I am a newbie on Cisco with limited knowledge, but have read the configuration manuals for the 3550 and 2950 devices. We are in process of changing our network infrastructure substantially.
The problem I am trying to solve is I cannot identify why we cannot access the internet from VLAN's on our 2950's.
I presume I am missing something insanely simple to resolve at this point, but I have been unable to identify what that is.
This is a long post but I wanted to include all the information which I thought was pertinent.
Your assistance is most appreciated.
We have one 3550, three 2950's and firewall with PFSense.
Our physical connections are as follows:
 ->->[PFSense]->[The World]
The 2950's are trunked to the 3550 and we are using a routed interface from the 3550 to connect to the PFSense firewall.
There are (will be) VLANs on each 2950 which are subnetted to /24. The configuation files which follow are not complete but we are using two VLANs for testing, one on 295001 (VLAN7-10.7.7.0/24) and one on 295002 (VLAN9-10.12.12.0/24).
The management VLAN is 1001 on 10.200.1.0/24.
While connected to the management VLAN on the 3550:
We can ping from the 3550 to all VLANs/subnets on the 2950's by hitting their IP as defined in the 3550.
We can ping from the 3550 to the routed IP which connects to the PFSense by hitting its IP (192.168.100.1) as defined in the 3550.
We can ping from the 3550 to the gateway (LAN side of the PFSense box) by hitting its IP (192.168.100.254).
We can ping from the 3550 to IP addresses in "The World".
While connected to a client attached to one of the VLAN's on the 2950's:
We can ping from the 2950 client to the VLAN's IP (i.e. from 10..12.12.100 to 10.12.12.1).
We can ping from the 2950 client to the management VLAN's IP.
We can ping from the 2950 client to the routed IP which connects to the PFSense by hitting its IP (192.168.100.1) as defined in the 3550.
We CANNOT ping from the 2950 client to the gateway (LAN side of the PFSense box) by hitting its IP (192.168.100.254).
We have static routes mapped back to the VLANs from the PFSense box.
We are routing all of our existing public traffic on our existing network infrastructure through the same PFSense box, so we know it is fully active and functioning.
One specific question I do have is should the default-gateways on the 2950's point to 10.200.1.11 (the IP of the managment VLAN) or to 10.100.100.1 (the IP of VLAN1)? I tried it both ways and it did not impact our ability to hit the PFSense box at 192.168.100.254.
I have included detailed configuration information in the attached file.