vlan access problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
Dear All,

Iam using a cisco catalyst 6506 switch. I have defined two vlan interfaces on the switch. one is vlan100 having an ip of 10.0.0.100 and the other is vlan101 with an ip of 10.0.1.100 .

The problem is that iam not able to route the traffic from vlan101 to vlan100
ie iam not able to ping from a machine 10.0.1.40 with gateway 10.0.1.100 , ie vlan101 interface of the switch to a machine in the 10.0.4.0 network

Note : the 10.0.4.0 and the 10.0.0.0 are two networks in two interfaces 10.0.4.200 and 10.0.0.200 respectively of alteon switched firewall
 
Joined
Aug 12, 2000
Messages
642
This problem will not be solved without getting a look at the config. The problem is either with your routing or with how the firewall is handling the traffic. Does the firewall allow ICMP? Also, have you set it up to allow the ICMP replies back throiugh the firewall? Have you got an access-list allowing traffic between the VLAN's?
 

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
Dear Sir,

There is no problem with the ICMP settings of the firewall.

the main problem is this.

from the switch itself if you try pinging 10.0.4.21 with source ip as 10.0.1.100 it is not happening. but if you try with the default ip of the switch as source ie 10.0.0.100 ping is happening,

i tried all possible routes.

can we define route inside any particular VLAN interface?
 
Joined
Aug 12, 2000
Messages
642
Do you have static routes pointing from 10.0.1.100 to 10.0.4.x? Is there a rule allowing this traffic throught the firewall and back again?
 

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
well sir,

i do have a static route in the local machine in the 10.0.4.0 network. the machine ip is 10.0.1.40 and the static route is
route add 10.0.0.0 mask 255.255.0.0 gateway 10.0.1.100


and in firewall a route has been added

route add 10.0.1.0 mask 255.255.255.0 10.0.0.100

and it is working fine..since iam able to telnet from 10.0.4.0 network to 10.0.1.0 n/w but not viceversa.
 
Joined
Aug 12, 2000
Messages
642
In that case do you have an access-list allowing communication between the two VLAN's? On the core switch.
 

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
i doubt there is a problem in the access list, not sure

since iam not able to ping to 10.0.4.0 network using the 10.0.1.100 interface of the switch as the source ip.

but iam able to ping the machines in 10.0.0.0 network
 

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
ie communication is happening from vlan 10.0.1.100 to vlan 10.0.0.100
 
Joined
Aug 12, 2000
Messages
642
10.0.4.0 is in the 10.0.0.0 network.

I am confused by exactly what it is you cannot do. You initially state that you cannot communicat between VLANS 100 and 101 yet you say you can ping from one side of the switch to the other, which in your diagram are in the two different VLAN's.
 

ndeepu

Thread Starter
Joined
Dec 1, 2004
Messages
21
what i meant is that iam able to ping from 10.0.1.40 to 10.0.0.24 but not 10.0.4.24
and in the core switch we have an option to ping

so when i ping with the interface 10.0.0.100 as the source ip address iam able to ping to 10.0.4.24 but when iam using 10.0.1.100 as the source ip iam not able to ping to 10.0.4.24.

so where should be the problem?

sorry for confusing you
 
Joined
Aug 12, 2000
Messages
642
In that case the problem must be one of three things:

1. Access-list between VLAN's on the switch
2. Firewall not allowing traffic, or not allowing ICMP
3. Routes between networks (either on the switch or firewall) Remebering that firewalls do not route by themselves.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top