08-11-2010 08:52 AM - edited 03-06-2019 12:26 PM
Hello Evreybody,
I have this problem:
I have 4 VLAN in the 3500 Switch, Also DHCP Server, The route between VLAN's are OK.
A PC in the VLAN40 get a valid IP Address, 10.0.40.x/24, my Default Gateway for Internet is the ASA that have 10.0.10.3/24, I configured a static route in my 3500
3500:
10.0.0.0/24 is subnetted, 4 subnets
C 10.0.40.0 is directly connected, Vlan 40
C 10.0.10.0 is directly connected, FastEthernet 0/1 --> (10.0.10.2)
S* 0.0.0.0/0 [1/0] via 10.0.10.3
In my ASA I configured a static route for
ASA:
S 10.0.40.0/24 [1/0] via 10.0.10.2
I have a DNS server on 10.0.10.5/24
I can ping from VLan40 (10.0.40.x) to 10.0.10.2 (3500 Interface), I can ping from PC in Vlan 40 10.0.40.x to 10.0.10.1 (Default Gateway), I can ping from Vlan40 to 72.163.4.161 (Cisco Website IP addres), I can NO ping from VLan 40 to www.cisco.com, I can NO ping from Vlan 40 to 10.0.10.5 (DNS Server).
Thank you.
Solved! Go to Solution.
08-11-2010 09:02 AM
NT
I was actually wondering if the DNS server is connected to the switch and that the problem is that the fa0/1 port is a routed port and so the rest of the 10.0.10.x network is "closed off" on the switch.
If so i was going to suggest simply -
int fa0/1
no ip address
switchport access vlan
int vlan
ip address
Edit - actuallty scratch this as the PC wouldn't be getting an IP if it was setup as above, my mistake.
Jon
08-11-2010 08:55 AM
goransh_pc wrote:
Hello Evreybody,
I have this problem:
I have 4 VLAN in the 3500 Switch, Also DHCP Server, The route between VLAN's are OK.
A PC in the VLAN40 get a valid IP Address, 10.0.40.x/24, my Default Gateway for Internet is the ASA that have 10.0.10.3/24, I configured a static route in my 3500
3500:
10.0.0.0/24 is subnetted, 4 subnets
C 10.0.40.0 is directly connected, Vlan 40
C 10.0.10.0 is directly connected, FastEthernet 0/1 --> (10.0.10.2)
S* 0.0.0.0/0 [1/0] via 10.0.10.3
In my ASA I configured a static route for
ASA:
S 10.0.40.0/24 [1/0] via 10.0.10.2
I have a DNS server on 10.0.10.5/24
I can ping from VLan40 (10.0.40.x) to 10.0.10.2 (3500 Interface), I can ping from PC in Vlan 40 10.0.40.x to 10.0.10.1 (Default Gateway), I can ping from Vlan40 to 72.163.4.161 (Cisco Website IP addres), I can NO ping from VLan 40 to www.cisco.com, I can NO ping from Vlan 40 to 10.0.10.5 (DNS Server).
Thank you.
Where is the DNS server connected and which vlan is the DNS server supposed to be in ?
Can you post config of fa0/1 on the 3550 switch ?
Jon
08-11-2010 09:10 AM
Hello Jon,
This is my fa0/1 in the 3550 Switch
show interface fa0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0013.0379.1900 (bia 0013.0379.1900)
Internet address is 10.0.10.2/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 14000 bits/sec, 24 packets/sec
5 minute output rate 2000 bits/sec, 3 packets/sec
74056 packets input, 6529404 bytes, 0 no buffer
Received 71170 broadcasts (18 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 36202 multicast, 0 pause input
0 input packets with dribble condition detected
3761 packets output, 360259 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
I configured this interface with
3550:
interface fa0/1
no switchport
ip address 10.0.10.2 255.255.255.0
no shutdown
The DNS server is on the network 10.0.10.0/24 this network is in the Vlan 10 for Servers.
The ASA is in the same network and has 10.0.10.3 IP address, DNS 10.0.10.5, 3550 Switch 10.0.10.2.
08-11-2010 08:59 AM
Hello,
I am assuming that you are using ASA5505 and the DNS server is connected to
one of the ports on ASA. Can you set the default gateway of the DNS server
to 10.0.10.2 instead of 10.0.10.3? Also, who is 10.0.10.1 (default gateway)?
Did you mean to say 10.0.10.3?
Changing the default gateway of the DNS server to 10.0.10.2 (3500 IP) will
ensure that the firewall does not interfere with intervlan traffic.
Hope this helps.
Regards,
NT
08-11-2010 09:02 AM
NT
I was actually wondering if the DNS server is connected to the switch and that the problem is that the fa0/1 port is a routed port and so the rest of the 10.0.10.x network is "closed off" on the switch.
If so i was going to suggest simply -
int fa0/1
no ip address
switchport access vlan
int vlan
ip address
Edit - actuallty scratch this as the PC wouldn't be getting an IP if it was setup as above, my mistake.
Jon
08-11-2010 09:12 AM
Hello Jon,
This is my fa0/1 in the 3550 Switch
show interface fa0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0013.0379.1900 (bia 0013.0379.1900)
Internet address is 10.0.10.2/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is unknown media type
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 14000 bits/sec, 24 packets/sec
5 minute output rate 2000 bits/sec, 3 packets/sec
74056 packets input, 6529404 bytes, 0 no buffer
Received 71170 broadcasts (18 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 36202 multicast, 0 pause input
0 input packets with dribble condition detected
3761 packets output, 360259 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
I configured this interface with
3550:
interface fa0/1
no switchport
ip address 10.0.10.2 255.255.255.0
no shutdown
The DNS server is on the network 10.0.10.0/24 this network is in the Vlan 10 for Servers.
The ASA is in the same network and has 10.0.10.3 IP address, DNS 10.0.10.5, 3550 Switch 10.0.10.2.
08-11-2010 09:16 AM
Hello NT,
For the 10.0.10.1 (Default Gateway) it was my Bad, I was mean 10.0.10.3 sorry about that.
My DNS server has the default gateway for 10.0.10.3 (ASA) and The ASA is connect to the L2 Switch and from this Switch to the another Servers.
Thank you.
08-11-2010 09:20 AM
But where physically is the DNS server located ie. what device is it connected to ? Is it the 3550, the ASA or another switch. If another switch how is that connected to the ASA/3550 ?
Jon
08-11-2010 09:25 AM
Hello Jon,
The ASA go to the L2 Switch, From the L2 Switch go to the DNS and go to the 3550.
Thank you.
08-11-2010 09:30 AM
Thank Jon and NT.
The problem is that I have in my DNS server default gateway for 10.0.10.3 (ASA) and I should have the 3550 IP 10.0.10.2.
Thank you again !!!!!!!!!!
08-11-2010 09:31 AM
goransh_pc wrote:
Hello Jon,
The ASA go to the L2 Switch, From the L2 Switch go to the DNS and go to the 3550.
Thank you.
So you have
ASA (vlan 10) -> L2 switch -> (fa0/1) 3550
where the fa0/1 interface has an IP from vlan 10 subnet and the DNS server is connected to the L2 switch ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide