×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

All VLANs reachable, but one VLAN gives unreachable pings

Unanswered Question
Aug 11th, 2014
User Badges:

I'm working on a casino network which comprises of two different networks. Connecting the two networks is a transit switch that is pretty basic with only a management IP and a default gateway. That links into the gaming network's core and the operations network's edge switch. There are multiple VLANs on the operations network all of which are accessible minus one [VLAN25]. The gaming network can be access by all other VLANs as well, so traffic is making it's way both ways, but going to VLAN25, I get unreachables.

 

The only changes made to the network prior to this issue was the replacement of the gaming network's switch with a new switch. The configs are the same, and I was unable to check the code on the old switch. The code on the new switch is an outdated code. I'm trying to work with the gaming network's vendor to update the code.

 

Rough topo

 

[VPN Gateway for gaming network Server]----[Gaming network 3750]----[Transit switch 3750]----[operations network edge 3750]----[operations router 2911]

 

The gaming network is seperate from the operations network and operations runs accounting on the gaming side. It runs on a different subnet, but previous engineers made it work by giving the operation's router a secondary VLAN 1 ip address. I can ping the secondary VLAN 1 from each side.The vendor for the gaming side told the casion to just plug in a transit switch and hook it into their network and let the router do the routing. The gaming network's default gateway points to a VPN which is a server and handles outside access, but does not allow internet access to the network itself.

 

I verified that everything is the same between the old network and the new. I put in a different transit switch to remove that from the list of possible issues. I am limited to what I can do on the gaming network's switch which leaves me with the router. It is a voice gateway router that handles their layer 3 routing as well. There are issues with the router's config [having the VLAN 1 on the physical interface instead of sub-inf], but since I'm able to get to the VLAN 1 interface from the gaming network, I have yet to change that since I can access it. 

 

In short, gaming network unable to access VLAN25, operations network VLAN 25 unable to access gaming network VLAN1. Two subnets on VLAN 1 in the form of secondary IPs. Verified configs and routes. I've labbed their topo as best as I can and cannot replicate the issue. Any help on this would be fantastic.

 

interface GigabitEthernet0/0
 description Mngt VLAN
 ip address 10.94.15.253 255.255.240.0 secondary
 ip address 10.100.1.5 255.255.255.0
 ip helper-address 10.100.25.10
 duplex auto
 speed auto
 h323-gateway voip interface
!
interface GigabitEthernet0/0.5
 description VOICE Vlan
 encapsulation dot1Q 5
 ip address 10.100.5.1 255.255.255.0
!
interface GigabitEthernet0/0.25
 description DATA Vlan
 encapsulation dot1Q 25
 ip address 10.100.25.1 255.255.255.0
 ip helper-address 10.100.25.10
!
interface GigabitEthernet0/0.26
 description SDC VLAN
 encapsulation dot1Q 26
 ip address 10.100.26.1 255.255.255.0
!
interface GigabitEthernet0/0.27
 description SIG VLAN
 encapsulation dot1Q 27
!
interface GigabitEthernet0/0.900
 description Micros POS System
 encapsulation dot1Q 900
 ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/0.901
 encapsulation dot1Q 901
 ip address 10.10.1.254 255.255.255.0
 ip helper-address 10.100.25.10
!
interface GigabitEthernet0/1
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0/0:23
 no ip address
 encapsulation hdlc
 isdn switch-type primary-dms100
 isdn incoming-voice voice
 isdn bind-l3 ccm-manager
 no cdp enable
!
!
router eigrp 10
 network 10.0.0.0
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 10.100.25.5
!

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
SANTHOSHKUMAR S... Mon, 08/11/2014 - 16:13
User Badges:
  • Silver, 250 points or more

Hi ,

 Above is your router configuration , modify it as below


interface GigabitEthernet0/0
 no ip address 
 no shutdown

 interface GigabitEthernet0/0.1
 description Mngt VLAN
 encapsulation dot1Q 1
 ip address 10.94.15.253 255.255.240.0 secondary
 ip address 10.100.1.5 255.255.255.0
 ip helper-address 10.100.25.10
 

!-- Select FastEthernet 0/0 for the trunk configuration.
!-- No L2 or Layer 3 (L3) configuration is done here.

router(config)#int fastEthernet 0/0
router(config-if)#no shut
router(config-if)#exit


!-- Enable trunking on the sub-interface FastEthernet 0/0.1.
!-- Note that actual trunks are configured on the sub-interfaces.

router(config)#int fastEthernet 0/0.1


!-- Enter the trunking encapsulation as either isl

router(config-subif)#encapsulation isl 1

 

HTH

Sandy

 

 

Actions

This Discussion