Any chance of overlapping address ranges with this 241 vlan or have the incorrect netmask on the router or client pcs. Just throwing stuff out there , it appears to be a fairly simple setup and should work . May have to post the msf and mls configs...

Attached are the running-configs from both the switch and the router. Would be interested if anyone that cares to look can point out anything wrong. Thanks.

I just noticed that the config for the switch currently only has ports 2-3 in VLAN 241. I changed this as a test. It was originally 1-24.

It would make this a lot easier if you can please post the following:

capture the output of extended ping from 6513 to 10.30.100.20 sourcing from 10.241.234.1.

topology

show run from the 6513 with the new vlan 241.

show ip route 10.241.0.0 from the router with an ip address of 10.30.100.20

capture the output of extended ping from 6513 to 10.30.100.20 sourcing from 10.241.234.1.

topology

>>I am no longer on site but I can get this tomorrow.

show run from the 6513 with the new vlan 241.

>>This is posted in my last message

show ip route 10.241.0.0 from the router with an ip address of 10.30.100.20

>>10.30.100.20 is not a router, it is a server running Checkpoint firewall. I hesitate to mention this because someone will undoubtedly point the finger at that. I have already verified the configuration in Checkpoint. A new network was added for 10.241.0.0 /16 and added to the same rule that allows traffic through for all the other VLANs on the same switch that are not having this problem. I even temporarily set up a 10.241.0.0 /16 -> any rule to make sure that the firewall was not blocking any traffic from that subnet.

Are you learning the route to 10.30.100.20 from somewhere? Unless that's true, i don't see a route to from this router to your default gateway?

can you show the output of "show ip route 10.30.100.20"?

---

interface Vlan1

ip address 10.30.10.201 255.255.0.0

!

interface Vlan9

ip address 10.9.234.1 255.255.0.0

shutdown

!

interface Vlan10

ip address 10.10.234.1 255.255.0.0

!

interface Vlan204

ip address 10.204.234.1 255.255.0.0

!

interface Vlan211

ip address 10.211.234.1 255.255.0.0

shutdown

!

interface Vlan224

ip address 10.224.234.1 255.255.0.0

!

interface Vlan241

ip address 10.241.234.1 255.255.0.0

!

router eigrp 100

network 10.9.0.0 0.0.255.255

network 10.10.0.0 0.0.255.255

network 10.30.0.0 0.0.255.255

network 10.204.0.0 0.0.255.255

network 10.211.0.0 0.0.255.255

network 10.224.0.0 0.0.255.255

network 10.241.0.0 0.0.255.255

network 10.0.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.30.100.20

10.30.100.20 is the default route.

show ip route 10.30.100.20:

Routing entry for 10.30.0.0/16

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via eigrp 100

Routing Descriptor Blocks:

* directly connected, via Vlan1

Route metric is 0, traffic share count is 1

sorry..i mis-read the config...da~

anyway.. couple questions:

Can the Checkpoint firewall ( 10.30.100.20 ) ping the workstations behind the other VLANs? (e.g. Vlan10, etc)

Can you check the route table of Checkpoint and make sure that it's forwarding the packet destined to 10.241/16 to 10.30.10.201?

Eric

I didn't look at the configs but I had a quick thought. You don't have any left over acls from when you used this for your laptop still running on the port by any chance? That might explain the blocked traffic.

>>I wasn't running any access-lists previously. There aren't any access-lists configured any where actually.