They have assured me that there is no firewall software on the Windows machine.

What is the IP address of the machine and which port is it connected to ?

Jon

The machine's IP is 10.10.10.100, connected to port 0/40.

The switch is L2 only and it has a management interface in vlan 16.

Your machine is in vlan 900 and has an IP from a different subnet.

So even though you are connected directly you will have to go via your default gateway to get to the switch but it sounds like that is not working properly.

The switch has a default gateway of x.x.16.1  (you didn't include the whole address)

Your machine will also have a default gateway but a different one.

You need to find the device ie. a L3 switch or router that is configured with those IPs to work out why it is not routing properly between your machine and the switch.

Jon

Jon,

Right the switch's default gateway is a layer 3 switch at x.x.16.1.

The gateway for the windows machine is a Juniper firewall.

I can't see anything wrong with their configs either.

Would posting the layer 3 switch's configs help?

Probably not.

Does the firewall have a route for the switch IP subnet ?

Does the L3 switch have a route for the machine subnet ?

Jon

I am able to ping from the firewall back to the switch in question.

The L3 switch does not have a route for the windows machine.

what type of Juniper firewall is that.

Can you post "sh configuration"

Is the firewall configured with vlan/unit 900?

also, can you post "sh inter ter"

It's a Juniper Netscreen so those commands won't work.

I also should point out that this was all working a few weeks ago, the only difference is the switch and windows machine were physically moved to a different building.

When it was moved were the IPs of the machine and the 2960 changed ?

For this to work as I say both the L3 switch and the firewall must have the correct routes unless the firewall is doing NAT on the source IPs as traffic goes to and from it.

Jon

The machine and switch still have the same IPs.

Since this was working before the move I assume all the correct routes are present.

When you moved did you connect back to the same L3 switch.

Is this the only connectivity issue from the machine ie. it can access everything else ?

Can the switch ping it's default gateway.

What do traceroutes show you (with a firewall as a gateway they may not show much).

On the firewall are there separate interfaces for the L3 switch connection and your machines vlan interface or do they go in the same interface.

Does the L3 switch have a default route that points to firewall. If it did then not having a specific route for the machine's IP subnet wouldn't matter.

You need to take it a step at a time and work out what is and isn't working because if you find something else that doesn't work this may help point you in the right direction.

And make sure you ping from the machine just in case there is a firewall on it because it will be allowed if you ping from not to the machine.

First things first try a traceroute from the L3 switch to the machine and see if it goes to the firewall.

We are happy to try and help but at the moment it could be any number of things and we need to start ruling some of them out.

Jon