Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Routing: LAN Uplink routing issue.

Hi all,

I have finished creating a new layer 3 switching environment at work which is working well but is not considered production yet. While we are not ready to fully cut over to the new LAN, we do need to make that network accessible from the current production LAN. It appears that I have the new LAN partially accessible but only one direction.

Symptoms -

  1. From the legacy network, I am able to ping any IP within the new LAN
  2. From a switch in the new LAN, I can ping any address in the legacy LAN
  3. From a host within a VLAN from the new network, I CANNOT ping hosts by IP in the legacy network. Trace route tests never pass the switch.

Legacy network -

192.137.0.0 /23

I have the routes for all new networks added in our existing gateway which happens to be an IPCop device. The IPCop device has an IP of 192.137.0.152.

New Network -

192.168.0.0 /21

My new LAN switch that I am uplinking into the legacy network -

  • IP Routing is turned up obviously since all of the VLANs are working.
  • I configured the Legacy VLAN on the new switch with a VLAN interface which is 192.137.0.35.
  • I configured an interface within the Legacy VLAN on the new switch, so now I can ping 192.137.0.35.
  • Then I set my default route on the new switch set to the IPCop gateway of 192.137.0.152. (ip route 0.0.0.0 0.0.0.0 192.137.0.152)

So in theory it seems like everything is almost working but for some reason hosts within any new VLAN in the new switch are not being passed into the legacy network.

Can anyone shed some light on what I am missing? It is probably something stupid I am overlooking.

20 REPLIES
VIP Super Bronze

Routing: LAN Uplink routing issue.

Hi James,

If you can ping from the switch or router from the legacy to the new network and vice versa, then your routing is working.  If you cannot ping from host to host, check to make sure each PC had the correct default gateway.  Also check the PCs to make sure there is no firewall software is installed to prevent them from being pinged.

If these suggestions don't help, can you provide a simple diagram showing how everything connects and which device is layer-2 and which layer-3?

HTH

Silver

Routing: LAN Uplink routing issue.

James Allen wrote:

Hi all,

I have finished creating a new layer 3 switching environment at work which is working well but is not considered production yet. While we are not ready to fully cut over to the new LAN, we do need to make that network accessible from the current production LAN. It appears that I have the new LAN partially accessible but only one direction.

Symptoms -

  1. From the legacy network, I am able to ping any IP within the new LAN
  2. From a switch in the new LAN, I can ping any address in the legacy LAN
  3. From a host within a VLAN from the new network, I CANNOT ping hosts by IP in the legacy network. Trace route tests never pass the switch.

Legacy network -

192.137.0.0 /23

I have the routes for all new networks added in our existing gateway which happens to be an IPCop device. The IPCop device has an IP of 192.137.0.152.

New Network -

192.168.0.0 /21

My new LAN switch that I am uplinking into the legacy network -

  • IP Routing is turned up obviously since all of the VLANs are working.
  • I configured the Legacy VLAN on the new switch with a VLAN interface which is 192.137.0.35.
  • I configured an interface within the Legacy VLAN on the new switch, so now I can ping 192.137.0.35.
  • Then I set my default route on the new switch set to the IPCop gateway of 192.137.0.152. (ip route 0.0.0.0 0.0.0.0 192.137.0.152)

So in theory it seems like everything is almost working but for some reason hosts within any new VLAN in the new switch are not being passed into the legacy network.

Can anyone shed some light on what I am missing? It is probably something stupid I am overlooking.

James.

You have the "new" switch set with a default route pointing to 192.137.0.152 from an interface of 192.137.0.35 - is that link a layer 2 (all ports in the same VLAN with SVI's) link, or layer 3 (routed link, with an IP address configured on the physical interface).

My point is - what's the IP address of the port that 192.137.0.35 connects to? Is it a layer 3 port with its own address, or a layer 2 port in the same VLAN as 192.137.0.152?

The fact that you can PING from the new switch to the legacy network doesn't really show much since if it's a layer 2 network, the source of the PING packet will be the switch (192.137.0.35), and since it's in the "same" network as the IPCop device it'l simply be classed as directly connected.

The fact that you can communicate between VLAN's on your "new" switch indicates that there is routing within that switch - so something is either preventing the packets to other destinations (outbound access list?), or the next hop for outbound traffic is wrong.

What happens if you try to tracetroute IN to the new network from a node on the legacy network? Where does the trace stop?

Can you indicate what kind of devices you have, and post sanitised configs of the relevant interfaces (the linke, the SVI's etc) and the routing tables in your new switch?

Cheers.

New Member

Routing: LAN Uplink routing issue.

Thanks for the replies guys. After a bit of digging, it appears that the IPCop device is causing the issue. I found that I was able to ping the 192.137.0.152 from a host within a VLAN in my new switch but that device is not forwarding it out correctly.

One thing I did think about last night was, why am I pointing to 192.137.0.152 at all to refer gateway functions? Currently, I do not need any hosts in the new network to get on the internet so in theory, shouldn't I be able to just get rid of the default route to the 192.137.0.152 IPCop device and my switch would already just work and be able to communicate into the legacy network? And now since not referring to a device that is setup weird, I can just use the interface I dropped into that LAN?

New Member

Routing: LAN Uplink routing issue.

Hmm, that didn't seem to work. I would have thought that the VLAN I created would have just send traffic out for that network and since it was in the same LAN that it would work.

Purple

Routing: LAN Uplink routing issue.

Hi,

for devices in 2 different VLANS to cummunicate you need a L3 device.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Routing: LAN Uplink routing issue.

I get that I need a layer 3 device which is why my new switch has a VLAN and VLAN interface on the same network as the legacy network. I would just think that since I have a port assigned to that VLAN on the new switch it would be able to talk with everything else on the same net out of that interface.

New Member

Re: Routing: LAN Uplink routing issue.

Posting a diagram per Darren's request -

http://i117.photobucket.com/albums/o49/0xploit/RoutingIssue-1.jpg

Trying to get the routing tables and other stuff as well.

New Member

Re: Routing: LAN Uplink routing issue.

Here is my config on my new switch - (Uplink to my legacy network is GI1/0/24)

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch01

!

boot-start-marker

boot-end-marker

!

no aaa new-model

clock timezone PST -8 0

clock summer-time PDT recurring

switch 1 provision ws-c3750x-24

system mtu routing 1500

ip routing

!

!

ip domain-name domain.com

ip name-server 192.137.0.158

ip name-server 192.137.0.170

cluster enable ORCluster 0

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0

no ip address

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet1/0/1

switchport access vlan 104

!

interface GigabitEthernet1/0/2

switchport access vlan 104

!

interface GigabitEthernet1/0/3

switchport access vlan 101

!

interface GigabitEthernet1/0/4

switchport access vlan 101

!

interface GigabitEthernet1/0/5

switchport access vlan 101

!

interface GigabitEthernet1/0/6

switchport access vlan 101

!

interface GigabitEthernet1/0/7

switchport access vlan 101

!

interface GigabitEthernet1/0/8

switchport access vlan 101

!

interface GigabitEthernet1/0/9

switchport access vlan 106

!

interface GigabitEthernet1/0/10

description ORPXEN02 DRAC

switchport access vlan 106

!

interface GigabitEthernet1/0/11

switchport access vlan 106

!

interface GigabitEthernet1/0/12

switchport access vlan 106

!

interface GigabitEthernet1/0/13

switchport access vlan 106

!

interface GigabitEthernet1/0/14

switchport access vlan 106

!

interface GigabitEthernet1/0/15

switchport access vlan 101

!

interface GigabitEthernet1/0/16

switchport access vlan 101

!

interface GigabitEthernet1/0/17

switchport access vlan 101

!

interface GigabitEthernet1/0/18

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/19

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/20

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/21

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/22

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/23

switchport access vlan 104

!

interface GigabitEthernet1/0/24

switchport access vlan 110

!

interface GigabitEthernet1/1/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/1/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface TenGigabitEthernet1/1/1

!

interface TenGigabitEthernet1/1/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan101

description Server_Network

ip address 192.168.1.1 255.255.248.0

standby 1 ip 192.168.1.254

standby 1 priority 10

standby 1 preempt

!

interface Vlan102

description Client_Access

ip address 192.168.8.1 255.255.248.0

ip helper-address 192.137.0.158

ip helper-address 192.137.0.170

standby 2 ip 192.168.8.254

standby 2 priority 10

standby 2 preempt

!

interface Vlan103

description Finance_VLAN

ip address 192.168.16.1 255.255.248.0

ip helper-address 192.137.0.158

ip helper-address 192.137.0.170

standby 3 ip 192.168.16.254

standby 3 priority 10

standby 3 preempt

!

interface Vlan106

description Management_Network

ip address 192.168.40.1 255.255.248.0

standby 6 ip 192.168.40.254

standby 6 priority 10

standby 6 preempt

!

interface Vlan108

description DMZ

ip address 192.168.56.1 255.255.248.0

standby 6 ip 192.168.56.254

standby 6 priority 10

standby 6 preempt

!

interface Vlan110

description Legacy

ip address 192.137.0.34 255.255.254.0

standby 6 ip 192.137.0.35

standby 6 priority 10

standby 6 preempt

!

ip http server

ip http secure-server

!

!

!

ip sla enable reaction-alerts

logging esm config

snmp-server community public RO

snmp-server community private RW

!

!

line con 0

line vty 0 4

***** *******

login

length 0

line vty 5 15

***** ******

login

!

end

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch01

!

boot-start-marker

boot-end-marker

!

no aaa new-model

clock timezone PST -8 0

clock summer-time PDT recurring

switch 1 provision ws-c3750x-24

system mtu routing 1500

ip routing

!

!

ip domain-name domain.com

ip name-server 192.137.0.158

ip name-server 192.137.0.170

cluster enable ORCluster 0

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0

no ip address

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet1/0/1

switchport access vlan 104

!

interface GigabitEthernet1/0/2

switchport access vlan 104

!

interface GigabitEthernet1/0/3

switchport access vlan 101

!

interface GigabitEthernet1/0/4

switchport access vlan 101

!

interface GigabitEthernet1/0/5

switchport access vlan 101

!

interface GigabitEthernet1/0/6

switchport access vlan 101

!

interface GigabitEthernet1/0/7

switchport access vlan 101

!

interface GigabitEthernet1/0/8

switchport access vlan 101

!

interface GigabitEthernet1/0/9

switchport access vlan 106

!

interface GigabitEthernet1/0/10

description ORPXEN02 DRAC

switchport access vlan 106

!

interface GigabitEthernet1/0/11

switchport access vlan 106

!

interface GigabitEthernet1/0/12

switchport access vlan 106

!

interface GigabitEthernet1/0/13

switchport access vlan 106

!

interface GigabitEthernet1/0/14

switchport access vlan 106

!

interface GigabitEthernet1/0/15

switchport access vlan 101

!

interface GigabitEthernet1/0/16

switchport access vlan 101

!

interface GigabitEthernet1/0/17

switchport access vlan 101

!

interface GigabitEthernet1/0/18

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/19

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/20

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/21

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/22

switchport access vlan 104

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/23

switchport access vlan 104

!

interface GigabitEthernet1/0/24

switchport access vlan 110

!

interface GigabitEthernet1/1/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/1/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface TenGigabitEthernet1/1/1

!

interface TenGigabitEthernet1/1/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan101

description Server_Network

ip address 192.168.1.1 255.255.248.0

standby 1 ip 192.168.1.254

standby 1 priority 10

standby 1 preempt

!

interface Vlan102

description Client_Access

ip address 192.168.8.1 255.255.248.0

ip helper-address 192.137.0.158

ip helper-address 192.137.0.170

standby 2 ip 192.168.8.254

standby 2 priority 10

standby 2 preempt

!

interface Vlan103

description Finance_VLAN

ip address 192.168.16.1 255.255.248.0

ip helper-address 192.137.0.158

ip helper-address 192.137.0.170

standby 3 ip 192.168.16.254

standby 3 priority 10

standby 3 preempt

!

interface Vlan106

description Management_Network

ip address 192.168.40.1 255.255.248.0

standby 6 ip 192.168.40.254

standby 6 priority 10

standby 6 preempt

!

interface Vlan108

description DMZ

ip address 192.168.56.1 255.255.248.0

standby 6 ip 192.168.56.254

standby 6 priority 10

standby 6 preempt

!

interface Vlan110

description Legacy

ip address 192.137.0.34 255.255.254.0

standby 6 ip 192.137.0.35

standby 6 priority 10

standby 6 preempt

!

ip http server

ip http secure-server

!

!

!

ip sla enable reaction-alerts

logging esm config

snmp-server community public RO

snmp-server community private RW

!

!

line con 0

line vty 0 4

***** *******

login

length 0

line vty 5 15

***** ******

login

!

end

New Member

Re: Routing: LAN Uplink routing issue.

Here is the output of sh ip route -

Gateway of last resort is not set

C     192.137.0.0/23 is directly connected, Vlan110
      192.137.0.0/32 is subnetted, 1 subnets
L        192.137.0.34 is directly connected, Vlan110
C     192.168.0.0/21 is directly connected, Vlan101
      192.168.1.0/32 is subnetted, 1 subnets
L        192.168.1.1 is directly connected, Vlan101
C     192.168.8.0/21 is directly connected, Vlan102
      192.168.8.0/32 is subnetted, 1 subnets
L        192.168.8.1 is directly connected, Vlan102
C     192.168.16.0/21 is directly connected, Vlan103
      192.168.16.0/32 is subnetted, 1 subnets
L        192.168.16.1 is directly connected, Vlan103
C     192.168.40.0/21 is directly connected, Vlan106
      192.168.40.0/32 is subnetted, 1 subnets
L        192.168.40.1 is directly connected, Vlan106
C     192.168.56.0/21 is directly connected, Vlan108
      192.168.56.0/32 is subnetted, 1 subnets
L        192.168.56.1 is directly connected, Vlan108

New Member

Re: Routing: LAN Uplink routing issue.

Also, here is the alternate routing config I had which wasn't working either because of the IPCop device -

Gateway of last resort is 192.137.0.152 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.137.0.152
C     192.137.0.0/23 is directly connected, Vlan110
      192.137.0.0/32 is subnetted, 1 subnets
L        192.137.0.34 is directly connected, Vlan110
C     192.168.0.0/21 is directly connected, Vlan101
      192.168.1.0/32 is subnetted, 1 subnets
L        192.168.1.1 is directly connected, Vlan101
C     192.168.8.0/21 is directly connected, Vlan102
      192.168.8.0/32 is subnetted, 1 subnets
L        192.168.8.1 is directly connected, Vlan102
C     192.168.16.0/21 is directly connected, Vlan103
      192.168.16.0/32 is subnetted, 1 subnets
L        192.168.16.1 is directly connected, Vlan103
C     192.168.40.0/21 is directly connected, Vlan106
      192.168.40.0/32 is subnetted, 1 subnets
L        192.168.40.1 is directly connected, Vlan106
C     192.168.56.0/21 is directly connected, Vlan108
      192.168.56.0/32 is subnetted, 1 subnets
L        192.168.56.1 is directly connected, Vlan108

Purple

Routing: LAN Uplink routing issue.

Hi,

Can you explain what is the use of HSRP if you only got 1 switch ?

What are these port-channels and  why put  ports in trunk mode but configure them as belonging to a particular VLAN?

Can you ping from a new VLAN to another new VLAN ?

Which gateway have you configured on your hosts in new VLANS, is it the VIP of standby group ?

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Re: Routing: LAN Uplink routing issue.

The HSRP thing is explained in my last reply. To address your other questions though, I can ping any new VLAN to any other new VLAN. Also, from the legacy network side, I can ping any new VLAN in the new LAN. It is only from a host on a new VLAN trying to ping something in the legacy network VLAN 110 that it fails.

Interestingly, whether I have a route statement to try using the gateway (192.137.0.152) in the new switch, I still can't ping anything but the gateway. Yes, strangely without any route config in the new switch, I can still ping 192.137.0.152 from a host on a new VLAN but no other address. I wonder if that device is running in promiscious mode or something.

VIP Super Bronze

Routing: LAN Uplink routing issue.

Is there a default gateway configured on devices (PC/printer etc..)  connect to vlan 110?

VIP Super Bronze

Re: Routing: LAN Uplink routing issue.

Jim,

Are these sh runs from 2 different switches or from the same switch paste here twice? It appear to be from one switch, but want to verify.

If it is one switch, why are you running HSRP

Also, I see some vlans (104 for example) has ports in access mode and trunk port.  Is this a typo or you need trunk port connecting to your end devices?

On the dump switch, you only have one vlan (vlan 110) right?

If yes, is the port that connects to the new switch configured as an access port or trunk port, because port G0/1/24 is configured as an access port.

HTH

New Member

Re: Routing: LAN Uplink routing issue.

This is just one switch with the config, although I have another switch running HSRP on all of the VLAN interfaces. When I about ready to do the cutover to the new LAN altogther, I plan to switch to just using the stackwise cables instead of HSRP so that would go away. But for now, I didn't think that my HSRP config would cause any issues.

The ports that have trunking enabled on them even though they are members of a VLAN are ports configured on non-routable VLANs for iSCSI storage. Per EMCs instructions, they wanted those ports set up as trunks.

Yes, that VLAN 110 is the only VLAN on the dumb switches although for them they obviously don't have a VLAN number assigned but it is a flat network there. VLAN 110 is just defined from the new switch and it is linked into that network. Port Gi1/0/24 is the only port in VLAN 110 and is plugged directly into the flat legacy network with a crossover cable directly into one of the dumb switches.

New Member

Re: Routing: LAN Uplink routing issue.

Also, I ran sh arp command and the switch has a record of the addresses and MACs I am trying to reach and displays them in the correct VLAN even though they are out in the unmanaged VLAN network. So this is why the switch can ping them, but if this is a valid VLAN why can't I get to the hosts except from the switch directly. Weird!

Mar  1 03:05:47.738: %SYS-5-CONFIG_I: Configured from console by consolearp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.137.0.5             0   1078.d2e9.a0ae  ARPA   Vlan110

Internet  192.137.0.35            -   70ca.9ba2.43c6  ARPA   Vlan110

Internet  192.137.0.132           0   70f3.9514.c0e4  ARPA   Vlan110

Internet  192.137.0.152           0   0004.7611.aaee  ARPA   Vlan110

Internet  192.137.0.170           0   782b.cb22.fae9  ARPA   Vlan110

Internet  192.137.1.95            0   70f3.9514.c127  ARPA   Vlan110

Internet  192.168.1.1             -   70ca.9ba2.43c1  ARPA   Vlan101

Internet  192.168.1.2            10   70ca.9b2d.8d41  ARPA   Vlan101

Internet  192.168.1.15           16   0050.568e.19a7  ARPA   Vlan101

Internet  192.168.1.50            3   14fe.b5cb.70cd  ARPA   Vlan101

Internet  192.168.1.51            3   14fe.b5cb.75cb  ARPA   Vlan101

Internet  192.168.1.52            3   14fe.b5cb.778d  ARPA   Vlan101

Internet  192.168.1.100           0   14fe.b5cb.7166  ARPA   Vlan101

Internet  192.168.1.101           0   14fe.b5cb.6e96  ARPA   Vlan101

Internet  192.168.1.187           0   5cff.3506.7539  ARPA   Vlan101

Internet  192.168.1.254           -   0000.0c07.ac01  ARPA   Vlan101

Internet  192.168.8.1             -   70ca.9ba2.43c2  ARPA   Vlan102

Internet  192.168.8.254           -   0000.0c07.ac02  ARPA   Vlan102

Internet  192.168.16.1            -   70ca.9ba2.43c3  ARPA   Vlan103

Internet  192.168.16.254          -   0000.0c07.ac03  ARPA   Vlan103

Internet  192.168.40.1            -   70ca.9ba2.43c4  ARPA   Vlan106

Internet  192.168.40.254          -   0000.0c07.ac06  ARPA   Vlan Mar  1 03:05:47.738: %SYS-5-CONFIG_I: Configured from console by consolearp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.137.0.5             0   1078.d2e9.a0ae  ARPA   Vlan110
Internet  192.137.0.35            -   70ca.9ba2.43c6  ARPA   Vlan110
Internet  192.137.0.132           0   70f3.9514.c0e4  ARPA   Vlan110
Internet  192.137.0.152           0   0004.7611.aaee  ARPA   Vlan110
Internet  192.137.0.170           0   782b.cb22.fae9  ARPA   Vlan110
Internet  192.137.1.95            0   70f3.9514.c127  ARPA   Vlan110
Internet  192.168.1.1             -   70ca.9ba2.43c1  ARPA   Vlan101
Internet  192.168.1.2            10   70ca.9b2d.8d41  ARPA   Vlan101
Internet  192.168.1.15           16   0050.568e.19a7  ARPA   Vlan101
Internet  192.168.1.50            3   14fe.b5cb.70cd  ARPA   Vlan101
Internet  192.168.1.51            3   14fe.b5cb.75cb  ARPA   Vlan101
Internet  192.168.1.52            3   14fe.b5cb.778d  ARPA   Vlan101
Internet  192.168.1.100           0   14fe.b5cb.7166  ARPA   Vlan101
Internet  192.168.1.101           0   14fe.b5cb.6e96  ARPA   Vlan101
Internet  192.168.1.187           0   5cff.3506.7539  ARPA   Vlan101
Internet  192.168.1.254           -   0000.0c07.ac01  ARPA   Vlan101
Internet  192.168.8.1             -   70ca.9ba2.43c2  ARPA   Vlan102
Internet  192.168.8.254           -   0000.0c07.ac02  ARPA   Vlan102
Internet  192.168.16.1            -   70ca.9ba2.43c3  ARPA   Vlan103
Internet  192.168.16.254          -   0000.0c07.ac03  ARPA   Vlan103
Internet  192.168.40.1            -   70ca.9ba2.43c4  ARPA   Vlan106
Internet  192.168.40.254          -   0000.0c07.ac06  ARPA   Vlan

VIP Super Bronze

Routing: LAN Uplink routing issue.

Can you verify if there is default gateway configured on these hosts?

Silver

Routing: LAN Uplink routing issue.

James Allen wrote:

Posting a diagram per Darren's request -

http://i117.photobucket.com/albums/o49/0xploit/RoutingIssue-1.jpg

Trying to get the routing tables and other stuff as well.

James.

OK, looking at this, your "legacy" network is run via a dumb switch, which means that the ONLY way for devices on this network to communicate to your other networks is via the IPCop device, because the IPCop device is the default router for these hosts.

Which means your IPCop device *must* be able to communicate with the "new' networks via the link on the new layer 3 switch. The IPCop device has to have a route to ALL the subnets on the other side of the link to the new network - in a Cisco world (I've never heard of IPCop, so I have no idea who makes it or how to configure it) you'd need something like this on the IPCop device

ip route 192.168.0.0 255.255.248 0 192.137.0.35

ip route 192.168.8.0 255.255.248.0 192.137.0.35

etc etc for *every* subnet you have defined as an SVI in your new switch. You could then add a default route on your new switch pointing to the IPCop device allowing internet access.

I'm with the other guys regarding your HSRP configurations - I can't see why you need them when you've only got one switch (HSRP is about providing a redundant router - which you can't really do with only one layer 3 device), so you're only adding overhead to the switch by running processes which aren't needed - I'd delete that configuration unless you plan on putting in a separate layer 3 switch to run the second HSRP node for each VLAN SVI on.

I think the lack of communication between your "legacy" network and the "new" networks comes down to the fact that anything conencted tot he "dumb' switches on the legacy network will be trying to route to them via the IPCop device - and unless it knows where to forward the packets, they'll just get dropped. The ability to ping tot he legacy network from the Cisco switch is because you *have* an IP address in the legacy network which will be used as the source for the PING, so the devices will know how to return packets to it - if you tried (from the Cisco switch) to ping a host ont he legacy network but used one of the SVI IP addresses as the source (ping source ), I expect that would fail as well.

Cheers.

New Member

Re: Routing: LAN Uplink routing issue.

Jim,

You see the ARPs because the switch has an address in the legacy LAN and therefor has layer 2 connectivity to the legacy LAN. From your new LAN subnets you cannot ping the legacy LAN because the legacy LAN has no clue where to send the replies. You have to add static routes for the new subnets into IPcop to be able to communicate with the legacy LAN. Have you added the routes in IPcop? IPcop is a Linux based proxy server. Here is the static route for command line Linux: "route add -net 192.168.55.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth1". You will need to add a route for each new subnet to the new switch IP.

FYI: You shouldn't route to another ip in the same subnet because it sends unnecessary icmp redirects back to each host every time it uses the route. It will work temporarily though.

Sent from Cisco Technical Support iPhone App

New Member

Re: Routing: LAN Uplink routing issue.

Thanks to everyone for all the help. I think the IPCop device has been screwing me this whole time but I ended up finding a workable solution in the end here.

I pointed hosts to my new switch as their gateway (before it was the IPCop) and then I add a default route on the switch that points to the IPCop. Now I am able to get to all of the new VLANs, the legacy network and the internet so all is good.

Thanks again to everyone for the help.

706
Views
0
Helpful
20
Replies
CreatePlease to create content