Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
10
Helpful
4
Replies

vlan config issues

adam.strobel
Level 1
Level 1

‎08-16-2006 03:03 AM - edited ‎03-03-2019 04:32 AM

I have a 6509 with a vlan 105 configure. I have also added a vlan 100. vlan 100 and 105 work for internal routing. vlan 105 workstation can get to the internet. however any vlan 100 workstation can not access the internet. A tracert from a workstation on vlan 100 stops at the 6509. attached is the 6509 config, i have included IP just because they already have changed.

any ideas? Does the port connecting to my firewall have to allow all vlan traffic? if so how do i do this.

thanks,

Labels:
Preview file
25 KB
0 Helpful
4 Replies 4

vijayasankar
Level 4
Level 4

‎08-16-2006 03:11 AM

Hi,

Please provide more information on setup( other devices, connectivity diagram) to have a clear idea, so that we can help you.

From the config provided, i could see the following default route

ip route 0.0.0.0 0.0.0.0 10.175.105.3

What is 10.175.105.3 ? Is this your firewall / WAN router??

Also what is the need for this static route.?

ip route 10.175.100.0 255.255.255.0 10.175.105.3

10.175.100.0/24 is the subnet for vlan 100, which a directly connected network on this switch. Hence you dont need that route. Remove that route.

Finally whatever device is 10.175.105.3, please add a route in that device for vlan 100 so that traffic can reach vlan 100.

The route that you should add in 10.175.105.3 is

ip route 10.175.100.0 255.255.255.0 10.175.105.1.

Hope this helps.

-VJ

adam.strobel
Level 1
Level 1
In response to vijayasankar

‎08-16-2006 04:09 AM

Attached is a visio of my diagram. But yes 10.175.105.3 is my checkpoint FW.

I thought I needed the ip route 10.175.100.0 255.255.255.0 10.175.105.3 to route the traffic to the FW, now I see that it is not needed.

In the 10.175.105.3 I'm nating all 10.0.0.0 to the outside world.

Hope this helps.

3464-Sungard Test visio 2005.vsd
0 Helpful

gpulos
Level 8
Level 8

‎08-16-2006 03:21 AM

as well you may need to verify your firewall (or whatever ISP border gateway) is performing NAT for the VLAN 100 subnet as it currently does for the VLAN 105 subnet.

this plus making sure the firewall knows a route back to VLAN 100 should be good.

adam.strobel
Level 1
Level 1
In response to gpulos

‎08-16-2006 04:43 AM

Hey everyone. I was able to get vlan 100 to access the internet. I had to turn on RIP on the internal interface on the FW (10.175.105.3).

I was so conserned that i had configured the vlans wrong or I was missing configurations on the interfaces that I overlooked this part.

thanks everyone for your help and suggestions.

0 Helpful
Customers Also Viewed These Support Documents