assalihin wrote:
I think we are close to get this figured out.
1) I made sure all the switches have vlan 10 on them. I went to each and created it.
2) "The trunk links are allowing vlan 10". Since the are ce 500 I have no clue on how to do this.
3) The workstation doesn't get an ip from the dhcp yet
4) When I put a static ip on it I am able to ping my gateway (192.168.5.1)but nothing beyond that.
Thanks for taking the time to help,
Said

Said

Just to clarify -

1) from the workstation can you ping the vlan 11 interface on the 3750 switch ?

2) the ip helper-address under the vlan 10 interface - this is your DHCP server yes ?

3) have you created the scope on the DHCP server ?

Jon

1- yes from the workstation I can ping the vlan 10 and vlan1 interfaces on the 3750.

2- the dhcp server in the ip helper-address is my Dhcp server which is on vlan1

3- yes I created the scopes for vlan 10 and 11 on the Dhcp server

assalihin wrote:
1- yes from the workstation I can ping the vlan 10 and vlan1 interfaces on the 3750.
2- the dhcp server in the ip helper-address is my Dhcp server which is on vlan1
3- yes I created the scopes for vlan 10 and 11 on the Dhcp server

Sorry to keep having to clarify. You said before you couldn't ping anything except the vlan 10 interface but poitn 1 above suggests you can ping the vlan 1 interface on the 3750 which suggests the 3750 is routing correctly - can you confirm ?

Can you ping the DHCP server from the client in vlan 10.

What is the default-gateway on the DHCP server because before the 3750 was a L2 switch only so the vlan 1 interface on the 3750 could not have been the default-gateway of the DHCP server.

So i'm guessing the reply from the DHCP server is going to a different device than the 3750.

Can you confirm default-gateway of DHCP server and if it is not the 3750 then what device is it ?

Jon

assalihin wrote:
Actually I am the one has to apologize for taking all your time to help me out.
1- Yes I found out after I posted that I could ping the 3750 Vlan10 interface and also the 3750 vlan1 interface just fine from the workstation.
2- No I cannot ping Dhcp server from the client on Vlan 10.
3- The default-gateway on the dhcp server is the firewall. The same as what we put in the 3750.
Thanks for your time

No need to apologize.

3) is your problem.

It looks like vlan 1 is routed off the firewall. So you can do either -

i) add a route to your firewall for the vlan subnet pointing to the vlan 1 IP address on the 3750. This may or may not work. Your firewall needs to be able to route traffic back out of the interface on which it was received and somwe firewalls won't do that. If you have a pix/ASA you may be able to do it depending on the exact version of code it is running. Just adding a route for vlan 10 won't necessarily work.

or

ii) change the default-gateway on your DHCP server to be the vlan 1 IP address on the 3750. You may or may not want to do this. Be careful to understand what might happen if you do. It's difficult for me to say without fully understanding your setup. Ideally you would want vlan 1 routed off the 3750 as well as your other vlans but this could be a big change as you need to change the default-gateway for all vlan 1 clients. If most are DHCP then you can modify the scope but there will be servers etc. such as the DHCP server which will need to be manually changed.

Without either of the above the DHCP reply goes to the firewall instead of the 3750 and the firewall just drops it because it doesn't know about vlan 10.

Jon

I think I will opt for option#1. Can you give me an example to clarify:

"add a route to your firewall for the vlan subnet pointing to the vlan 1 IP address on the 3750. "

assalihin wrote:
I think I will opt for option#1. Can you give me an example to clarify:
"add a route to your firewall for the vlan subnet pointing to the vlan 1 IP address on the 3750. "

Like i said, it's not as simple as adding a route, at least not with Cisco models. What is make/model is your firewall ? If it is not Cisco you could try adding -

ip route 192.168.5.0 255.255.255.0

note the above syntax is for a Cisco router so it will be probably be different for the firewall.

If the firewall is a Cisco, then can you post make/model and what version of code it is running. To find out version of code just run "sh version" on the firewall.

Jon

I have Soniwall. I told them to leave the pix 515e alone but they

didn't listen:)

I will try to get Sonicwall support involved. maybe they can help with this one.

assalihin wrote:
I have Soniwall. I told them to leave the pix 515e alone but they
didn't listen:)

I don't know whether Sonicwall will support it or not but you can try. Don't know how to add a route to a Sonicwall but i believe they use a GUI to configure so it shouldn't be that hard or at least i hope not

Bear in mind, even with a route added it may still not work ie. it may need extra configuration or routing back out the same interface may just not be supported. Bit of trial and error i'm afraid.

Jon

but they didn't listen:)

They never do

Thanks again. I will keep you informed.