cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
640
Views
10
Helpful
10
Replies

ACL Ping route Problem.

goransh_pc
Level 1
Level 1

Hello Evreybody,

I have this problem:

I have 4 VLAN in the 3500 Switch, Also DHCP Server, The route between VLAN's are OK.

A PC in the VLAN40 get a valid IP Address, 10.0.40.x/24, my Default Gateway for Internet is the ASA that have 10.0.10.3/24, I configured a static route in my 3500

3500:

   10.0.0.0/24  is subnetted, 4 subnets

C  10.0.40.0  is directly connected, Vlan 40

C  10.0.10.0  is directly connected, FastEthernet 0/1  --> (10.0.10.2)

S* 0.0.0.0/0  [1/0] via 10.0.10.3

In my ASA I configured a static route for

ASA:

S  10.0.40.0/24 [1/0] via 10.0.10.2

I have a DNS server on 10.0.10.5/24

I can ping from VLan40 (10.0.40.x) to 10.0.10.2 (3500 Interface), I can ping from PC in Vlan 40 10.0.40.x to 10.0.10.1 (Default Gateway), I can ping from Vlan40 to 72.163.4.161 (Cisco Website IP addres), I can NO ping from VLan 40 to www.cisco.com, I can NO ping from Vlan 40 to 10.0.10.5 (DNS Server).

Thank you.

1 Accepted Solution

Accepted Solutions

NT

I was actually wondering if the DNS server is connected to the switch and that the problem is that the fa0/1 port is a routed port and so the rest of the 10.0.10.x network is "closed off" on the switch.

If so i was going to suggest simply -

int fa0/1

no ip address

switchport access vlan

int vlan

ip address

Edit - actuallty scratch this as the PC wouldn't be getting an IP if it was setup as above, my mistake.

Jon

View solution in original post

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

goransh_pc wrote:

Hello Evreybody,

I have this problem:

I have 4 VLAN in the 3500 Switch, Also DHCP Server, The route between VLAN's are OK.

A PC in the VLAN40 get a valid IP Address, 10.0.40.x/24, my Default Gateway for Internet is the ASA that have 10.0.10.3/24, I configured a static route in my 3500

3500:

   10.0.0.0/24  is subnetted, 4 subnets

C  10.0.40.0  is directly connected, Vlan 40

C  10.0.10.0  is directly connected, FastEthernet 0/1  --> (10.0.10.2)

S* 0.0.0.0/0  [1/0] via 10.0.10.3

In my ASA I configured a static route for

ASA:

S  10.0.40.0/24 [1/0] via 10.0.10.2

I have a DNS server on 10.0.10.5/24

I can ping from VLan40 (10.0.40.x) to 10.0.10.2 (3500 Interface), I can ping from PC in Vlan 40 10.0.40.x to 10.0.10.1 (Default Gateway), I can ping from Vlan40 to 72.163.4.161 (Cisco Website IP addres), I can NO ping from VLan 40 to www.cisco.com, I can NO ping from Vlan 40 to 10.0.10.5 (DNS Server).

Thank you.

Where is the DNS server connected and which vlan is the DNS server supposed to be in ?

Can you post config of fa0/1 on the 3550 switch ?

Jon

Hello Jon,

This is my fa0/1 in the 3550 Switch

show interface fa0/1

FastEthernet0/1 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0013.0379.1900 (bia 0013.0379.1900)
  Internet address is 10.0.10.2/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is unknown media type
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 14000 bits/sec, 24 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     74056 packets input, 6529404 bytes, 0 no buffer
     Received 71170 broadcasts (18 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 36202 multicast, 0 pause input
     0 input packets with dribble condition detected

     3761 packets output, 360259 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

I configured this interface with

3550:

interface fa0/1

no switchport

ip address 10.0.10.2 255.255.255.0

no shutdown


The DNS server is on the network 10.0.10.0/24 this network is in the Vlan 10 for Servers.

The ASA is in the same network and has 10.0.10.3 IP address, DNS 10.0.10.5, 3550 Switch 10.0.10.2.

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

I am assuming that you are using ASA5505 and the DNS server is connected to

one of the ports on ASA. Can you set the default gateway of the DNS server

to 10.0.10.2 instead of 10.0.10.3? Also, who is 10.0.10.1 (default gateway)?

Did you mean to say 10.0.10.3?

Changing the default gateway of the DNS server to 10.0.10.2 (3500 IP) will

ensure that the firewall does not interfere with intervlan traffic.

Hope this helps.

Regards,

NT

NT

I was actually wondering if the DNS server is connected to the switch and that the problem is that the fa0/1 port is a routed port and so the rest of the 10.0.10.x network is "closed off" on the switch.

If so i was going to suggest simply -

int fa0/1

no ip address

switchport access vlan

int vlan

ip address

Edit - actuallty scratch this as the PC wouldn't be getting an IP if it was setup as above, my mistake.

Jon

goransh_pc
Level 1
Level 1

Hello Jon,

This is my fa0/1 in the 3550 Switch

show interface fa0/1

FastEthernet0/1 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0013.0379.1900 (bia 0013.0379.1900)
  Internet address is 10.0.10.2/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is unknown media type
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 14000 bits/sec, 24 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     74056 packets input, 6529404 bytes, 0 no buffer
     Received 71170 broadcasts (18 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 36202 multicast, 0 pause input
     0 input packets with dribble condition detected

     3761 packets output, 360259 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

I configured this interface with

3550:

interface fa0/1

no switchport

ip address 10.0.10.2 255.255.255.0

no shutdown


The DNS server is on the network 10.0.10.0/24 this network is in the Vlan 10 for Servers.

The ASA is in the same network and has 10.0.10.3 IP address, DNS 10.0.10.5, 3550 Switch 10.0.10.2.

Hello NT,

For the 10.0.10.1 (Default Gateway) it was my Bad, I was mean 10.0.10.3 sorry about that.

My DNS server has the default gateway for 10.0.10.3 (ASA) and The ASA is connect to the L2 Switch and from this Switch to the another Servers.

Thank you.

But where physically is the DNS server located ie. what device is it connected to ? Is it the 3550, the ASA or another switch. If another switch how is that connected to the ASA/3550 ?

Jon

Hello Jon,

The ASA go to the L2 Switch, From the L2 Switch go to the DNS and go to the 3550.

Thank you.

Thank Jon and NT.

The problem is that I have in my DNS server default gateway for 10.0.10.3 (ASA) and I should have the 3550 IP 10.0.10.2.

Thank you again !!!!!!!!!!

goransh_pc wrote:

Hello Jon,

The ASA go to the L2 Switch, From the L2 Switch go to the DNS and go to the 3550.

Thank you.

So you have

ASA (vlan 10) -> L2 switch -> (fa0/1) 3550

where the fa0/1 interface has an IP from vlan 10 subnet and the DNS server is connected to the L2 switch ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco