Problem Inter Vlan routing with L3

Answered Question
Sep 20th, 2010

Dear friends,

  I would like to share my Network diagram with you. I have seven WS-C2960-24TT-L switches and oneWS-C3560G-24TS. I would like to create the VLans for 12 Department. and I have Firewall also. We are using Micorsoft Exchange server, DHCP, DNS and Active Directory. So I would like to create the VLANs for server network. But I would get the ip address for different Vlan from DHCP server.How should l configure in Layer 3 switch. and Is there any problem with Microsoft DNS server to update DHCP IP and DNS name? I would like to get the advice from you for best design..Really thanks if you help me about it..if you would like to get Network Diagram. I am welcome to give you.My main purpose..I would like to get the sutiable and best network design for my Network...

Correct Answer by glen.grant about 6 years 5 months ago

  you probably have a default static pointing to FW for your internet .  Unless the FW has a route pointing back it has no idea what to do with the packets for those subnets coming back .

Correct Answer by glen.grant about 6 years 5 months ago

   You would have to check the FW to see if ping response is even allowed , in most cases FW's block ping .

Correct Answer by glen.grant about 6 years 5 months ago

  No you should not need to put an address on port 24 ,  it is assigned to vlan 1 so that should suffice .   You say you cant get to the internet  .  I assume there is a FW between you and the internet does that device have routes in its table for all the vlans you created that you want to get to the internet .  It needs a path back into the 3560 to be routed correctly. 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
ciscoibtcmis Tue, 09/21/2010 - 21:06

Now I am facing one problem. I can connect between different vlans but except vlan 1 , other vlans can't go to Internet..I use Firewall upon the Layaer 3 switch. How can I troubleshoot it? Pls....

ciscoibtcmis Wed, 09/22/2010 - 03:59

Hello..Pls help me...above is my Layer 3 switch configuration,...Do i need to give the ip address at uplink port in layer 3 switch? ...I connect port 24 (layer3) to firewall..Do I need to give ip address for this port?

Correct Answer
glen.grant Wed, 09/22/2010 - 09:50

  No you should not need to put an address on port 24 ,  it is assigned to vlan 1 so that should suffice .   You say you cant get to the internet  .  I assume there is a FW between you and the internet does that device have routes in its table for all the vlans you created that you want to get to the internet .  It needs a path back into the 3560 to be routed correctly. 

ciscoibtcmis Wed, 09/22/2010 - 19:18

Thanks you so much for your reply and solution. You mean I need to write the static route or rip at routing table of Firewall for each vlan. Yes I will also try as your advice.Next one problem..Even I can't ping to firewall IP address from other Vlans...only Vlan 1 can ping to Firewall IP address...I have attached my current Network Diagram. Please check it and can you tell me if I am wrong anything in configuration...Really thanks for your hlep..coz..I am facing problem about it..

Correct Answer
glen.grant Thu, 09/23/2010 - 06:27

   You would have to check the FW to see if ping response is even allowed , in most cases FW's block ping .

Correct Answer
glen.grant Fri, 09/24/2010 - 05:02

  you probably have a default static pointing to FW for your internet .  Unless the FW has a route pointing back it has no idea what to do with the packets for those subnets coming back .

Actions

This Discussion