cannot Routing issue 3750x-12S to 3750E

blee-advds · ‎12-02-2016

I have an issue between a 3750 X fiber and 3750E ethernet switch. The fiber switch was setup as the routing member and the 3750E is a layer 2 . The 3750 E host all the servers on the network the fiber switch is the link to all the IDF closets. All closets are layer 2 and all vans are trunked between each switch. Vlan10, 20 ,30, 40, 50 and clan interface 172.20.vl.1 255.255.255.0 snm for each vlan the issue i have is I cannot access the internet from the ethernet switch. I put an IP on Vlan 1 (native vlan) and can ping the internet from the fiber switch

Firewall 192.168.1.254

Fiberswitch FAo 192.168.1.5 ip route 0.0.0.0 0.0.0.0 192.168.1.254

Vlan 10 SVI 172.20.10.1

Ethernet switch vlan 10 IP 172.20.10.3 default gateway 172.20.10.1 can ping all ip thinks on the ethernet switch but nothing beyond FAo. (the 3750 is layer 2)

I can make the 3750E the router and I think it would resolve the problem without a complicated subverted scenario but need feedback.

cofee · ‎12-02-2016

Hi Blee,

If I understand correctly all end hosts are connected to a layer 2 switch (3750e) and all the inter vlan routing is handled at 3750X. Lets talk about vlan 10, are servers in this vlan/subnet able to ping their default gateway/SVI ip address configured on 3750X? if so, are you able to ping firewall 192.168.1.254 from the fiber switch? Did you make sure that all the SVIs are up on fiber switch?

blee-advds · ‎12-02-2016

I can ping all SVI 172.20.x.1 from either switch. I can not ping 192.168.1.254 from ethernet and when sniffing from fire wall packets never reach the firewall from either net switch. I can however ping FAo 192.168.1.5

mattjones03 · ‎12-02-2016

Hi Blee,

Can you confirm that you are able to ping the firewall from the fibre switch issuing the CLI command I mentioned;

ping 192.168.1.254 source vlan 10

blee-advds · ‎12-05-2016

I can ping from the switch but not sourced from VLAN 10. all SVI are up on the fiberswitch.

mattjones03 · ‎12-05-2016

Hi,

Is there a static route on your firewall, returning traffic to the SVI on your fibre switch.

Example;

route 172.20.10.0 255.255.255.0 192.168.1.5

blee-advds · ‎12-05-2016

I have since rebuilt the network and routed everything via the Ethernet switch. I entered a no switch port on gi1/0/17 and off to the races. never did figure out why it didn't route the other way but thanks for all the input.

cofee · ‎12-02-2016

Blee,

How do you uplink to the firewall from 3750x? are you saying that you are not able to ping the firewall from 192.168.1.5 either? and how about inter vlan traffic which is not going through the firewall, is that working properly?

blee-advds · ‎12-05-2016

I uplink from the 3750 VIA FA0 I can ping 8.8.8.8 sourced from vlan 10 but only get a 40% return every time..

cofee · ‎12-05-2016

That patch cable that goes from the fiber switch to firewall might be bad. Can you test and replace it?

mattjones03 · ‎12-02-2016

Hi,

From the fibre switch, if you issue the following command, do you get a reply?

ping 192.168.1.254 source vlan 10

If no, check that your firewall is aware of the route back to 172.20.10.0/24.

I can only assume that your successful response from the fibre switch is being sourced by the VLAN SVI (192.168.1.5) that the firewall (192.168.1.254) resides in.

blee-advds · ‎12-05-2016

I can ping 192.168.1.5 from the switch and from vlan 10. I cannot ping 192.168.1.254 source vlan 10.