Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
1
Helpful
6
Replies

Unable to Ping Out From Specific VLAN

pinko
Level 1
Level 1

‎10-17-2023 06:14 AM

Hi. We're having an issue with a particular VLAN on our network. To summarise - we have a Cisco switch connecting to a non-Cisco firewall. The switch's MGMT IP is on the VLAN (100), with the gateway of that VLAN sitting on the firewall.

VLAN 100 is allowed on the list of trunks between switch and firewall. From the switch we can ping the VLAN 100 gateway on the firewall but we cannot ping 8.8.8.8.

Our switch config is as follows:

int vlan 100

ip address 10.10.100.10 255.255.255.0

ip default-gateway 10.10.100.1

Like I say, we can ping 10.10.100.1 from the switch, but we cannot ping back to 10.10.100.10 from the firewall. This is the same setup we have in our other offices so I'm struggling to understand what we're missing. We have changed firewall vendor but nothing else has changed from the Cisco side. Thanks very much.

Labels:
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎10-17-2023 06:18 AM

Is the switch acting as Layer 2 ? - you have not provided is this only vlan available in the switch ? what switch model and IOS running ?

May be try changing default to ip route as below and test it

no ip default-gateway 10.10.100.1

ip route 0.0.0.0 0.0.0.0 10.10.100.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

pinko
Level 1
Level 1
In response to balaji.bandi

‎10-17-2023 06:26 AM

Hi. Sorry I should have said - it's a L2 switch which also has another VLAN on (as well as the usual VLAN1 which is shutdown). As for version I'll have to check again when I get access to a switch. It is a 2960X switch

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to pinko

‎10-17-2023 07:31 AM

try that suggested and let me know how it goes ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎10-17-2023 09:58 AM

When I looked at the title of the post and saw "unable to ping out" my first reaction was that it was likely an issue about address translation. When the OP stated that the switch was able to ping the firewall I thought Yes that sounds like a NAT issue. But then the post says "we cannot ping back to 10.10.100.10 from the firewall". That certainly is not a NAT related issue. So it now sounds more like some issue with policies on the firewall. What can you tell us about the firewall?

When you attempt to ping from the switch to outside are there any log messages generated on the firewall?

HTH

Rick
0 Helpful

pinko
Level 1
Level 1

‎10-19-2023 05:40 AM

Hi. I figured it out - we needed to specify the native VLAN on the port! Thanks a lot for the replies.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to pinko

‎10-19-2023 08:07 AM

Glad you able to solve, since you put us in dark what config applied on that device, so we are trying if and buts to fix

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card