cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1019
Views
0
Helpful
11
Replies

VLAN inquiry

korbenda11as
Level 1
Level 1

hello anyone who could assist me. I have attached my diagram and configurations as well. Just want to know if I did correct configurations for my devices? If yes, how come my colleagues who is handling the FW can not see R1(10.20.25.66) he can see VLAN2(10.20.25.65) and i can ping from the SW R1? Is there any wrong with my configurations? thanks

11 Replies 11

korbenda11as
Level 1
Level 1

sorry i forgot the attachment.

Hi Korbenda,

It looks like you don't have any routes on R1.

Try adding:

ip route 10.20.25.60 255.255.255.252 10.20.25.65

Unless this firewall is your link to the internet, in which case it should be

ip route 0.0.0.0 0.0.0.0 10.20.25.65

Hope that helps.

Please rate any posts you find useful.

hi,

I was able to ping R1 from the sw but not from the FW, and why is it ip route 10.20.25.60 255.255.255.252 10.20.25.65? R1 is part of the VLAN.

Is my configurations on SW, R1 and S1 are correct? if yes, what route are missing? thanks!

HI,

From the diagram i see that you have link between your FW and SW with ip address 10.20.25.61 and 10.20.25.62

You have your VLAN configured with 10.20.25.65 255.255.255.248

so which means you have two differen subnet

so i thing you required route in the router for 10.20.25.61 (10.20.25.56/21)

and you also need back route on the FW for 10.20.25.64/21

H2H

Bhargav

Hi Bhargav,

Are my configurations correct for the SW, R1 and S1? so you are saying that it just a routing issue? Do I need to configure routing to the SW?

Hi,

sorry to be late to answer ur question.

yes you need to put specific route at ROUTER and at FIREWALL

as both the devices are unaware of each other's network.

Switch is aware of both network. so no need to put route in the switch.

H2H

Bhargav

(rate if u find it helpful)

Hi Korbenda,

As I said - you need routes on the router - else how does it know where to go to get to your firewall?

Add the following to R1:

ip route 10.20.25.60 255.255.255.252 10.20.25.65

The Firewall will also need a route into the network if it hasn't already - please copy the routing table here (Sanitise any public IP addresses) and we can have a look for you.

Nick

Hi, i have already add the route you mentioned and from FW it can already see the router. Now, the admin told me to add another route to the router so that I can access it from the internet. Do I need to add another route? is it 0.0.0.0 0.0.0.0 10.20.25.65, thanks!

yes

as earlier you have put specific route then you have to put the default route and after putting the default route you can remove the specific route as both are pointing towards the same 10.20.25.65

H2H

Bhargav

Jon Marshall
Hall of Fame
Hall of Fame

Could you post diagram as a .jpg/.png

re attaching the diagram in doc. format

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco