Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1022
Views
0
Helpful
4
Replies

Having trouble getting outside of network on VLAN's

adammucci
Level 1
Level 1

‎11-14-2013 08:12 AM - edited ‎03-07-2019 04:36 PM

I'm having trouble pinging any ip address outside of my network from a pc on a vlan. I have attached the running configs of both my 3550 switch and 2821 router. The router sits behind the sonicwall. From a pc on a vlan, I can only ping as far as Gi0/0 (which connects to the sonicwall) port on the router. On the router I can ping just about anywhere. The attached JPEG shows my current test environment. Any suggestions on how to get the PC's to connect outside the LAN?

R1#sh run

Building configuration...

Current configuration : 1721 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$rYd/$LU1RKfJhDIn4okW4O1W6..

!

no aaa new-model

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

no ip domain lookup

ip domain name test.com

multilink bundle-name authenticated

!

!

!

!

!

!

username admin privilege 15 secret 5 $1$7h0q$STnBytgXA43SfgkSTccEQ1

archive

log config

  hidekeys

!

!

ip ssh version 2

!

!

!

interface GigabitEthernet0/0

ip address 192.168.199.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface GigabitEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

!

interface GigabitEthernet0/1.30

encapsulation dot1Q 30

ip address 192.168.30.1 255.255.255.0

!

interface GigabitEthernet0/1.40

encapsulation dot1Q 40

ip address 192.168.40.1 255.255.255.0

!

interface GigabitEthernet0/1.50

encapsulation dot1Q 50

ip address 192.168.0.1 255.255.255.0

!

interface GigabitEthernet0/1.100

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

!

interface GigabitEthernet0/1.120

encapsulation dot1Q 120

ip address 192.168.120.1 255.255.255.0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.199.254

!

no ip http server

no ip http secure-server

!

!

!

!

control-plane

!

!

line con 0

password cisco

login

line aux 0

password cisco

login

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

scheduler allocate 20000 1000

end

--------------------------------------------------------------------------------------

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.199.254 to network 0.0.0.0

C    192.168.120.0/24 is directly connected, GigabitEthernet0/1.120

C    192.168.30.0/24 is directly connected, GigabitEthernet0/1.30

C    192.168.10.0/24 is directly connected, GigabitEthernet0/1.10

C    192.168.40.0/24 is directly connected, GigabitEthernet0/1.40

C    192.168.199.0/24 is directly connected, GigabitEthernet0/0

C    192.168.20.0/24 is directly connected, GigabitEthernet0/1.20

C    192.168.0.0/24 is directly connected, GigabitEthernet0/1.50

C    192.168.100.0/24 is directly connected, GigabitEthernet0/1.100

S*   0.0.0.0/0 [1/0] via 192.168.199.254

--------------------------------------------------------------------------------------

BELL24#sh run

Building configuration...

Current configuration : 4967 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BELL24

!

enable secret 5 $1$l/s.$5b6l8yQuCNYcZNkduck1x1

!

username admin privilege 15 secret 5 $1$4fSj$WsHF2dtSO/yZyODRB0gJw0

no aaa new-model

ip subnet-zero

ip domain-name test.com

!

!

!

crypto pki trustpoint TP-self-signed-2469554432

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2469554432

revocation-check none

rsakeypair TP-self-signed-2469554432

!

!

crypto pki certificate chain TP-self-signed-2469554432

certificate self-signed 01

  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32343639 35353434 3332301E 170D3933 30333031 30303031

  30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34363935

  35343433 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100E45C 066BC268 249E98FA 28EB2F1A CD4FC0FA ACAC5AA4 D3735A0C C500BA25

  1215A37E 97BEFA53 E57A6C2B 6E5C2D22 1CD77E67 64BB56F4 4E515EE7 6C5C97EA

  7C75AA96 68D84D6D F3440DFF 9729E9D0 C842D935 3BDA2D4F 9F165327 97C1F320

  7C82FBFB C8786AA0 7733BF3F 758D5675 F1B7AC9D 067C707A 642BC996 D96976F2

  7BFB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603

  551D1104 13301182 0F42454C 4C32342E 74657374 2E636F6D 301F0603 551D2304

  18301680 14CC7E72 A8F96231 04F28B6A B06DE62B B9C27879 9E301D06 03551D0E

  04160414 CC7E72A8 F9623104 F28B6AB0 6DE62BB9 C278799E 300D0609 2A864886

  F70D0101 04050003 81810007 CCB0945F ED46FBCE 6D269190 BEC49A34 1F5479C0

  3AECECCA C5F5828D 3CBAC389 D9FA208A EAAB1790 E9ADD129 BB4D3D68 0086A0AE

  C09C86EA E3C9E96A C298A8F2 273AF67A 45172668 27280F3C 47B4EFCA 2FE976D6

  00C4D368 B6D5CC50 388881E2 229E3E82 B67F90DA FB54B67F 846872F3 2268FAEF

  4200C58F B2EC3E0D 51D7A0

  quit

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

ip ssh version 2

!

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/4

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/5

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/6

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/7

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/8

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/9

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/10

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/11

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/12

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/13

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/14

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/15

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/16

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/17

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/18

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/19

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/20

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/21

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/22

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/23

switchport access vlan 30

switchport mode access

shutdown

!

interface FastEthernet0/24

switchport access vlan 30

switchport mode access

shutdown

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

shutdown

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

no ip address

!

interface Vlan20

no ip address

!

interface Vlan30

no ip address

!

interface Vlan40

no ip address

!

interface Vlan50

ip address 192.168.0.38 255.255.255.0

!

interface Vlan100

no ip address

!

interface Vlan120

no ip address

!

ip default-gateway 192.168.10.1

ip classless

ip http server

ip http secure-server

!

!

control-plane

!

!

line con 0

password cisco

login

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

end

--------------------------------------------------------------------------------------

Labels:
Preview file
86 KB
0 Helpful
4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

‎11-14-2013 10:31 AM

Hi,

-is the sonic wall natting all these vlans ?

-does sonicwall have routes towards these vlans?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

adammucci
Level 1
Level 1
In response to cadet alain

‎11-14-2013 11:16 AM

Our ISP does all our NATing for us. I haven't checked the sonicwall for routes, since it was configured by someone else. Do you think the routing table looks correct? I figured my default route could have been wrong, therefore no packets would get past the gateway. But even though the 192.168.199.x subnet is directly connected to the router, why is it that I cannot ping 192.168.199.254 from a PC? I thought the router would forward the ping to the correct network if it shows up in the routing table.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to adammucci

‎11-14-2013 11:26 AM

Adam

It may be that firewall is configured not to respond to pings. Your routing table looks fine.

When you say you can ping just about anywhere from the router i assume you mean the internet ? If so this supports Alain's post because when you ping from the router the source address is 192.168.199.1 and the sonicwall knows how to reach this address because it also on the same subnet.

But the sonicwall probably doesn't know about the internal subnets so it can't route back to them.

Edit - actually scrap all that. There are too many variables and the sonicwall may not be configured to allow 192.168.1.199 through. So best to check the firewall for routes as previously mentioned.

Jon     

0 Helpful

adammucci
Level 1
Level 1
In response to Jon Marshall

‎11-15-2013 11:30 AM

Problem has been solved. Thanks for everyone's help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card