A couple of questions. I'm new to this so be easy. This may be kind of long trying to describe the problem...
1.) I have a cisco 3560-48G that I can't seem to get functioning correctly (or at least what my idea of correct is...) I have ip routing turned on and I have several vlan's defined with IP addresses. The problem seems to be that I can't ping from one network to the other. For example, VLAN1 is 10.10.10.20 255.255.0.0 and VLAN 192 is 192.168.0.2 255.255.255.0, I assign port 0/43 switchport access VLAN 1 and I plug my pc into this port with an address in it's range 10.10.23.23 and I assign port 0/47 switchport access VLAN 192 and connect a home router/firewall to it with an address of 192.168.0.1, I cannot ping from my pc to the interface on the router (so, can't ping from 10.10.23.23 to 192.168.0.1). Now, if I telnet to the 3560 I can ping the interfaces on the switch (10.10.10.20 and 192.168.0.2)and the interfaces of the connected devices (10.10.23.23 and 192.168.0.1), and from my pc (10.10.23.23) I can ping the VLAN 192 interface on the switch (192.168.0.2) but I can't ping the device connected to this 192.168.0.1.
Sorry this is so drawn out. My first thought was that since the home router/firewall doesn't have an entry for a default gateway on it's lan side (192.168.0.1) it wouldn't know how to respond to me at 10.10.23.23. However, if I create another VLAN on the switch (VLAN 205 with address of 22.214.171.124 255.255.255.240) and connect it to the WAN side of the home firewall/router (because you can put a default gateway in on this interface) and assign the WAN side of the home firewall/router an address (126.96.36.199 255.255.255.240 and a default gateway of 188.8.131.52) I figured it would work. IT WON'T. The only way I can get to any other network defined on this switch is to put the port I'm plugged into on the same VLAN as the device I'm trying to get to, which makes me believe there is no routing taking place. What am I missing? I can post configs if it will help.
Question 2. This whole problem come's from the fact that we're trying to implement a physically seperated test network and I'm going to use the 3560 as the router/switch for our test servers, .etc. However as described above I can't seem to get it working. I'm going to need to get a firewall for this as well, will a pix 501 work? or is there some other options that would be just as well. Our corporate firewall is CheckPoint and I'm pretty familiar with it. The home firewall/router described above was a D-Link DI-524 which we were going to use until we got the other one in place, but now I'm worried that I can't make it or any other one work.
I can provide any other information that is necessary. Remember, I am new to this and I easily could've missed something simple. Thanks for the help in advance.
Re: Cisco 3560G-48 and firewall help and suggestions
In your setup a 3560 L3 switch should work like a charm. You dont need a PIX at all.
Just to make sure that I have understood your problem:
1) you have created various VLANs on your 3560 and connected PCs onto these VLANs.
2) When you try to ping from these PCs/devices between 2 VLANs , you arent able to , but from the 3560 switch , you can ping all the PCs and other servers.
I guess, you need to recheck all the default gateways on your PCs and other routing information. Have the gateways of the devices of the PC/device to the 3560 layer 3 ip address and it should work fine. Send me the configs if possible.
Hope this helps.. all the best.. rate replies if found useful.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :