11-21-2011 08:55 AM - edited 03-07-2019 03:30 AM
Using one 3560 switch, I would like to create 3 vlans. As follows
vlan 5 10.10.10.2 255.255.255.252
vlan 10 10.0.0.1 255.255.255.0
vlan 20 10.1.0.1 255.255.255.0
vlan 5 connects the switch to a PIX for internet connection. PIX is asigned 10.10.10.1 255.255.255.252
Workstation A 10.0.0.15 is in vlan 10.
Workstation B 10.1.0.15 is in vlan 20.
Both workstations have the correct vlan svi ip address as their default gateway.
I can ping the workstations from one and another yet I can not ping the PIX 10.10.10.1 from either workstation. I can ping the PIX from the switch however.
IP routing is enabled on the switch.
I have a static route as: ip route 0.0.0.0 0.0.0.0 10.10.10.1 in the switch.
What am I missing?
11-21-2011 09:18 AM
Does your PIX have a route to the two workstation networks (10.1.0.0 and 10.0.0.0)?
I assume you're using a regular ping (ping 10.10.10.1) from the switch to ping the PIX. In this case, the switch likely sources the ping from the 10.10.10.0 network, which is directly connected to the PIX so the PIX has a route. However, you will need some method for the PIX to know of the route to the other networks (whether static or dynamic).
11-21-2011 09:23 AM
No other than the route outside 0.0.0.0 0.0.0.0 66.94.83.201 1 defined in the PIX which points to the 2620 router connected to OUTSIDE ethernet 0. No routes for the networks I created in the switch.
Do i need to create routes when pinging INSIDE ethernet 1 of the PIX from the workstations?
WHOOPS... This what happens when trying to eat my lunch and respond. I hadn't seen the last part of your reply.
THANKS.
11-21-2011 09:32 AM
Every device needs a route to networks other than the ones to which it is directly connected. Most end stations get a route via a default gateway (as in the case of your workstations). Your PIX will also need a route to any network that it is not directly connected to. You have several options that will depend on your particular setup, but the most likely are:
1) Add two static route statements to the PIX (one for each Workstation network...pointing to the VLAN 5 SVI of the switch as the next-hop)
2) Add a default route statement to the PIX pointing to the VLAN 5 SVI of the switch (probably not as useful; depending on your set-up, you'll probably want a default route to something upstream of the PIX)
3) Use a routing protocol on your internal network to distribute routes (may not be as useful if this is the extent of your network)
Given only the info provided, I'd suggest adding two static route statements to the PIX. That is the low-cost solution.
Update: Our replies crossed - no problems! Feel free to holler if anything else pops up!
11-21-2011 09:55 AM
On the PIX I entered:
route inside 10.0.0.0 255.255.255.0 10.10.10.2 1
route inside 10.1.0.0 255.255.255.0 10.10.10.2 1
I'm able to ping now.
Thanks
11-21-2011 09:59 AM
Great!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide