Cisco Switching/Routing :: Isolated VLAN Cannot Ping Gateway ASA 5520
May 30, 2012
I have an ASA that houses 11 VLANs, and I am trying to add a 12th.One of the VLANs is for PCs that have internet only access.The new VLAN will be similar, but for multifunction printers only.VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.Once it is working on the core switch, I will add it to the trunk to the IDS switches. VTP is not in use, everything is manual. [code]
View 4 Replies
ADVERTISEMENT
Oct 15, 2012
I have created two vlans, vlan 1 data and vlan 200 voice. the issue is that when an on one vlan i cannot ping the default gateway of the othe vlan from my PC. An using sge 2010p switches.
below is my configuration
p route 0.0.0.0 0.0.0.0 192.168.0.1
ip dhcp relay address 192.168.0.100
ip dhcp relay enable
ip dhcp information option
interface vlan 1
ip dhcp relay enable(code )
View 3 Replies
View Related
Feb 9, 2011
I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
View 3 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
May 3, 2012
This would probably sound like a stupid question but it took at least 2 hours of my time so far. I have a 3750 switch where a router and a server is connected. From the switch I can ping the router and server with no issue (directely connected). But from the server I am not able to ping the router. The router and the server are in the same subnet. The router is configured as the default router for the server. I am not able to ping the server from the router either. Here's the output of the ip route from the router. The server IP address is 10.1.200.21 and the router IP address is 10.10.200.1
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
C 10.1.30.0/24 is directly connected, FastEthernet0/0.30
C 10.1.20.0/24 is directly connected, FastEthernet0/0.20
[Code].....
View 14 Replies
View Related
Jul 4, 2011
Default Gateway of ISP----> Switch------->Router
From my router, I can ping Gateway, however I cant ping the switch (WS-C2960G-8TC-L) in between.
View 2 Replies
View Related
Sep 27, 2012
how my switches are configured, a cisco 3750 and a cisco 4506.[code] i can ping the gateway from the 3750 however cannot get anything past that or enything to it.
View 12 Replies
View Related
Dec 5, 2012
I'm trying to figure out how to (or if I can) setup the management interfaces (fa1) on a couple of new 4500X switches. My issue is that the 4500X's themselves are the gateway for my management VLAN (.1 HSRP virtual, .2 and .3 SVIs on the pair of switches).
I would like to assign addresses from the management VLAN to the router Fa1 management interfaces but the software configuration guide seems to note this is not supported (and indeed it doesn't seem to work).
Physically I have Fa1 from core-1 into a port on an adjacent switch. Fa1 from core-2 also goes into a port on that adjacent switch. Both are in my management VLAN, whose SVIs are on the cores themselves.
View 5 Replies
View Related
Jan 18, 2012
I have a stack of 3750-X that are used to both switch traffic inside V LAN and also to route a couple of WAN ranges from our up link provider to the DMZ v LAN.Now I'd like to have a SVI Vlan1 with an IP in the "management v LAN", but I'd like that SVI not to be rout able.
More exactly :
- no traffic should ever exit that interface that's not the generated by the router itself (ssh/snmp/...)
- no incoming traffic on that interface should be forwarded anywhere
- I'd also like to have a different default gw to be used by traffic generated by the switch itself. (for eg, ssh traffic coming from any another sub net like 10.2.0.0/24 to the switch SVI Vlan1 ip 10.1.0.1/24 should be routed back through the Vlan1 gw and not through out up link ptp gateway)
I think I can achieve the first two with ACLs on the SVI. But not sure about the last one ...
View 4 Replies
View Related
Apr 11, 2012
I have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
View 2 Replies
View Related
Feb 3, 2013
Last week we had some forwarding issues with our cat 6509e VSS pair, wherby clients could ping the gateway but couldnt route through it! we identified this as being core 2 in the vss pair, yesterday we rebooted the 2nd switch and now the issue has been resolved.
View 4 Replies
View Related
Jul 25, 2012
I have a design hurdle that I cannot seem to cross. I have two sites and I need the same VLAN to span both sites. I have accomplished this using L2TP but my issue is that I can no longer assign a gateway for this VLAN on the router. The 2 routers are 2821's and are connected with a dedicated fiber run.
Ant recommendation for how this could be accomplished? It would be great if I could have the same gateway at both sites by leveraging some sort of bridged interface (BVI so I've heard) but I am at a loss as to where I should start with this. Also, this is not the only VLAN that needs to traverse the link.
View 2 Replies
View Related
Jul 6, 2012
I picked up a pair of RV220W's and before I spent loads of time at a remote site, I figured I'd go through some VPN testing at home to make sure I could get it setup properly. What this means is I've plugged the Internet uplink into a switch, then from the switch into both routers & configured them (using unique static IP's for each) from there. For what its worth: While I have some IT experience, I don't have strong networking experience.
I setup several VLAN's on the local RV220W, and the end result is to make it so that an asset at the remote site with an IP in any of the ranges (192.168.121.0/24, 192.168.131.0/24, 192.168.141.0/24 and any future VLANs) can communicate with/access resouces at the local site. Likewise, an asset at the local site with an IP in any of the ranges (.121, .131, .141 + any future VLANs) should be able to reach the remote resources (currently just 192.168.181.0/24, but future VLANs as well).
This evening I tried to focus on the relevant VPN pages of the Administration Guide to get the VPN up. Leaving the defaults I got as far as establishing a link between both sites and it seems that things are working right: From the remote site (.181) I can access the local site (.121, .131, .141); and from the local site I can at least ping resources (a laptop) on the remote site. (Yay!)
However, when I physically connected an asset that had a 192.168.121.X, 192.168.131.X and 192.168.141.X IP addresses to the remote RV220W (which is 192.168.181.0/24), I couldn't see it from the remote or local sites.I assume this is expected. But I'm reaching out to the community to see what other possibilities might be available becuase networking is a weak area for me. I figured it might be something like a Static [or Dynamic] Route but I really am not 100% sure.
'TECHNICAL' SPECS
Local Router LAN/WAN Settings:
LAN IP: 192.168.121.1 on default VLAN (1)
VLAN 13 defined 192.168.131.1 with DHCP enabled; Reservations created outside of DHCP scope
VLAN 14 defined 192.168.141.1 with DHCP enabled, Reservations created outside of DHCP scope
Inter VLAN Routing enabled for all VLANs
[URL]
View 7 Replies
View Related
May 2, 2013
I am trying to config the following setup in the Cisco 1841. Able to ping the IPs of Vlan1(FE0/0/1), Vlan2 (FE0/0/1) and FE0/1 IPs from corresponding networks. But packets are not flowing to other side.
View 3 Replies
View Related
May 30, 2012
I am just setting up a simple scenario with a 1841. Server @ 172.31.1.1 cannot ping 172.31.0.254 or 172.31.0.105. It can ping 172.31.1.250. The router can, on the other hand, ping devices on both networks. This is just for testing routing theory so I don't know why hosts on either side of the network cannot ping each other.
I am only using the FastEthernet interfaces on Router 1841.
View 3 Replies
View Related
Mar 28, 2013
I am working for a large campus network. The network has more than 70 VLANS in a Layer 3 Switch(Catalyst 4503). Customer wants to stop intervlan routing between all vlans except 2 vlans. How will i do that? I have also a Firewall (ASA 5520) & a Router (2811) in up of the switch. Besides this, I have run HSRP in Layer 3 Switches for redundancy.how will i stop intervlan routing between VLANS except 2, with ACL or any other process has?
View 10 Replies
View Related
Feb 4, 2012
i am stuck in a issue! unable to ping the SVI
i am design a small network for a office.
1 router 2811
1 switch 3750-e
Router is connected to the mpls cloud with ospf.
here re the config.
Router#
int fa0/0
ip 10.10.10.1 255.255.255.252
[Code]....
i connect my laptop and give ip 22.0.68.1 255.255.255.0 and default gateway 22.0.68.251but can not ping SVI VLAN 201 (22.0.68.251) ?
and from the SWITCH i can not ping the 20.20.20.2?
View 38 Replies
View Related
Apr 17, 2012
I've just started a CCNA course and my lack of knowledge has me a bit stuck. My network is comprised of Cisco components and I'm semi familiar with them just from reading and looking through options. I currently am using a Cisco ASA 5520 on my network and I am trying to join another network via one of the interfaces. My network is 192.168.0.0 255.255.0.0 and my inside interface is 192.168.1.1 255.255.0.0. I enabled a second interface using a static ip of 10.0.0.1 with a subnet of 255.255.255.128. Connected to that interface, I have a Fortigate firewall at 10.0.0.2 255.255.255.128. I can ping just fine from the Fortigate network to the 10.0.0.1 interface on the Cisco ASA 5520 network, but I can not ping the 10.0.0.1 interface (or anything past it) on the ASA 5520 from any computer on the Cisco network. I've read that ACL's and NAT have to be done as well as enabling traffic between interfaces with the same security levels. (both interfaces have security levels of 100 and the option is checked to allow traffic).
Note: each network has it's own internet connection. The connection is to share information on servers on both networks with each other.
View 1 Replies
View Related
May 6, 2012
My core switch is a 6509-e and my IDF closets have 3750's.I have a couple of vlans currently setup, that can communicate with each other.VTP is setup Client/Server where as my core is Server, all IDF's are Client.
What i'm trying to do is create an isolated VLAN. I want to setup a DHCP scope and use helper address. When i plug in a client to that VLAN, i want it to get an IP, but not have any other network access.
Is this possible to do without switching to Transparent mode? If not - what reprocussions will i see by switching to transparent mode?
View 9 Replies
View Related
May 26, 2013
I have a cisco 876 with, c870-adventerprisek9-mz.124-6.T9.bin. I have configured a VLAN with ID 230, an SVI with IP 192.168.230.1/24 and I have assigned switch port fa 2 to it…
interface Vlan230
ip address 192.168.230.1 255.255.255.0
VLAN ISL Id: 230
[Code]......
View 5 Replies
View Related
May 27, 2013
I'm having some trouble getting my head round the following but I think it's routing related?
I have a Cisco 3750 switch with the following configured:
interface Vlan1
ip address 192.168.0.223 255.255.254.0
no ip route-cache
[Code].....
The 3750 is connected to a firewall which handles the routing. From the 3750 I can only ping remote networks from the vlan1 interface not from vlan6,8 or 10 i.e ping 10.34.37.101 (remote network) source 192.168.0.223 (vlan1) works but ping 10.34.37.101 source 10.74.10.1 (vlan10) does not? I can ping 10.34.37.101 from computers on the various vlans but not from the 3750 it self.
I looked at setting a default gateway for the various vlan interfaces
View 3 Replies
View Related
Jul 10, 2012
Yesterday I configured the 7010 Nexus switch. I created a VDC and allocated few ports and configured VLAN for testing. After enabling feature interface-vlan i was allowed to configured L3 interface for the vlan. I assigned ip address and connected few server to check the reachability but it says Destination Host Unreachable.
NX OS Ver : n7000-s1-dk9.5.2.4.bin
Configuration of the VDC below.
feature telnet
feature udld
feature interface-vlan
feature lacp
[Code]....
View 2 Replies
View Related
Jan 23, 2012
Currently, we have a Cisco router (28xx), ASA 5520, and a core switch 4500. We have different vlans. We also have Auto QoS running for our Cisco IP Phones.My manager just asked me to see if I can either reserve some certain bandwidth for one vlan, or give that vlan higher priority on internet traffic than the others.
1.) Anyway we can reserve some more bandwidth for one vlan than other vlans?
2.) If #1 cannot be done, how can we provide higher priority on the internet traffic to one vlan than the others?
3.) Is #1 or #2 the same config? If not, which one would be easier (without changing our current QoS settings)?
4.) If 1 or 2 can be done, which device I should config the settings on?
5.) This question may be duplicate, but do we need to reset our current QoS to achieve the goal?
View 6 Replies
View Related
May 27, 2013
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
View 11 Replies
View Related
Nov 12, 2011
Why I cannot ping vlan when no port connect to switch.
View 3 Replies
View Related
Jul 26, 2012
We have a VPN setup between two Cisco RV082 routers, the VPN status shows as connected however I can't ping the other network. I am unable to ping between routers, let alone ping computers behind those routers.
We have 2 branches, branch 1 is on a static IP and branch 2 is Dynamic. I am able to connect via QuickVPN from Branch 2 to Branch 1 and remote desktop to computers, however have yet to VPN/remote desktop in the opposite direction.
To me it seems like a firewall issue at branch 2, but what's causing this. Also they are currently running 2 differnet firmware version not sure if this would cause a problem.
View 1 Replies
View Related
Oct 1, 2012
I'm using Cisco 2960 Series SI, configuring VLAN is not so hard. but i'm having problem with this one. base on the picture above i'm attaching on Fa0/4 and expecting not to ping the default vlan 1. but my question is why i can ping the other vlan since i dont have use any routing?
View 1 Replies
View Related
Mar 31, 2012
I have six Cisco 300 Series switches in Layer 2 mode. They are all connected using ports in Trunk mode. These Trunks are tagged members of all VLANS.
I have one 300 series in layer 3 mode with IP address assigned to each VLAN.I would like to use one Internet gateway for multiple VLANS. This gateway has numerous IP ports that forward to internal ip addresses on various machines.
All i9nternal clients use their respective VLAN IP as their default gateway.The Layer 3 switch is connected to one of the Layer 2's using a Trunk that is a tagged member of all of the VLANS.
I understand how traffic routes from a client to its respective VLAN gateway. Where I am confused is how it routes from there to the Internet gateway? Internet gateway is 192.168.1.1.VLAN IP's are 192.168.2.1, 192.168.3.1, etc...
Should the Internet Gateway be patched into the Layer 3 switch or one of the Layer 2's using a separate "Internet" VLAN?
View 5 Replies
View Related
Mar 25, 2013
Currently, we have a plain network and we are planning to 'upgrade' it a little. We want to implement VLANs to separate wireless clients, workstations + servers and infrastructure devices form each other.As of now, we have no VLANs, and no managed Switches. We only have an RV016 that handles two ISPs and a 3rd party connection service to the office branches ( I belive they're using Frame Relay, but as far as we know, we are not concerned since we cannot touch their devices)
The reason behind the title, pointing towards the famous SGE2000P, is that my workplace is located in Argentina... and we don't have as many choices as some of you guys have ! In fact, I was unsuccessful trying to get a Cisco partner to contact me. We would like to replace the RV016 with a cisco 1941 (and a HWIC switch card).
So, back to business..! Assuming we will be using the SGE2000P switches, I was thinking about setting VLANs using 802.1Q through seven of these switches, along with a 1941 Cisco router. I'm expecting the 1941 to handle load balancing between both ISPs and the 3rd party link. Now, as for Inter VLAN routing, I would like to have gigabit traffic between VLANs.
Is it possible to use one SGE as Layer 3 mode to hande inter VLAN traffic (gigabit speeds) while using the 1941 as a end point device to reach internet (using PAT) ?Would you suggest me to use the 1941 for Inter VLAN routing, despite the 10/100 limitation(*) and use all SGE's in L2 mode? We need two ISPs, a third link for the FR connection, and finally the LAN interface. As far as I know, I'm limited to the gigabit builtin interfaces for WAN purposes, am I right?
View 5 Replies
View Related
Mar 31, 2012
I have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
View 5 Replies
View Related
Jan 18, 2013
From My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies
View Related
Jul 31, 2011
We use Cisco Any connect with a Cisco ASA 5520 firewall. Today I changed the inside interface of the firewall's IP because i needed to do some inter vlan routing and needed to move the inside interface from the lan vlan to a routed port on our 3750.
Now people can vpn and authenticate to the MS radius inside but cannot access any network resources nor ping anything inside.
View 1 Replies
View Related
Jul 26, 2010
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology. I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.
ROUTER CONFIG:
ciscoasa#ciscoasa# show run: Saved:ASA Version 8.3(1)!hostname ciscoasadomain-name nullenable password ###### encryptedpasswd ###### encryptednamesdns-guard!interface GigabitEthernet0/0no nameifno security-levelno ip address!interface GigabitEthernet0/1no nameifsecurity-level 100ip address 10.10.1.1 255.255.255.0!interface GigabitEthernet0/1.10vlan 10nameif vlan10security-level 100ip address 10.10.10.1 255.255.255.0!interface GigabitEthernet0/1.20vlan 20nameif vlan20security-level 100ip address 10.10.20.1 255.255.255.0!interface GigabitEthernet0/1.30vlan 30nameif vlan30security-level 100ip address 10.10.30.1 255.255.255.0!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface
[code]....
View 30 Replies
View Related
