strange L3 switching problems

Unanswered Question
Sep 30th, 2008

I'm currently converting our existing flat network topology to a L3 switched topology and have configured 1 test area at this point. The core 6509 switch has 2 vlans, vlan 1 is the existing flat vlan containing most users, servers and firewall. vlan 200 is the trunk link between the 6509 and a 4506 destribution layer switch. the 4506 has 3 vlans, vlan 1 which is l2 only, vlan 200 being the interface in the trunk vlan, and vlan 10 for future users. i have two laptops in the vlan 10 connected to a 2960G which is connected to a trunk port on the 4506 switch. One of the laptops is linux, the other is windows xp. both laptops can obtain an IP address from the DHCP server (a helper address is configured on the 4506 on the vlan 10 SVI). the linux pc can connect to the internet, resolve hostnames from DNS, ping and traceroute to everything. the windows pc can ping vlan 10 and vlan 200 SVI's but cannot ping or traceroute to anything in vlan 1. it can however tracroute to external IP addresses, which means it can route through vlan 1 to get past the firewall but can't route to vlan 1. the only differences in addressing are vlan 10 and 200 have masks of 255.255.255.0 and vlan 1 has masks of 255.255.252.0 but this isn't a problem for the linux pc. i'm stumped as both pcs are obtaining the same information from DHCP but one has full connectivity and the other doesn't. i've also tried a different windows laptop but get the same results so its not the laptop itself. any clues?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Thu, 10/02/2008 - 00:32

Hello Damon,

first of all this looks like to be a problem with a specific s.o. on DHCP client.

So for start I would do:

get all info about the linux pc :

ip address, GW and so on

compares with the output of

ipconfig /all on the troubled win xp client

a second test to understand if there is any network device filtering

manually configure the win xp pc with the linux box ip address, GW, DNS

verify if using these data the pc can access internet

then later change the ip address to another one

Are the results different ?

Hope to help

Giuseppe

sheikthin Thu, 10/02/2008 - 05:29

Turns out it was a checkpoint problem. i hadn't updated the topology in checkpoint so it was trying to direct traffic to a gateway that was no longer valid even though it wasn't connected. so not i'll have to make sure the topologies are updated on all of our laptop clients before moving them to the new subnet. Thanks for your help though!

Giuseppe Larosa Thu, 10/02/2008 - 22:50

Hello Damon,

you mean you have a checkpoint SW Firewall on each laptop using Win XP?

It is good news to here that you solved your issue, when different end user devices have different behaviuor the problem usually is on them and not on the network

providing feedback about an issue is a good service for eveyone using the forum.

Best Regards

Giuseppe

sheikthin Fri, 10/03/2008 - 04:56

It is Checkpoint VPN client software for remote laptop users. Apparently any time a topology change is made (creating new subnets and moving to new subnets), the topology stored in the VPN client software needs to be updated as well or it continues to point to the incorrect gateway, even though one is not connected to vpn. The good thing is we don't have many laptop users. The bad thing is each laptop needs to be touched to update the topology. Hopefully this thread can come in handy in case anyone else experiences the same issue.

Actions

This Discussion