Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

Cisco 3560G-48 and firewall help and suggestions

twebb
Level 1
Level 1

‎11-01-2005 05:47 AM - edited ‎03-03-2019 10:51 AM

I posted this in the firewall section and didn't get much response.

Thanks for all help in advance

A couple of questions. I'm new to this so be easy. This may be kind of long trying to describe the problem...

1.) I have a cisco 3560-48G that I can't seem to get functioning correctly (or at least what my idea of correct is...) I have ip routing turned on and I have several vlan's defined with IP addresses. The problem seems to be that I can't ping from one network to the other. For example, VLAN1 is 10.10.10.20 255.255.0.0 and VLAN 192 is 192.168.0.2 255.255.255.0, I assign port 0/43 switchport access VLAN 1 and I plug my pc into this port with an address in it's range 10.10.23.23 and I assign port 0/47 switchport access VLAN 192 and connect a home router/firewall to it with an address of 192.168.0.1, I cannot ping from my pc to the interface on the router (so, can't ping from 10.10.23.23 to 192.168.0.1). Now, if I telnet to the 3560 I can ping the interfaces on the switch (10.10.10.20 and 192.168.0.2)and the interfaces of the connected devices (10.10.23.23 and 192.168.0.1), and from my pc (10.10.23.23) I can ping the VLAN 192 interface on the switch (192.168.0.2) but I can't ping the device connected to this 192.168.0.1.

Sorry this is so drawn out. My first thought was that since the home router/firewall doesn't have an entry for a default gateway on it's lan side (192.168.0.1) it wouldn't know how to respond to me at 10.10.23.23. However, if I create another VLAN on the switch (VLAN 205 with address of 205.142.232.17 255.255.255.240) and connect it to the WAN side of the home firewall/router (because you can put a default gateway in on this interface) and assign the WAN side of the home firewall/router an address (205.142.232.23 255.255.255.240 and a default gateway of 205.142.232.17) I figured it would work. IT WON'T. The only way I can get to any other network defined on this switch is to put the port I'm plugged into on the same VLAN as the device I'm trying to get to, which makes me believe there is no routing taking place. What am I missing? I can post configs if it will help.

Question 2. This whole problem come's from the fact that we're trying to implement a physically seperated test network and I'm going to use the 3560 as the router/switch for our test servers, .etc. However as described above I can't seem to get it working. I'm going to need to get a firewall for this as well, will a pix 501 work? or is there some other options that would be just as well. Our corporate firewall is CheckPoint and I'm pretty familiar with it. The home firewall/router described above was a D-Link DI-524 which we were going to use until we got the other one in place, but now I'm worried that I can't make it or any other one work.

I can provide any other information that is necessary. Remember, I am new to this and I easily could've missed something simple. Thanks for the help in advance.

Tyler Webb

twebb@ditchwitch.com

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎11-01-2005 06:28 AM

Hello Tyler,

posting your configuration is useful and might reveal what the problem could be...

Regards,

GP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card