04-09-2009 05:40 AM - edited 03-06-2019 05:05 AM
Hello All,
I have a strange problem and I hope someone here can help me. Here is a brief explanation of the problem:
I have a Cisco 3550 layer 3 switch, which is configured with multiple Vlans and inter Vlan routing is enabled. Most of the Vlans have class C IP subnet (i.e, 192.168.2.0/24)addressing schemes and are working just fine. The clients that are members of these Vlans can access the resources in other subnets and access the Internet. I have a Vlan (named ExternalWiFi) that has an IP subnet scheme of 192.168.12.0/22 and is acting a bit strange. The member workstations of this Vlan, which receive an IP address within the range of 192.168.12.1 through 192.168.12.254, can access other Vlan resources as well as accessing the Internet. But, the clients who get an IP address in the range of 192.168.13.1 through 192.168.15.254 can't access the Internet. This Vlan is configured with the address of the dhcp server just like the other Vlans. The dhcp server is running on a Windows 2000 SP4 server and here is the info about the addressing scheme of ExternalWiFi vlan:
Network:Â Â 192.168.12.0/22
Broadcast: 192.168.15.255
Gateway address: 192.168.12.1
Here is the result of the test that I did:
I put a host in ExternalWiFi Vlan and gave it a static IP address of 192.168.13.2/22 with gateway address of 192.168.12.1. I was able to ping hosts in same Vlan and other Vlans without any problem but I was not able to ping the host 192.168.2.3. This is the internal IP address of our firewall device and it is connected to port 3 of Cisco 3550 switch.
What do I need to do?
Thanks in advance,
Hossein Kholghi
04-09-2009 05:48 AM
Hi Hossein,
Can you post the output of show ip route from your 3550 switch.
Regards,
jerry
04-09-2009 05:54 AM
Here is the result of show ip route:
AFS-3550#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.2.3 to network 0.0.0.0
C 192.168.4.0/24 is directly connected, Vlan4
C 192.168.5.0/24 is directly connected, Vlan5
C 192.168.1.0/24 is directly connected, Vlan2
C 192.168.2.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.2.3
C 192.168.12.0/22 is directly connected, Vlan7
C 192.168.8.0/22 is directly connected, Vlan6
C 192.168.16.0/22 is directly connected, Vlan8
04-09-2009 05:58 AM
Hi,
I don't see anything wrong on your switch. Can we check the routing table of the FW? Also, I am assuming you can ping your FW from other /24 VLAN's right?
Regards,
jerry
04-09-2009 06:45 AM
Hi Jerry,
I have no problem pinging the FW from other /24 Vlans and I am also able to ping the FW from a host with an ip address in range of 192.168.12.1 through 192.168.12.254. The problem starts when client gets an ip address of 192.168.13.1 and above. I am very sure the same problem applies to our other /22 Vlans.
Our FW routes 192.168.12.0/22.
Regards,
Hossein
04-09-2009 06:57 AM
Hi Hossein,
I see you have another another /22 VLAN on 192.168.8.0/22. I am assuming you don't have any problem on this one. Can you confirm?
Regards,
jerry
04-09-2009 07:05 AM
Hi Jerry,
I am very sure that I have the same problem with 192.168.8.0/22 subnet. The configuration of 192.168.8.0/22 and 192.168.12.0/22 subnets are similar.
Regards,
Hossein
04-09-2009 07:45 AM
Hi Jerry,
I checked our FW again and there it was the problem. The subnet 192.168.12.0 had subnet mask of 24 instead of 22. Once I changed it to /22 the clients were able to access the Internet.
We recently replaced our FW device and I am finding my ways with the new device.
Thanks for your help.
Hossein
04-09-2009 07:51 AM
Hi Hossein,
I am glad that your problem is solved.
Regards,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide