02-19-2020 08:10 AM - edited 02-19-2020 11:40 AM
What are we missing? It seems like it would be something simple, but we are overlooking something. We do not have a router in the mix. We have a Cisco Firepower 1120 Threat Defense Firewall running in router mode and a Brocade Ruckus ICX 7150 Layer 3 switch connected together per the picture diagram.
Firewall has ports 1/2 and 1/8 bridged with IP address of 192.168.2.99. Firewall port 1/2 is physically connected to our switch port 1/1/2. Port 1/8 is connected to a laptop that gets a DHCP address from the firewall of 192.168.2.30/24 with gateway of 192.168.2.99.
The laptop can ping the firewall bridge interface at 192.168.2.99, but it cannot ping the switch interface at 192.168.2.1.
From the Firewall CLI via management port, we can see the laptop in arp and we can ping it at 192.168.2.30
From the Switch we can see the laptop and bridge port in arp, we can ping the bridge interface at 192.168.2.99, but we can’t ping the laptop at 192.168.2.30.
Would you think it's a firewall rule needed, a route in the switch needed, or what? So frustrated at this point as it should be working but we are probably missing something simple. Need a better set of eyes (and brain) to help please.
Solved! Go to Solution.
02-19-2020 02:30 PM
Issue Resolved! We added the following route on the switch: ip route 0.0.0.0/0 192.168.2.99
On the firewall we enabled port 1/6 with an IP address of 192.168.4.99/24. We moved the laptop from port 1/8 to port 1/6 and set the laptop IP to 192.168.4.25 255.255.255.0 192.168.4.99 and all works fine now. From the laptop we can ping the switch and other subnets off the switch!
02-19-2020 08:35 AM
A quick note for ip routes in the firewall and switch. From the firewall show route:
02-19-2020 02:30 PM
Issue Resolved! We added the following route on the switch: ip route 0.0.0.0/0 192.168.2.99
On the firewall we enabled port 1/6 with an IP address of 192.168.4.99/24. We moved the laptop from port 1/8 to port 1/6 and set the laptop IP to 192.168.4.25 255.255.255.0 192.168.4.99 and all works fine now. From the laptop we can ping the switch and other subnets off the switch!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide