Re: Cisco 3750-X Stack InterVlan Routing Issue

C0deBreak3r · ‎10-22-2011

Hi all,

Hoping that someone here will be able to help me and point me in the right direction. I have two Cisco 3750-X switches in a stack and I have enabled InterVlan routing. Configuration is as below:

Vlan 99 - Internet Uplink - 192.168.8.1 - Int: 1/0/2 2/0/2

Vlan 100 - Workstations - 192.168.10.1 - Int: 1/0/11 1/0/12 2/0/11 2/0/12

Vlan 101 - VMWare Production LAN - 192.168.11.1 - Int: 1/0/20 2/0/20

Vlan 102 - iSCSI - 192.168.12.1 - Int: 1/0/47 1/0/48 2/0/47 2/0/48 LACP EtherChannel PO1

Vlan 99 is connected via Int: 1/0/2 to a WatchGuard XTM Firebox on LAN Port 1 (Trusted)

Vlan 100 is connected via Int: 1/0/12 to my laptop, 1/0/11 to NetApp BMC #1 and 2/0/11 to NetApp BMC #2

Vlan 101 is connected via Int: 1/0/1 and 2/0/1 to a ESXi test server.

Vlan 102 is connected via Int: 1/0/47 2/0/47 to NetApp Controller #1 and Int: 1/0/48 2/0/48 to NetApp Controller #2

WatchGuard XTM has an IP Address of 192.168.8.254 and has an external port configured with a static IP in PPOE mode with a BT Router connecting out to the Internet. The XTM has static routes configured as follows:

192.168.10.0/24 192.168.8.1

192.168.11.0/24 192.168.8.1

192.168.12.0/24 192.168.8.1

The switch stack has a static default route of 0.0.0.0 0.0.0.0 192.168.8.254 (XTM)

I am able to ping out to the Internet from the XTM, I am able to ping all the Vlan IP addresses from the XTM and devices within those Vlans from the XTM.

I am able to ping the Internet from my laptop (192.168.8.50) and I am able to ping any of the Vlan IP addresses and any devices within the Vlans from my laptop. I can also ping the XTM (192.168.8.254) from my laptop.

I am unable to ping the Internet from any other devices including the switch stack, I am able to ping the XTM from all devices and from the switch stack. On the watchguard syslog I can see deny icmp to Internet from 192.168.8.1 even though icmp is set to allow from any trusted to any external.

Any ideas on what is wrong here? I am no network guy so trying to blah my way through everything here. I do not have access to the switches until Monday so I am unable to post a config from the switch. If you have any specific questions about the config I should be able to answer them.

Many thanks in advance for any help offered.

C

This is just a test environment that I am messing around with before designing and planning the final configuration

Sent from Cisco Technical Support iPad App

Jon Marshall · ‎10-22-2011

Craig

If the XTM can ping all the L3 vlan interfaces and you are able to ping the XTM from all the devices on the switch stack then this strongly suggests this is not a problem with routing on the switch stack.

It sounds like you have an issue with your XTM, whether that be firewall rules or the NAT setup.

Jon

C0deBreak3r · ‎10-22-2011

Thanks for the reply, I have nat setup on the XTM for 192.168.0.0/16, do I need to enable nat on the Switch Interfaces?

Sent from Cisco Technical Support iPad App

Jon Marshall · ‎10-22-2011

edited

Reza Sharifi · ‎10-22-2011

No, as long as you have setup NAT on the firewall, you don't need it on the switch.

BTW, the 3750 does not support NAT.

There seems to be an issue with your firewall since the logs are showing ICMP drops.

HTH

C0deBreak3r · ‎10-23-2011

ok, thanks for the replies, I will go over the config on the XTM tomorrow and see if I can resolve the issue.

Sent from Cisco Technical Support iPad App