I am attempting to configure 3 vlans and have the hosts on each vlan get an IP via dynamic dhcp with unique scopes that I have set up for each vlan ( I am using ip helper-address 10.21.1.50). I also need to have internet access in each vlan.
My core switch is a 6509 running in hybrid mode. I have created the vlans on all switches in the network and have created the svi vlans in the MSFC module in the 6509.
*I have my 5 3560s each trunked to the fiber ports of the 6509 and they show correctly:
*I have a WIN2000 DHCP server on port 3/5 of the 6509 (10.21.1.50)
*DNS is running on the same box (10.21.1.50)
*My firewall/internet filter is 10.21.0.2
My issues are this:
1. I had vlan routing working and was able to ping the gateways of each vlan ( except vlan1) A host on vlan20 was able to ping gateways of vlan30 and vlan40 and also hosts on those vlans. In my attempts to configure internet access I misconfigured something and now have screwed up my vlan routing. GRRRRRRRR!
2. No vlans except vlan1 existed on this network prior to this project, so all devices are still on vlan1 and function correctly at this point. I am trying to get vlan20, vlan30 and vlan40 to perform like vlan1. Once I am at that point I will work on ACLs.
3.My eyes hurt from looking at config after config after config....I think at this point I am numb....I am at my wits end and have overlooked something but have no idea what.
I have attached some config from the 6509 here and also followed it up with a sh run from one of the 3560s.
What is the default-gateway set to on 10.21.1.50.
Can 10.21.1.50 ping the vlan 1 interface. Could you post from the 10.21.1.50 server
Your firewall -
1) Does it have NAT set up on it so the 10.x.x.x source IP addresses are Natted to a public IP
2) Does the firewall know how to get back to the subnets on your 6500 ie. presumably your firewall has a default-gateway pointing to the upstream ISP router. It knows how to get to machines in vlan 1 because it is in that vlan. But it won't know about vlan 20 & 30 subnets so you need to make sure the firewall has routes for this pointing back to vlan 1 interface on 6500.