I am having problem routing from the old network (10.223.17.0)to the new network (10.223.12.0). I want these 2 network to communicate with each other.Below is the current config of our core switch(4507R). Any changes or ideas is greatly appreciated. Thank you for your support.
These two subnets *10.223.17.0/24 and 10.223.12.0/22) are directly connected to the router. A frequent issue in such a scenario is a device connected to one subnet requires IP connectivity to the other subnet but doesn't have it default gateway set or set to the wrong default gateway.
Make sure devices connected to subnet 10.223.17.0/24 (vlan17) have 10.223.17.194 as their default gateway and devices connected to 10.223.12.0/22 (vlan12) have theirs set to 10.223.12.1.
First thanks for your response, I am pretty sure that the subnet 10.223.17.0 is using 10.223.17.194 as their DG. I have to double check the subnet 10.223.12.0 if their DG is set to 10.223.12.1. So your saying that if these 2 network it not using the correct DG, routing between them is not possible? Thanks again.
Hi, the config does not show anything obvious. Some stuff can be cleaned up if not used... like vrf and vlan access-map..
did you check what default gateway machines on vlan 17 use? Can they ping the DG?
First, thanks for responding to my question,
vlan 17 is using 10.223.17.194 as their DG, from 10.223.17.0 subnet I can ping the DG. One thing I notice is when I ping from the 10.223.17.0 network to a specific host on the 10.223.12.0 (like 10.223.12.13) it's saying host unreacheable via the 10.223.17.194 gateway. Also there is an ISP managed router 2620 which is the DG for the 10.223.17.0 network (IP assigned is 10.223.17.194) in between these 2 network. My assumption is that this router probably is the one preventing the routing between these 2 network. If I clean the vrf and access-mp's would it affect anything? Any recommendation or suggestion is greatly appreciated. Thanks again.
The router can not have same IP address as your core switch, basically your machines use that router to get to another VLAN and fail. The router IP should be changed and proper routing should be established for the internet connectivity. One option could be via a transit VLAN between your core switch and the ISP router.
I gave the wrong information, the ISP managed router has assigned IP address of (10.223.17.14 255.255.255.0 - fa0/0) also an ip route statement of (ip route 10.223.12.0 255.255.252.0 10.223.17.194). I can give you more info on the router if that will help you analyze the issue. Thanks again.
ok, were you ever able to communicate between these vlans?
can you ping 10.223,12,1 from a host on VLAN 17?
post sh ip route from your core switch
what command you used to generate posted config?
The output of show ip route clearly shows that it knows both subnets and should be able to route between them, if the packets get to the switch. Which makes me wonder if the packets are really getting to the switch.
I notice that the switch has only 2 ports that belong in VLAN 17 (Gig 4/1 and 4/31). Can you tell us what devices these are? And where is the rest of VLAN 17 and what is its connectivity to the switch?
One other thing that might be an interesting test:
- do a ping from the switch to some device in VLAN 17 to demonstrate basic connectivity.
- then do an extended ping from the switch to that device. In the extended ping specify the same destination address as the simple ping and specify the source address as the vlan 12 interface address. If the extended ping fails it would point toward it being a problem with the default gateway configuration of the device.
First thank you for responding to my question, I have to identify what devices are connected to (Gig 4/1 and 4/31).
The only thing I can tell you right now is on the old subnet (10.223.17.0)there is an ISP managed router and an old
5500 series catalyst switch used as their old core switch. What I need to do is to trace some connections from the
old core switch and ISP managed router. Base on the previous configuration I sent, I can ping some devices in vlan 17
from the new core switch (4507R) but cannot ping an IP address assigned to the ISP managed router fa0/0 (10.223.17.14).
Thanks again for your advice.