thanks for your reply, yes desktop is directally connected to the switch. i can able to ping my default gateway. as well as other computer in vlan 10.

from switch console i can able to ping 172.16.0.11 but from desktop. i cannot ping this host.

L3->172.16.0.254 (fa0/48)->172.16.0.11 succesfully ping 172.16.0.11 is connected to plane switch

Desktop (vlan)->default gateway(succesffull)-> 172.16.0.11 (fail)

your responce is highly appriciated

So just to clarify, the desktop is on VLAN 10? I see the following configuration for VLAN 10.

interface Vlan10

ip address 172.16.10.1 255.255.254.0

Is this desktop statically configured or does it get its IP configuration from DHCP?

ip default-gateway 172.16.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

Your default route is to 172.16.0.250. If you look at your routing table the following networks go es to 172.16.0.250.

172.16.0.11/32

192.168.11.0/24

0.0.0.0/0

Notice that you have a /32 route for 172.16.0.250/32 going to Fa0/48

So your default route and default gateway are going to Fa0/48.

Since everything is going to 172.16.0.250 why not just leave the default route going to 172.16.0.250. But if it's just

going to Fa0/48 its going to die at that switch.

Thanks John for reply,

since we are going to implement layer 2 and layer 3 switched in our network. we have buy layer 3 switch. all our existing network are working in 172.16.0.0/255.255.248.0 subnet. since our branches are located diffrent location we have decided to implement network one by one.

here u can see i have created a vlan. as of now all client are going throug a firewall having IP address 172.16.0.250 for internet access.

i have given 172.16.0.254 ip to fa0/48. fa0/48 is directally connected to a plane switch and plane switch is connected to 172.16.0.250(firewall interface).

please correct me if i'm making some mistake.

i have remove below mention route

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

only available route is

ip route 0.0.0.0 0.0.0.0 172.16.0.250(all unknow traffic passed from this address)

since from switch i can able to ping my all network computer as well as branches (192.168.x.x). i guess this is fine but there is something went wrong which is not allowing vlan computer to use fa0/48 to send traffic outside (may be some broadcast preventing mechanism)

yes all computer IPs are manually configure.

do it need some kind of reverce route?

thanks once again.

Alright, I'm getting confused here. Can you give me a little ASCII diagram of this setup?

Also, "not allowing vlan computer) to send traffic outside? Is it able to communicate to anything outside

of its local network or is it just not using that specific IP to access the outside? What is the VLAN os this desktop that can send traffic outside (VLAN number and network).

Here we go,

pc1 belong to vlan 8 ip 172.16.8.2 (vlan 8 ip 172.16.8.1)

pc2 belong to vlan 10 ip 172.16.10.2 (vlan 10 ip 172.16.10.1)

ping from pc1 to pc2 --ok

ping from l3 to FW (172.16.0.250) and pc3 (172.16.0.11)-- ok

ping from pc1 to fw and pc3 not working.

ping from pc2 to fw and pc3 not working.

since i dont have diagram tool available with me. i am sending you a raw digaram hop this will help.

thanks

please lee me know incase any other info needed.

Hi,

see vlan 8 and vlan 10 are in the same switch so intervlan routing is happening and its pinging. but the vlan at the other switch you are not able to ping because you have connected the switch1 (valn 8 & 10) to switch 2 using a routed interface. Also you have pointed defailt route as a firewall interface ip. So when you ping to  172.16.0.11 it will go to firewall and get dropped.  You can remove that routed interface f0/48 and connect

On the Plane switch are their routes going back to the L3 switch? P1 and PC2 can communicate, which suggests that their is bi-directioanl inter-vlan communication. But the failure seems to be in bi-directioan communication from L2 to Plane switch.

Hello John,

if i'm not making mistake than plan switch boradcast the traffic. i have tryied to ping 172.16.0.254 which is fa0/48 ip from 172.16.0.11and it is working.

i guess we cannot defing route from plan switch to L3 switch.

On the VLAN1 interface, try putting the IP address that is associated with Fa0/48 on it. Do a 'no ip address on Fa0/48 and see what happens. Once that is done, ping 172.16.0.250 with a source of 172.16.0.254.

The IP which you try to ping is not in the broadcast domain. It will be forwarded to the default route defined in the switch and then it will get dropped. You are able to ping the Ip address which is assigned in fa0/48 of l3 switch from that PC because that was present in the broadcast domain of the plain l2 switch. For this you need to the same vlan subnet created on the l3 switch and advertised to have the intervlan routing happen. Else the packet will get forwarded to the default route and the firewall/router drops the packet.