cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3412
Views
5
Helpful
7
Replies

Added New VLAN but Cant Ping To/From

_Chris_
Level 1
Level 1

So I have computer with an IP address of 10.92.110.5, this computer sits on VLAN 110. I added this VLAN in all the switches, from default gateway switch to the switch closest to the computer (110.5) itself. I have ADMIN 1(192.168.2.5) which is considered our default gateway switch but when I try to ping 110.5 I get nothing, same vice versa. What other config am I missing? I thought just adding the VLAN 110 would get me pinging but its not working. The traffic path goes ADMIN1 > ADMIN2 > ADMIN3 > DELL CORE 1/2 >VMWARE SERVER > PC 10.92.110.5

 

Also I am having trouble assigning the default gateway to the PC. I know I cannot give it the 2.5 gateway so I gave it a 110.1 as the gateway. How can my PC know where to find 110.1 as the gateway? 

 

TRAFFIC.PNG

 

ADMIN 1

IP Address: 192.168.2.5

VLAN 110 is added

 

PC

IP Address 10.92.110.5

 

hostname Admin-1

aaa session-id common
clock timezone PDT -8 0
clock summer-time PDT recurring
system mtu routing 1500
vtp domain AVTA
vtp mode transparent
no ip source-route
ip routing
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
no ip domain-lookup
!
ip dhcp excluded-address 192.168.25.1 192.168.25.100
ip dhcp excluded-address 192.168.45.0 192.168.45.39
ip dhcp excluded-address 192.168.45.201 192.168.45.254
ip dhcp excluded-address 172.16.1.200 172.16.1.254
ip dhcp excluded-address 192.168.10.1 192.168.10.100
ip dhcp excluded-address 192.168.10.103 192.168.10.254
!
ip dhcp pool VOICE
network 192.168.10.0 255.255.255.0
default-router 192.168.10.5
option 150 ip 192.168.10.20 192.168.10.23
option 156 ascii "ftpservers=192.168.10.31, layer2tagging=1, vlanid=10"
option 42 ip 192.168.2.234
dns-server 192.168.2.234
lease 0 1
!
ip dhcp pool WIRELESS
default-router 192.168.25.1
domain-name avta.com
dns-server 192.168.2.234
!
ip dhcp pool GUEST
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 4.2.2.3
domain-name avta.com
lease 0 4
!
ip dhcp pool CONTRACTOR
network 192.168.45.0 255.255.255.0
default-router 192.168.45.1
domain-name avta.com
dns-server 192.168.2.234
lease 0 4
!
ip dhcp pool VOICE-STATIC
host 192.168.10.102 255.255.255.0
client-identifier 0100.087b.0f21.95
!
ip dhcp pool VOICE-STATIC2
host 192.168.10.101 255.255.255.0
client-identifier 0100.087b.0f1f.56
!

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 2,10,15,20,25,35,45 priority 20480
!
vlan internal allocation policy ascending
!
vlan 2
name Data
!
vlan 7
name BOARD-VIDEO-CONF
!
vlan 10
name Voice
!
vlan 15
name SERVERS
!
vlan 19
name TransdevNet
!
vlan 25
name WIRELESS
!
vlan 26
name BUS-VIDEO-WIRELESS
!
vlan 27
name WIRELESS-DATA
!
vlan 28
name General2-WLAN
!
vlan 30
name VIDEO-CONFERENCING
!
vlan 35
name SECURITY
!
vlan 40
name SECURITY-BADGE
!
vlan 45
name CONTRACTOR
!
vlan 110
name DMZ
!
vlan 172
name GUEST
!
vlan 222
name AV-Systems
!
vlan 254
name HAMS-WIRELESS
lldp run
!
ip tcp synwait-time 10
!
interface Port-channel1
description PORT-CHANNEL-TO-OPS-4
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
!
interface Port-channel2
description 2014-TRUNK-TO-ADMIN-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet0/45
description 2014-TRUNK-TO-ADMIN-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
duplex full
channel-group 2 mode on
spanning-tree portfast
!
interface GigabitEthernet0/46
description 2014-TRUNK-TO-ADMIN-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
channel-group 2 mode on
!

!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.5 255.255.254.0
ip helper-address 192.168.2.234
ip helper-address 192.168.15.121

!
interface Vlan110
description DMZ
no ip address
!
interface Vlan127
no ip address
!
interface Vlan172
description GUEST
ip address 172.16.1.1 255.255.255.0
ip access-group 172 in
ip helper-address 192.168.2.234
!
interface Vlan222
description AV-Systems
ip address 192.168.222.1 255.255.255.0
!
interface Vlan254
description HAMS Bus WiFi
ip address 192.168.254.1 255.255.255.0
ip helper-address 192.168.2.234
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 192.168.16.0 255.255.255.0 192.168.2.236 name vzw-endpoints-2821-1
ip route 192.168.16.0 255.255.255.0 192.168.2.237 50 name vzw-endpoints-2821-2
!
access-list 172 remark Guest Access ACL
access-list 172 permit udp any host 4.2.2.1 eq domain
access-list 172 permit udp any host 4.2.2.2 eq domain
access-list 172 permit tcp any host 192.168.2.27 eq 443
access-list 172 deny ip any 192.168.0.0 0.0.255.255 log
access-list 172 permit ip any any
arp 192.168.29.66 0002.6f4e.1b4d ARPA
arp 192.168.29.178 0002.6f4e.1b87 ARPA
arp 192.168.29.188 0002.6f4e.1a71 ARPA
arp 192.168.29.116 0002.6f4e.1cbc ARPA
arp 192.168.29.112 0002.6f4e.1b47 ARPA
arp 192.168.29.114 0002.6f4e.1c6c ARPA
arp 192.168.29.70 0002.6f4e.1b49 ARPA
arp 192.168.29.64 0002.6f4e.1c74 ARPA
arp 192.168.29.190 0002.6f51.17e8 ARPA
arp 192.168.29.158 0002.6f4e.1a70 ARPA
arp 192.168.29.152 0002.6f4e.1c6b ARPA
!
snmp-server community publicv2 RO
!
line con 0
logging synchronous
line vty 0 4
length 0
line vty 5 15
!
end

 

 

 

7 Replies 7

Hello

if you want to route between vlans and you have just created vlan 110 then you need to give the L3 vlan 110 am ip address subnet range 

 

!
interface Vlan110
description DMZ
ip address 10.92.110.1 255.255.255.0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I see. That helped me so now I can ping from the PC to the ADMIN1 but how can I reach the internet? No response when I ping 8.8.8.8

 

 

Hello

What device is servicing your WAN access, Presumably this would be providing your Network Translation (NAT) and do you have administrative access to it?.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Well, our ISP is directly connected to the HP Access switch, which then connects to our firewall. The firewall is then connected to a physical web filter device and then connected to our default gateway switch. So I would say that would be the Palo Alto Firewall. I do have admin access to it.

 

ISP > HP Access Switch > PA Firewall > Barracuda Web Filter > Cisco Default Gateway

 

You do need a default-route that points to Barracuda Web Filter, if every traffic goes via  Barracuda Web Filter.

"ip route 0.0.0.0 0.0.0.0 x" where x is IP-address off Barracuda Web Filter.

 

 

HTH

Mohammed

I do have a route that goes out to the internet. All of my other devices on my network can get online its just this new vlan I created, I cannot get this device online with this new vlan 110.

Do you see a traffic on "Barracuda Web Filter". like the ping you try to "8.8.8.8"

 

Edited:

You have to have a routing back to the switch from "Barracuda Web Filter" to the switch. Check the firewall i you have policy that accepts the new subnet.

 

HTH

Mohammed

Review Cisco Networking for a $25 gift card