Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Noob.......can't get my head around a routing issue

Noob.......can't get my head around a routing issue 7 years 4 months ago #31321

  • davidh101
  • davidh101's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Ok, so I should probably admit that i'm not using any cisco equipment, but i hope someone here will still give me a pointer in the right direction.

I have read through a few articles on here, nd having some issues understanding them completely.

So.......I have been doing a 'small' piece of work for someone and now have the following setup on a network.

I have a layer 3 switch acting as a gateway between a number of different VLANS. (All subnets are 255.255.255.0)

192.168.162.1 (VLAN20)
192.168.163.1 (VLAN30)
192.168.164.1 (VLAN40)
etc

this .1 address has been set as the default gateway for all items on the individual VLANs, allowing them to all communicate to each other.

for example
192.168.168.0 (VLAN80) holds a number of servers, i have set up some static routes to 192.168.168.1 for each of the above subnets.
I can ping from one subnet to the other, no problem at all.

192.168.170.0 (VLAN100) This holds some general servers for the whole organisation, and also the gateway to the internet.

My problem is that I cannot access the internet from anything other than the 192.168.170.0 subnet. This is obviously to do with routing!!

a little more info:
192.168.168.16 is a windows DC, with DNS and DHCP etc on it. this is currently issuing DHCP to VLAN20, giving 192.168.2.0 addresses, all good, and giving a default gateway of 192.168.162.1, and DNS as 192.168.168.16

192.168.168.16, has its default gateway set to 192.168.170.17, a server with the same subnet routing as above. these 2 servers can both access each other.

192.168.170.17 has a default gateway of 192.168.170.40 (Internet gateway).

So basically, anything on the 170.0 subnet can access the internet with a default gateway of 170.17.....also giving it access to all other subnets, but the other subnets cannot acess the internet.

If i am a PC on VLAN20, this is the route i would expect to take
192.168.162.34 (My PC)
192.168.162.1 (Layer 3 Switch Routing)
192.168.168.16 (DNS Server, DG on 170 subnet, so route to that)
192.168.168.1 (Layer 3 Switch Again)
192.168.170.17
192.168.170.40 (Internet Gateway)
Internet

This is obviously wrong, i feel that I am close, but not quite sure where i am wrong.

Any help would be greatly appreciated.
The administrator has disabled public write access.

Re: Noob.......can't get my head around a routing issue 7 years 4 months ago #31324

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
davidh101,

Your analysis provides quite an insight on your network setup and possible problems.

Since all your VLANs are able to communicate between each other, hence InterVLAN routing is working correctly for you, I feel that your problem is around your Internet Gateway marked as 192.168.170.40.

The 192.168.170.40 device needs to be able to provide Internet access for every internal network. This effectively means that NAT must be performed for each VLAN.

From your testing and troubleshooting, I believe that your Gateway is only performing NAT for the clients belonging in the same network that is, 192.168.170.0.

My suggestion is to check your configuration on your Internet Gateway as this is more likely to be the source of your problem.

Hope that helps.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Noob.......can't get my head around a routing issue 7 years 4 months ago #31325

  • davidh101
  • davidh101's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Thanks for the response.

The Internet Gateways are a Linux box runnign IP Cop, i don't know much about them, but will check it out.

I am right in thinking that the default gateway for this box should be the IP address of the ADSL router it is connected to?

Secondly, I am able to ping the 170.40 address when i am on the local subnet, but not ping it from any of the other subnets, but can ping other 170.0 addresses, does this make sense?
The administrator has disabled public write access.

Re: Noob.......can't get my head around a routing issue 7 years 4 months ago #31340

  • Nitishh
  • Nitishh's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Looks like the 170.40 address does not know how to get to the other subnets .

I am not sure if i may have understood your issue but just humour me ....

If you have a L3 switch and all your vlans are terminating on this switch you should be putting a default route on this switch to point to the 170.40 address. And make sure the 170.40 address should have routes back to all the vlans
The administrator has disabled public write access.
Time to create page: 0.112 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup