Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

communication from vlan

hi all,

i recently added some new vlans to my 4507 core. from none of the new vlans can i access my wan (through my 3745 router). when i try to ping with a source of these vlans, i cannot get through. i have added these networks into my eigrp statements, with no results. my 3745 sees the new vlans when i do a "sh ip route". it has learned these routes from the 4507, but still cannot ping the wan routers as i can from the older vlans. cannot figure out what i am missing. what else could be my issue?

TIA,

R

7 REPLIES
Purple

Re: communication from vlan

Can you traceroute to the wans?

New Member

Re: communication from vlan

thanks for your reply, i will try this when i get in this morning.

New Member

Re: communication from vlan

hi, so the traceroute is dying at my 3745 address, but when i ping the vlan from the 3745 i get replies. when i do a sh ip route from the 3745 i see the following:

D 192.168.40.0/24 [90/28416] via <4507 ip>, 14:23:05, FastEthernet0/1

I have also added another router at the other end of my wan, back to the vlan in question. when i try to ping i get the ".U.U " deal. when i do a sh ip route from there i see:

S 192.168.40.0/24 is directly connected, Tunnel0

I am on a mpls network, do i need to let my provider know that i have a new "network" in order to have it routed through the mpls cloud?

Silver

Re: communication from vlan

Do your other wan routers have this subnet in their routing table? Can you do a show ip route in a router next to the 3745 and provide us the output? Is EIGRP configured all across the network?

Green

Re: communication from vlan

Are the clients set for the correct Default Gateway?

Ifthe 802.1q subinterface on the router for VLAN100 has an address of 192.168.100.254 and the subinterface on the router for VLAN200 has an address of 192.168.200.254, then those would be the Default Gateway address you'd put on the client.

Do you have any ACLs defined? Unless your ACLs (if you have any)are specifically designed to permit the traffic, it'll be filtered out.

Do you have any firewalls on the clients? Are they set to permit traffic from the new VLANs?

Do you have NAT defined on the router? Have you included the new VLANs in the ACL that defines "interesting" traffic?

That's all that comes to mind for now ...check it out and let us know.

Good Luck

Scott

New Member

Re: communication from vlan

Ok, firstly I have no clients trying to do this, i am pinging the wan from the source of the vlan in question, so client gateways do not come into play right now.

I have no access lists on the 3745, but on the other end, there are access lists as follows:

access-list 102 permit tcp 0.0.0.255 any

but it only states that the entire lan there can communicate through the wan. this router can ping other vlans here at my host and there is nothing at the other end in way of acl.

i did add a route to the vlan at the other end of the wan.

New Member

Re: communication from vlan

so i have more info..

i do have nat running on the remote routers as asked.

Also, these connections are tunneling back into the mpls cloud via ipsec. I can ping the one remote site I have on direct frame relay.

125
Views
0
Helpful
7
Replies