Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
5
Helpful
8
Replies

Vlan with variable subnet problem

h-kholghi
Level 1
Level 1

‎04-09-2009 05:40 AM - edited ‎03-06-2019 05:05 AM

Hello All,

I have a strange problem and I hope someone here can help me. Here is a brief explanation of the problem:

I have a Cisco 3550 layer 3 switch, which is configured with multiple Vlans and inter Vlan routing is enabled. Most of the Vlans have class C IP subnet (i.e, 192.168.2.0/24)addressing schemes and are working just fine.  The clients that are members of these Vlans can access the resources in other subnets and access the Internet.  I have a Vlan (named ExternalWiFi) that has an IP subnet scheme of 192.168.12.0/22 and is acting a bit strange. The member workstations of this Vlan, which receive an IP address within the range of 192.168.12.1 through 192.168.12.254, can access other Vlan resources as well as accessing the Internet.  But, the clients who get an IP address in the range of 192.168.13.1 through 192.168.15.254 can't access the Internet. This Vlan is configured with the address of the dhcp server just like the other Vlans.  The dhcp server is running on a Windows 2000 SP4 server and here is the info about the addressing scheme of ExternalWiFi vlan:

Network:  192.168.12.0/22

Broadcast: 192.168.15.255

Gateway address: 192.168.12.1

Here is the result of the test that I did:

I put a host in ExternalWiFi Vlan and gave it a static IP address of 192.168.13.2/22 with gateway address of 192.168.12.1. I was able to ping hosts in same Vlan and other Vlans without any problem but I was not able to ping the host 192.168.2.3. This is the internal IP address of our firewall device and it is connected to port 3 of Cisco 3550 switch.

What do I need to do?

Thanks in advance,

Hossein Kholghi

Labels:
0 Helpful
8 Replies 8

Jerry Ye
Cisco Employee
Cisco Employee

‎04-09-2009 05:48 AM

Hi Hossein,

Can you post the output of show ip route from your 3550 switch.

Regards,

jerry

0 Helpful

h-kholghi
Level 1
Level 1
In response to Jerry Ye

‎04-09-2009 05:54 AM

Here is the result of show ip route:

AFS-3550#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.2.3 to network 0.0.0.0

C 192.168.4.0/24 is directly connected, Vlan4

C 192.168.5.0/24 is directly connected, Vlan5

C 192.168.1.0/24 is directly connected, Vlan2

C 192.168.2.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 [1/0] via 192.168.2.3

C 192.168.12.0/22 is directly connected, Vlan7

C 192.168.8.0/22 is directly connected, Vlan6

C 192.168.16.0/22 is directly connected, Vlan8

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to h-kholghi

‎04-09-2009 05:58 AM

Hi,

I don't see anything wrong on your switch. Can we check the routing table of the FW? Also, I am assuming you can ping your FW from other /24 VLAN's right?

Regards,

jerry

0 Helpful

h-kholghi
Level 1
Level 1
In response to Jerry Ye

‎04-09-2009 06:45 AM

Hi Jerry,

I have no problem pinging the FW from other /24 Vlans and I am also able to ping the FW from a host with an ip address in range of 192.168.12.1 through 192.168.12.254. The problem starts when client gets an ip address of 192.168.13.1 and above. I am very sure the same problem applies to our other /22 Vlans.

Our FW routes 192.168.12.0/22.

Regards,

Hossein

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to h-kholghi

‎04-09-2009 06:57 AM

Hi Hossein,

I see you have another another /22 VLAN on 192.168.8.0/22. I am assuming you don't have any problem on this one. Can you confirm?

Regards,

jerry

0 Helpful

h-kholghi
Level 1
Level 1
In response to Jerry Ye

‎04-09-2009 07:05 AM

Hi Jerry,

I am very sure that I have the same problem with 192.168.8.0/22 subnet. The configuration of 192.168.8.0/22 and 192.168.12.0/22 subnets are similar.

Regards,

Hossein

0 Helpful

h-kholghi
Level 1
Level 1
In response to h-kholghi

‎04-09-2009 07:45 AM

Hi Jerry,

I checked our FW again and there it was the problem. The subnet 192.168.12.0 had subnet mask of 24 instead of 22. Once I changed it to /22 the clients were able to access the Internet.

We recently replaced our FW device and I am finding my ways with the new device.

Thanks for your help.

Hossein

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to h-kholghi

‎04-09-2009 07:51 AM

Hi Hossein,

I am glad that your problem is solved.

Regards,

jerry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card