Do you mean I should add this route to the switch at main site that has this LAN and send to 10.45.32.254 which is the route link IP at the remote site?

Hi Nitin,

I'm sorry but are you sure that would help to solve this issue? It seems to me that you would only create route from the switch where the lan already is back to the network of the host that is trying to access it. To put it in another words: the switch where you want to put the ip route command has this network directly conneted. I believe that the problem and solution is somewhere else.

Best regards,

Jan

10.45.16.0/24 is in one VLAN only connected directly to the main site switch.

10.45.16.1 is the default gateway and this is the firewall - also acting as a router for this network.

Normally the hosts on 10.45.16.0/24 has 10.45.16.1 as default gateway but even if I set one to use 10.45.16.252 (the main site switch) it cannot be reached from remote site.

Default gateway for the remote site clients at 10.45.233.0/24 is 10.45.233.1 - the IP of the local VLAN111.

Here are examples of traceroutes:

First one that fails to a host at 10.45.16.80/24

C:\Documents and Settings\Steen>tracert 10.45.16.80

Tracing route to host16 [10.45.16.80]

over a maximum of 30 hops:

  1    <1 ms    <1 ms     1 ms  10.45.233.1

  2    <1 ms    <1 ms    <1 ms  10.45.32.253

  3     *        *        *     Request timed out.

  4     *     ^C

Heres one that goes to 10.45.16.1

C:\Documents and Settings\Steen>tracert 10.45.16.1

Tracing route to 10.45.16.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.45.233.1

  2    <1 ms    <1 ms    <1 ms  10.45.32.253

  3    <1 ms    <1 ms    <1 ms  10.45.16.1

Trace complete.

And the same to 252

C:\Documents and Settings\Steen>tracert 10.45.16.252

Tracing route to switch-cluster [10.45.16.252]

over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  10.45.233.1

  2    <1 ms    <1 ms    <1 ms  switch-cluster [10.45.16.252]

Trace complete.

Here's one that goes to another network beyond the firewall

C:\Documents and Settings\Steen>tracert 10.45.240.20

Tracing route to host3 [10.45.240.20] over a maximum of 30 hops:

  1     2 ms     1 ms    <1 ms  10.45.233.1

  2    <1 ms    <1 ms    <1 ms  10.45.32.253

  3     5 ms     1 ms    <1 ms  10.45.16.1

  4     1 ms    <1 ms    <1 ms  hosts3 [10.45.240.20]

Trace complete.

Lastly one that goes from 10.45.16.80 back to the host on the remote site

C:\Documents and Settings\Steen>tracert 10.45.233.31

Tracing route to host31 [10.45.233.31]

over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.45.16.1

  2     2 ms     1 ms    <1 ms  switch-cluster [10.45.16.252]

   3     5 ms     4 ms     4 ms  10.45.32.254

  4    <1 ms    <1 ms    <1 ms  host31 [10.45.233.31]

Trace complete.

Hi Steen,

Jan suggested that the problem does not seem to be in your network devices' configuration but rather in the configuration of the individual stations you are pinging or tracerouting to. As soon as you have successfully pinged at least one IP adress within the network 10.45.16.0/24 different from the router itself (such as 10.45.16.1), the routing has been proven to work correctly. You now have to inspect the individual stations that do not respond for the reason why they didn't respond:

• Are they configured to respond to pings? Are they using any kind of firewall?
• Do they use a correct default gateway? Does that gateway know how to reach back your network 10.45.233.0/24?

Best regards,

Peter

The hosts are responding to ping from all other networks and no matter what gateway 10.45.16.1 or 10.45.16.252.

I have now found that changing the default gateway on the main site hosts at 10.45.16.0/24 to 10.45.16.252 seems to resolve it.

It must be the ring routing when some hosts use the firewall 10.45.16.1 address and possibly the firewall that drops this traffic.

The firewall does have these routes.

I believe you are on to something but I think that changing all hosts gateway to the main site switch will work as well as separating the firewall.

Thank you for you help.

You're welcome, glad I could help!

-Jason