cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
680
Views
0
Helpful
6
Replies

Routing Through A Vlan

Hello all,

I have a 3750 switch with 4 vlans. Vlans 1 through 4 all route perfectly to the internet. The 4th vlan does not route out to the internet. I have an ip helper-address configured for the vlan and also I have a gateway of last resort set as the candidate default and it is a static route.

I can ping any server in the vlan where the ip helper-address is set and also any node in the same vlan of the ip helper-address can ping outside the network.

To summarize my problem, I cannot ping outside the network from this newly created Vlan. Can anyone offer some suggestions? Thank you.

Keith.

6 Replies 6

thisisshanky
Level 11
Level 11

Can you paste your configs ? and a show ip route ?

Can you ping from vlan 4 to the default gateway (your ISPs router or Internet router)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Here is the running config and the show ip route. From Vlan 4(60.xxx network) I can ping the vlan 4 interface, which would be the default gateway for the node in vlan 4. I can also ping any node in Vlan 1(49.xxx network) however I cant ping 192.168.49.1 which is the gateway to our ISP. Can our PIX firewall somehow be preventing this?

ip subnet-zero

ip routing

!

no ip domain-lookup

mls qos

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

interface GigabitEthernet1/0/23

description Connected to Pix Firewall

no ip address

duplex full

speed 100

no mdix auto

interface Vlan1

description Prim Network (192.168.49.XXX)

ip address 192.168.49.2 255.255.255.0

!

interface Vlan2

description Voice Network (192.168.50.XXX)

ip address 192.168.50.1 255.255.255.0

ip helper-address 192.168.49.48

!

interface Vlan3

description Wireless Network (192.168.48.XXX)

ip address 192.168.48.1 255.255.255.0

ip helper-address 192.168.49.48

!

interface Vlan4

description VPN Network (192.168.60.XXX)

ip address 192.168.60.2 255.255.255.0

ip helper-address 192.168.49.48

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.49.1

ip route 10.215.0.0 255.255.0.0 192.168.49.9

ip route 172.16.66.0 255.255.255.0 192.168.49.1

ip route 192.168.30.0 255.255.255.0 192.168.49.1

ip route 192.168.103.0 255.255.255.0 192.168.49.9

ip route 192.168.104.0 255.255.255.252 192.168.49.9

ip http server

!

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.49.1 to network 0.0.0.0

192.168.104.0/30 is subnetted, 1 subnets

S 192.168.104.0 [1/0] via 192.168.49.9

S 192.168.30.0/24 [1/0] via 192.168.49.1

C 192.168.60.0/24 is directly connected, Vlan4

172.16.0.0/24 is subnetted, 1 subnets

S 172.16.66.0 [1/0] via 192.168.49.1

10.0.0.0/16 is subnetted, 1 subnets

S 10.215.0.0 [1/0] via 192.168.49.9

C 192.168.50.0/24 is directly connected, Vlan2

S 192.168.103.0/24 [1/0] via 192.168.49.9

C 192.168.49.0/24 is directly connected, Vlan1

C 192.168.48.0/24 is directly connected, Vlan3

S* 0.0.0.0/0 [1/0] via 192.168.49.1

Alot of times admins block any kind of pings to the firewall so that may be your only problem . My guess it is being blocked on your pix interface.

Cant say for sure if the PIX is blocking your traffic, until I see the PIX configs.

It could be that PIX doesnt have a route to get back to Vlan 4. On the PIX firewall you should have

route inside commands set with next hop as 192.168.49.2 (3750 on vlan 1) and the network specified in the routes should be for Vlan 2,3,4 etc.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

glen.grant
VIP Alumni
VIP Alumni

If you do a "show vlan" do all your vlans show active??? Also do all 4 SVI's for each vlan show in a up/up condition . For it to route between the vlans both conditions must be met .

All vlans are in an active status and all 4 SVI's are in an UP/UP state. I just posted some configs as well to a previous response. Could our PIX firewall be blocking something? I just walked into this company and have received all the necessary info I need to troubleshoot some of these things so any help is appreciated.