Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
2
Replies

Firewall and routing help needed - so close

Go to solution
tbonetony1
Level 1
Level 1

‎02-19-2020 08:10 AM - edited ‎02-19-2020 11:40 AM

What are we missing? It seems like it would be something simple, but we are overlooking something.  We do not have a router in the mix. We have a Cisco Firepower 1120 Threat Defense Firewall running in router mode and a Brocade Ruckus ICX 7150 Layer 3 switch connected together per the picture diagram.

Firewall has ports 1/2 and 1/8 bridged with IP address of 192.168.2.99. Firewall port 1/2 is physically connected to our switch port 1/1/2. Port 1/8 is connected to a laptop that gets a DHCP address from the firewall of 192.168.2.30/24 with gateway of 192.168.2.99.

The laptop can ping the firewall bridge interface at 192.168.2.99, but it cannot ping the switch interface at 192.168.2.1.

From the Firewall CLI via management port, we can see the laptop in arp and we can ping it at 192.168.2.30

From the Switch we can see the laptop and bridge port in arp, we can ping the bridge interface at 192.168.2.99, but we can’t ping the laptop at 192.168.2.30.

Would you think it's a firewall rule needed, a route in the switch needed, or what?  So frustrated at this point as it should be working but we are probably missing something simple.  Need a better set of eyes (and brain) to help please.

Firepowerhelp02-19.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tbonetony1
Level 1
Level 1

‎02-19-2020 02:30 PM

Issue Resolved!  We added the following route on the switch:  ip route 0.0.0.0/0 192.168.2.99

 

On the firewall we enabled port 1/6 with an IP address of 192.168.4.99/24.  We moved the laptop from port 1/8 to port 1/6 and set the laptop IP to 192.168.4.25 255.255.255.0 192.168.4.99 and all works fine now.  From the laptop we can ping the switch and other subnets off the switch!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
tbonetony1
Level 1
Level 1

‎02-19-2020 08:35 AM

A quick note for ip routes in the firewall and switch.  From the firewall show route:

Gateway of last resort is 192.168.2.1 to network 0.0.0.0
 
S*       0.0.0.0 0.0.0.0 [1/0] via 192.168.2.1, bridgegroup1
C        192.168.2.0 255.255.255.0 is directly connected, bridgegroup1
L        192.168.2.99 255.255.255.255 is directly connected, bridgegroup1
 
From the switch show ip route:
1 192.168.1.0/24 DIRECT ve 192 0/0 D 1h46m
2 192.168.2.0/24 DIRECT ve 5 0/0 D 2h1
0 Helpful

Go to solution
tbonetony1
Level 1
Level 1

‎02-19-2020 02:30 PM

Issue Resolved!  We added the following route on the switch:  ip route 0.0.0.0/0 192.168.2.99

 

On the firewall we enabled port 1/6 with an IP address of 192.168.4.99/24.  We moved the laptop from port 1/8 to port 1/6 and set the laptop IP to 192.168.4.25 255.255.255.0 192.168.4.99 and all works fine now.  From the laptop we can ping the switch and other subnets off the switch!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card