All VLANs reachable, but one VLAN gives unreachable pings
I'm working on a casino network which comprises of two different networks. Connecting the two networks is a transit switch that is pretty basic with only a management IP and a default gateway. That links into the gaming network's core and the operations network's edge switch. There are multiple VLANs on the operations network all of which are accessible minus one [VLAN25]. The gaming network can be access by all other VLANs as well, so traffic is making it's way both ways, but going to VLAN25, I get unreachables.
The only changes made to the network prior to this issue was the replacement of the gaming network's switch with a new switch. The configs are the same, and I was unable to check the code on the old switch. The code on the new switch is an outdated code. I'm trying to work with the gaming network's vendor to update the code.
The gaming network is seperate from the operations network and operations runs accounting on the gaming side. It runs on a different subnet, but previous engineers made it work by giving the operation's router a secondary VLAN 1 ip address. I can ping the secondary VLAN 1 from each side.The vendor for the gaming side told the casion to just plug in a transit switch and hook it into their network and let the router do the routing. The gaming network's default gateway points to a VPN which is a server and handles outside access, but does not allow internet access to the network itself.
I verified that everything is the same between the old network and the new. I put in a different transit switch to remove that from the list of possible issues. I am limited to what I can do on the gaming network's switch which leaves me with the router. It is a voice gateway router that handles their layer 3 routing as well. There are issues with the router's config [having the VLAN 1 on the physical interface instead of sub-inf], but since I'm able to get to the VLAN 1 interface from the gaming network, I have yet to change that since I can access it.
In short, gaming network unable to access VLAN25, operations network VLAN 25 unable to access gaming network VLAN1. Two subnets on VLAN 1 in the form of secondary IPs. Verified configs and routes. I've labbed their topo as best as I can and cannot replicate the issue. Any help on this would be fantastic.
interface GigabitEthernet0/0 description Mngt VLAN ip address 10.94.15.253 255.255.240.0 secondary ip address 10.100.1.5 255.255.255.0 ip helper-address 10.100.25.10 duplex auto speed auto h323-gateway voip interface ! interface GigabitEthernet0/0.5 description VOICE Vlan encapsulation dot1Q 5 ip address 10.100.5.1 255.255.255.0 ! interface GigabitEthernet0/0.25 description DATA Vlan encapsulation dot1Q 25 ip address 10.100.25.1 255.255.255.0 ip helper-address 10.100.25.10 ! interface GigabitEthernet0/0.26 description SDC VLAN encapsulation dot1Q 26 ip address 10.100.26.1 255.255.255.0 ! interface GigabitEthernet0/0.27 description SIG VLAN encapsulation dot1Q 27 ! interface GigabitEthernet0/0.900 description Micros POS System encapsulation dot1Q 900 ip address 192.168.100.1 255.255.255.0 ! interface GigabitEthernet0/0.901 encapsulation dot1Q 901 ip address 10.10.1.254 255.255.255.0 ip helper-address 10.100.25.10 ! interface GigabitEthernet0/1 ip address 10.1.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0:23 no ip address encapsulation hdlc isdn switch-type primary-dms100 isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! ! router eigrp 10 network 10.0.0.0 ! ip forward-protocol nd ! no ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip route 0.0.0.0 0.0.0.0 10.100.25.5 !
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...