0 [1/0] via 192.168.49.1
09-09-2005 07:33 AM
Alot of times admins block any kind of pings to the firewall so that may be your only problem . My guess it is being blocked on your pix interface.
09-09-2005 07:48 AM
Cant say for sure if the PIX is blocking your traffic, until I see the PIX configs.
It could be that PIX doesnt have a route to get back to Vlan 4. On the PIX firewall you should have
route inside commands set with next hop as 192.168.49.2 (3750 on vlan 1) and the network specified in the routes should be for Vlan 2,3,4 etc.
09-08-2005 05:44 PM
If you do a "show vlan" do all your vlans show active??? Also do all 4 SVI's for each vlan show in a up/up condition . For it to route between the vlans both conditions must be met .
09-09-2005 03:49 AM
All vlans are in an active status and all 4 SVI's are in an UP/UP state. I just posted some configs as well to a previous response. Could our PIX firewall be blocking something? I just walked into this company and have received all the necessary info I need to troubleshoot some of these things so any help is appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide