12-16-2011 12:57 PM
Ok back to basic, I was trying to setup complicated things that didn't work so now I start from the base.
I'm trying to setup my cisco SGE2010 48 ports gigabits switch to do inter-vlan routing.
so far I have set the switch in layer 3 mode from the telnet console and rebooted it.
went into the web interface and changed the default management vlan ip to 192.168.2.3
added vlan 70 and vlan 180 from bridging, vlan mangement section
under IP addressing, IPv4 interface, I added IP address for each vlan as follow:
IP address Mask Interface
192.168.70.3 255.255.255.0 VLAN 70
192.168.180.3 255.255.255.0 VLAN 180
next I went into bridging, vlan management, vlan to port:
defined port g1 as access to vlan 70
defined port g2 as access to vlan 180
connected computer A to port g1 with static IP 192.168.70.200 mask 255.255.255.0 gateway 192.168.70.3
connected computer B to port g2 with static IP 192.168.180.180 mask 255.255.255.0 gateway 192.168.180.3
i then go into routing, static routing: I see the destination IP of 192.168.70.0 /24 as local route type and same for 192.168.180.0 /24 as local route type
on computer A I ping the gateway of 192.168.70.3 and it works
on computer B I ping the gateway of 192.168.180.3 and it works
problem is that they cannot ping each other, windows firewall is off on both computer.
If I do a tracert on any of the computer it reach the default gateway but then times out on the second hop.
any suggestion of what I might have done wrong and solution to fix the problem would be appreciated.
Edit: here is the running config if it might help:
Cisco-SGE2010# show running-config
vlan database
vlan 70,180
exit
interface range ethernet g(1,26)
switchport access vlan 70
exit
interface ethernet g2
switchport access vlan 180
exit
interface vlan 70
name printer
exit
interface vlan 180
name wireless
exit
interface vlan 1
ip address 192.168.2.3 255.255.255.0
exit
interface vlan 70
ip address 192.168.70.3 255.255.255.0
exit
interface vlan 180
ip address 192.168.180.3 255.255.255.0
exit
hostname Cisco-SGE2010
snmp-server location here
snmp-server contact Me
Cisco-SGE2010#
Solved! Go to Solution.
12-19-2011 06:30 AM
If you can ping both the switches interface the routing is working. You might have to disable the Windows firewall or open up the firewall to allow ICMP from a different subnet. Windows Vista and 7 by default will block ICMP from any other subnet then thier own.
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
12-16-2011 01:58 PM
Hello Dany,
Thank you for using the community forums.
Have you tried from the 70.x network to ping the 180.3 ? or vise versa? 180.x to the 70.3?
Is there an entery for both computers on the switches arp table?
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
12-16-2011 02:42 PM
Hi, thanks for the reply, yes I did try to ping the other vlan gateway and I do get an answer from it, I also tried from whithin the swith to ping or trace to any of the computer and I don't get any response. As for the arp table I think there were entry there but I can't confirm as I left the office already.
12-19-2011 06:30 AM
If you can ping both the switches interface the routing is working. You might have to disable the Windows firewall or open up the firewall to allow ICMP from a different subnet. Windows Vista and 7 by default will block ICMP from any other subnet then thier own.
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
12-19-2011 06:52 AM
Hi, when I do a tracert to the second vlan IP, I get a reply from on the first link:
from the 192.168.70.200 client I do tracert 192.168.180.3
1 <1 ms 4 ms 4 ms 192.168.180.3
this tells me that I do not actually "reach" the 2nd gateway but instead the switch just reply saying "hey this ip is me so lets reply"
Still from the 192.168.70.200 client I do tracert 192.168.180.180 (computer b ip)
1 < 1 ms 4 ms 4ms 192.168.70.3
2 * * * delay expired (translated from french computer)
3 * * * delay expired (translated from french computer)
this gets me thinking that the switch isn't even talking to itself. Also from whithin the switch I cannot do a traceroute to any of the connected computer or gateway. I always get the answer host unreachable when trying to traceroute the gateway and * * * when trying to traceroute the client.
12-19-2011 12:11 PM
Hi, thanks for the head up, I had windows firewall disable but only for domain profile so when the computer was losing connection to domain to connect on new switch firewall was showing disable for but only for domain profile while I was currently not connected to domain profile and this lead to confusion. Which cisco helped me to figure out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide