Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
5
Replies

Just starting out. VLAN issues.

mconway
Level 1
Level 1

‎11-21-2011 08:55 AM - edited ‎03-07-2019 03:30 AM

Using one 3560 switch,  I would like to create 3 vlans. As follows

vlan 5          10.10.10.2      255.255.255.252    

vlan 10        10.0.0.1          255.255.255.0

vlan 20        10.1.0.1          255.255.255.0

vlan 5 connects the switch to a PIX for internet connection.  PIX is asigned 10.10.10.1 255.255.255.252

Workstation A 10.0.0.15 is in vlan 10.

Workstation B 10.1.0.15 is in vlan 20.

Both workstations have the correct vlan svi ip address as their default gateway.

I can ping the workstations from one and another yet I can not ping the PIX 10.10.10.1 from either workstation.  I can ping the PIX from the switch however.

IP routing is enabled on the switch.

I have a static route as:  ip route 0.0.0.0 0.0.0.0 10.10.10.1 in the switch.

What am I missing?

Labels:
0 Helpful
5 Replies 5

Edwin Summers
Level 3
Level 3

‎11-21-2011 09:18 AM

Does your PIX have a route to the two workstation networks (10.1.0.0 and 10.0.0.0)?

I assume you're using a regular ping (ping 10.10.10.1) from the switch to ping the PIX. In this case, the switch likely sources the ping from the 10.10.10.0 network, which is directly connected to the PIX so the PIX has a route.  However, you will need some method for the PIX to know of the route to the other networks (whether static or dynamic).

0 Helpful

mconway
Level 1
Level 1
In response to Edwin Summers

‎11-21-2011 09:23 AM

No other than the route outside 0.0.0.0 0.0.0.0 66.94.83.201 1  defined in the PIX which points to the 2620 router connected to OUTSIDE ethernet 0.   No routes for the networks I created in the switch.  

Do i need to create routes when pinging INSIDE ethernet 1 of the PIX from the workstations?

WHOOPS... This what happens when trying to eat my lunch and respond.  I hadn't seen the last part of your reply. 

THANKS.

0 Helpful

Edwin Summers
Level 3
Level 3
In response to mconway

‎11-21-2011 09:32 AM

Every device needs a route to networks other than the ones to which it is directly connected.  Most end stations get a route via a default gateway (as in the case of your workstations).  Your PIX will also need a route to any network that it is not directly connected to.  You have several options that will depend on your particular setup, but the most likely are:

1) Add two static route statements to the PIX (one for each Workstation network...pointing to the VLAN 5 SVI of the switch as the next-hop)

2) Add a default route statement to the PIX pointing to the VLAN 5 SVI of the switch (probably not as useful; depending on your set-up, you'll probably want a default route to something upstream of the PIX)

3) Use a routing protocol on your internal network to distribute routes (may not be as useful if this is the extent of your network)

Given only the info provided, I'd suggest adding two static route statements to the PIX.  That is the low-cost solution. 

Update:  Our replies crossed - no problems!  Feel free to holler if anything else pops up!

0 Helpful

mconway
Level 1
Level 1
In response to mconway

‎11-21-2011 09:55 AM

On the PIX I entered:

route inside 10.0.0.0 255.255.255.0 10.10.10.2 1

route inside 10.1.0.0 255.255.255.0 10.10.10.2 1

I'm able to ping now. 

Thanks

0 Helpful

Edwin Summers
Level 3
Level 3
In response to mconway

‎11-21-2011 09:59 AM

Great! 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card