Finding an issue inside the same vlan

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2016 12:57 AM - edited 03-08-2019 05:56 AM
Hello Folks,
I faced recently an issue where there is a vlan 40 with ip address 172.16.0.0/23 and int vlan 40 is 172.16.1.1/23.There is also a firewall with ip 172.16.1.2/"24" int the same vlan.
There are users and some test servers also in the same vlan.
Issue:- Users in 172.16.0.3-171.16.0.254 is able to ping servers in 172.16.1.0-172.16.1.254.But users in 172.16.1.0-254 is not able to ping servers in 172.16.1.0-254.
eg:172.16.0.100 is able to ping server 172.16.1.150 but 172.16.1.100 is not able to ping server 172.16.1.150.
Customer told -after removing a newly created ip sec tunnel in firewall issue got resolved.
I am trying to find out why the packet went to firewall for the above traffic flow.
Regards
Gireesh
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2016 06:05 AM
Because the networks overlap!
Martin

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2016 06:58 AM
Hello Martin,
Subnet is 172.16.0.0/23 and the subjected users and server is in same subnet even if 172.16.1.X or 172.16.0.x
Gireesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2016 08:11 AM
The Firewall is on a different network, which overlaps with the other.
Is it a PVLAN?
Martin

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 08:22 AM
no pvlan.Firewall is in same vlan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2016 08:13 AM
Network connectivity is always going to be strange when you have devices within the same address range but they are using different subnet masks . This is a no no and will lead to unpredictable results .

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2016 08:21 AM
yeah,but customer is having this config from years and its under revamp
