A simple issue, But I am a novice on a 3750

scottcummins · ‎08-30-2017

I have a 3750 I have directly connected to a Sonicwall 9200, the Sonicwall interface is 10.10.50.1255.255.255.252

I created a vlan on the 3750 (vlan 100) with an IP address of 10.10.50.2 255.255.255.252, I assigned port 48 to Vlan 100

I have one other vlan (vlan 250) IP address10.250.250.1 255.255.255.0 and assigned port 33 toit,I connected a laptop to port 33 and gave it an IP address of 10.250.250.198

I can ping all my IP's from the switch including 8.8.8.8,

But cannot ping the other side of the 100 vlan (10.10.50.1) and cannot get out to the internet from the laptop

I have an ip route 0.0.0.0 0.0.0.0 10.10.50.1

am I missing something? i know I am, this seems so basic and I hate to ask

Jonathan Unger · ‎08-30-2017

Hi There,

On the Sonicwall do you have a route going back to your VLAN 250 (10.250.250.0/24) subnet?

Philip D'Ath · ‎08-30-2017

Make sure routing is enabled on the switch with "ip routing".

Does the SonicWall have a route for 10.250.250.0/24 via the 3750 (10.10.50.2)?

Julio E. Moisa · ‎08-30-2017

Hi

Assuming the ip routing is enabled on the switch, you have configured gateway on the laptop and the Sonicwall knows the Laptop's network (because ping is responding), could you please verify the following:

- Have you configured DNS on your laptop?

- Are you able to ping the Sonicwall's IP from the switch?

- Is the Sonicwall configured to allow http/https and/or DNS ports (if you are using public DNS)

- Some firewalls you need to enable the ICMP to ping its interfaces.

Regards.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

scottcummins · ‎08-31-2017

All

Thank you very much for your timely responses

I do have a route on the firewall for the 10.250.250.0/24 it is routed back to the X1 IP (10.10.50.1) NOT 10.10.50.2) but I have the X1 interface gateway set to 10.10.50.2. I also have IP routing enabled on the switch.

I can Ping from the switch allmy VLAN IPs, allmy laptops attached to the switch, the 10.10.50.1 and also 8.8.8.8. But from the connected laptops I cannot ping past 10.10.50.2. I have on the Sonicwall, just for testing the access rule for LAN to WAN as any any permit all.

On the firewall I am using google DNS settings and there is no name server set in the switch,on thelaptops I am currently using 8.8.8.8 as my DNS.

Jon Marshall · ‎08-31-2017

The route on the SonicWall for 10.250.250.0/24 should point to 10.10.50.2.

Jon

Julio E. Moisa · ‎08-31-2017

Hi

The static routes on the firewall should know the internal subnets through the IP 10.10.50.2 (switch)

--> 10.250.250.0 255.255.255.0 10.10.50.2

and you should have a default route

--> 0.0.0.0 0.0.0.0 <ISP next hop IP>

Also you could verify the NAT statement.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Richard Burts · ‎08-31-2017

Several responses have correctly discussed the need to have correct routing from the firewall to the subnet of vlan 250. There has not yet been any mention of Address Translation. Can the original poster verify for us whether the firewall is expecting to do the address translation for the subnet of vlan 250? If not trying to get to the Internet with private addressing is going to be a problem and the 3750 will not be able to solve that issue.

HTH

Rick

HTH

Rick

scottcummins · ‎08-31-2017

To anwser your question, Yes the traffic is forwardedtoan interface that has a public IP and the sonicwall NATs the traffic out, I really appreciate every ones assistance

Richard Burts · ‎08-31-2017

Thank you for confirming that there is address translation for traffic to the Internet. In this case I believe that your issue is about having correct next hops for routes and correct gateways configured.

HTH

Rick

HTH

Rick