different subnet connect

eric.huihk · ‎08-03-2007

Please help to solve such case:

Host A is connecting to C2960 which is in turn connected to C4503.

A server is connecting to C4503 also.

Host A IP: 10.114.128.x /24

Server IP: 10.114.128.x /16

C4503 management IP: 10.114.128.x /16

C2960 management IP: 10.114.1.x /16

The whole network is using a flat Lan, i.e. one vlan.

Why Host A cannot access C2960 or C4503 but can communicate with server?

Pavel Bykov · ‎08-03-2007

Host A has wrong mask.

If you have one VLAN, all masks should be consistent in that VLAN. Otherwise it's bad design.

change host's subnet mask to /16

If you want to retain your design (not recommended), then change c2960 management to 10.114.128.x address.

eric.huihk · ‎08-03-2007

Thanks ur reply.

I know it is not standard design, and the network will be amended into same segment later.

But i am wondering why hostA/24 still can communicate with server/16 but i access into C2960/16. The default gateway of hostA and server is pointing to a firewall which is connecting to C4503.

cjnwodo · ‎08-03-2007

Hi,

Having not seen any config, I know for a fact that your server-because it's mask is /16 thinks that host A is on the same LAN and simply ARPs for it. The firewall if it also has a /16 subnet also thinks that Host A is on the same network. Proxy ARP is used by routers to resolve this or in the case where the 4503 and the 2950 [layer 2] they just simply send an ARP broadcast trying to find host A. The server also believes that both the C4503 and 2950 are on the same subnet so it just ARPs for them.

From Host A's perspective, it thinks that the server is on the same LAN because it sees the network 10.114.128.0 as being in the same /24 network. As far as host A is concerned the 2950 is on a totally different subnet.

To do justice to why the host cannot ping the switches we need to know the ip addresses and mask of the firewall.

eric.huihk · ‎08-03-2007

Thanks for ur information.

Here is further information:

Host A: 10.114.128.x/24

2960: 10.114.1.x/16

4503: 10.114.128.x /16

Server: 10.114.128.x/16

Firewall: 10.114.128.x/16

Host A can talk w/ server but not 2960/4503.

cjnwodo · ‎08-03-2007

Hi,

Looking at the details you sent through, I don't beleive there is anyway the host can ever ping the 2950. If the firewall is the default gateway, then it needs a connection to the 2950 on a different VLAN on the 10.114.1.x subnet. Since this doesn't seem to exist I doubt any device would be able to reach the 2950. Pls confirm?

The mystery to me is why the host cannot ping the 4503. Can the server ping the 4503?

eric.huihk · ‎08-03-2007

Since 4503 and 2960 belongs to same subnet /16, so they can talk each other.

i wonder why host A can communicate with Server but not 4503

cjnwodo · ‎08-03-2007

It must be something down at layer 2. Look into the 4503's mac-address-table for host A's mac address, is it there? what port is it pointing to?

Repeat the same process for the 2950 as well as host A- does host A have the mac address of the 4503; does the 2950 have the mac address of the 4503 ?