Tech Support Guy banner
Status
Not open for further replies.

vlan access problem

2K views 15 replies 2 participants last post by  ndeepu 
#1 ·
Dear All,

Iam using a cisco catalyst 6506 switch. I have defined two vlan interfaces on the switch. one is vlan100 having an ip of 10.0.0.100 and the other is vlan101 with an ip of 10.0.1.100 .

The problem is that iam not able to route the traffic from vlan101 to vlan100
ie iam not able to ping from a machine 10.0.1.40 with gateway 10.0.1.100 , ie vlan101 interface of the switch to a machine in the 10.0.4.0 network

Note : the 10.0.4.0 and the 10.0.0.0 are two networks in two interfaces 10.0.4.200 and 10.0.0.200 respectively of alteon switched firewall
 
See less See more
1
#2 ·
This problem will not be solved without getting a look at the config. The problem is either with your routing or with how the firewall is handling the traffic. Does the firewall allow ICMP? Also, have you set it up to allow the ICMP replies back throiugh the firewall? Have you got an access-list allowing traffic between the VLAN's?
 
#3 ·
Dear Sir,

There is no problem with the ICMP settings of the firewall.

the main problem is this.

from the switch itself if you try pinging 10.0.4.21 with source ip as 10.0.1.100 it is not happening. but if you try with the default ip of the switch as source ie 10.0.0.100 ping is happening,

i tried all possible routes.

can we define route inside any particular VLAN interface?
 
#6 ·
well sir,

i do have a static route in the local machine in the 10.0.4.0 network. the machine ip is 10.0.1.40 and the static route is
route add 10.0.0.0 mask 255.255.0.0 gateway 10.0.1.100


and in firewall a route has been added

route add 10.0.1.0 mask 255.255.255.0 10.0.0.100

and it is working fine..since iam able to telnet from 10.0.4.0 network to 10.0.1.0 n/w but not viceversa.
 
#13 ·
10.0.4.0 is in the 10.0.0.0 network.

I am confused by exactly what it is you cannot do. You initially state that you cannot communicat between VLANS 100 and 101 yet you say you can ping from one side of the switch to the other, which in your diagram are in the two different VLAN's.
 
#14 ·
what i meant is that iam able to ping from 10.0.1.40 to 10.0.0.24 but not 10.0.4.24
and in the core switch we have an option to ping

so when i ping with the interface 10.0.0.100 as the source ip address iam able to ping to 10.0.4.24 but when iam using 10.0.1.100 as the source ip iam not able to ping to 10.0.4.24.

so where should be the problem?

sorry for confusing you
 
#15 ·
In that case the problem must be one of three things:

1. Access-list between VLAN's on the switch
2. Firewall not allowing traffic, or not allowing ICMP
3. Routes between networks (either on the switch or firewall) Remebering that firewalls do not route by themselves.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top