cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
9
Replies
Highlighted
Beginner

2 VLANS Not Quite Communicating

I have 2 VLANS on a Cisco 881 and a Sonicwall TZ210.

Vlan A is 10.0.7.0

VLAN B is 10.0.8.0

Cisco 881:

VLAN A: 10.0.7.10

VLAN B: 10.0.8.11

Sonicwall

VLAN A: 10.0.7.249

VLAN B: 10.0.8.249

In between is 2950 Switches.  Both routers are configured as Trunks on the Switch.

Both subnets can ping each other usign all four IPs as gateways.

However, on both VLANS, we have a few webservers.  When connected to VLAN A as gateway (either the Sonicwall or Cisco) we can see everything we need to only on VLAN A but nothing on VLAN B.  I can ping VLAN B without any issue.

When I try VNC, RDP, or HTTP from VLAN A to B, I get timeout.  It works the same from VLAN B to VLAN A.

I think I may have an ACL issue, but I am not sure.

Thoughts on this?

9 REPLIES 9
Highlighted
Rising star

Re: 2 VLANS Not Quite Communicating

It sounds like either an ACL issue or an addressing issue on VLAN B.  Check the hosts on VLAN B to ensure that they are properly addressed (IP, mask and gateway).  Once you've verified this, we can talk ACL.

Highlighted
Beginner

Re: 2 VLANS Not Quite Communicating

Yes the host are fine and addressed properly

Highlighted
Rising star

Re: 2 VLANS Not Quite Communicating

I'm not too keen on the Sonicwall, but is routing enabled on it?

Highlighted
Beginner

Re: 2 VLANS Not Quite Communicating

Yes routing is enabled on it.

Highlighted
Rising star

Re: 2 VLANS Not Quite Communicating

Any rules filtering traffic between the vlans on the SonicWall?  Any 'access-group' configured on the Cisco SVI?  For grins, do a 'show ip int br | e una' to ensure that both vlans are up/up on the Cisco device.

Highlighted
Beginner

Re: 2 VLANS Not Quite Communicating

Here is the Cisco config

!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
switchport mode trunk
!       
!
interface FastEthernet4
description $ES_WAN$$ETH-WAN$
ip address XXXWAN
ip access-group 102 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.0.7.10 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan2
ip address 10.0.8.11 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
ip default-gateway XXXWAN GATEWAY
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 1 permit 10.0.7.0 0.0.0.255
access-list 2 permit 10.0.8.0 0.0.0.255
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip any any
no cdp run

Highlighted
Beginner

Re: 2 VLANS Not Quite Communicating

After running "show ip int br | e una" both vlans are up.

Highlighted
Rising star

Re: 2 VLANS Not Quite Communicating

Post the output of 'show int trunk'. From what I can see, you may have a trunking issue.

Highlighted
Beginner

Re: 2 VLANS Not Quite Communicating

StarRouter#sh int trunk

Port      Mode         Encapsulation  Status        Native vlan
Fa3       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa3       1-4094

Port      Vlans allowed and active in management domain
Fa3       1-2

Port      Vlans in spanning tree forwarding state and not pruned
Fa3       1-2

Content for Community-Ad