- Posts: 2
- Thank you received: 0
Noob.......can't get my head around a routing issue
15 years 1 month ago #31321
by davidh101
Noob.......can't get my head around a routing issue was created by davidh101
Ok, so I should probably admit that i'm not using any cisco equipment, but i hope someone here will still give me a pointer in the right direction.
I have read through a few articles on here, nd having some issues understanding them completely.
So.......I have been doing a 'small' piece of work for someone and now have the following setup on a network.
I have a layer 3 switch acting as a gateway between a number of different VLANS. (All subnets are 255.255.255.0)
192.168.162.1 (VLAN20)
192.168.163.1 (VLAN30)
192.168.164.1 (VLAN40)
etc
this .1 address has been set as the default gateway for all items on the individual VLANs, allowing them to all communicate to each other.
for example
192.168.168.0 (VLAN80) holds a number of servers, i have set up some static routes to 192.168.168.1 for each of the above subnets.
I can ping from one subnet to the other, no problem at all.
192.168.170.0 (VLAN100) This holds some general servers for the whole organisation, and also the gateway to the internet.
My problem is that I cannot access the internet from anything other than the 192.168.170.0 subnet. This is obviously to do with routing!!
a little more info:
192.168.168.16 is a windows DC, with DNS and DHCP etc on it. this is currently issuing DHCP to VLAN20, giving 192.168.2.0 addresses, all good, and giving a default gateway of 192.168.162.1, and DNS as 192.168.168.16
192.168.168.16, has its default gateway set to 192.168.170.17, a server with the same subnet routing as above. these 2 servers can both access each other.
192.168.170.17 has a default gateway of 192.168.170.40 (Internet gateway).
So basically, anything on the 170.0 subnet can access the internet with a default gateway of 170.17.....also giving it access to all other subnets, but the other subnets cannot acess the internet.
If i am a PC on VLAN20, this is the route i would expect to take
192.168.162.34 (My PC)
192.168.162.1 (Layer 3 Switch Routing)
192.168.168.16 (DNS Server, DG on 170 subnet, so route to that)
192.168.168.1 (Layer 3 Switch Again)
192.168.170.17
192.168.170.40 (Internet Gateway)
Internet
This is obviously wrong, i feel that I am close, but not quite sure where i am wrong.
Any help would be greatly appreciated.
I have read through a few articles on here, nd having some issues understanding them completely.
So.......I have been doing a 'small' piece of work for someone and now have the following setup on a network.
I have a layer 3 switch acting as a gateway between a number of different VLANS. (All subnets are 255.255.255.0)
192.168.162.1 (VLAN20)
192.168.163.1 (VLAN30)
192.168.164.1 (VLAN40)
etc
this .1 address has been set as the default gateway for all items on the individual VLANs, allowing them to all communicate to each other.
for example
192.168.168.0 (VLAN80) holds a number of servers, i have set up some static routes to 192.168.168.1 for each of the above subnets.
I can ping from one subnet to the other, no problem at all.
192.168.170.0 (VLAN100) This holds some general servers for the whole organisation, and also the gateway to the internet.
My problem is that I cannot access the internet from anything other than the 192.168.170.0 subnet. This is obviously to do with routing!!
a little more info:
192.168.168.16 is a windows DC, with DNS and DHCP etc on it. this is currently issuing DHCP to VLAN20, giving 192.168.2.0 addresses, all good, and giving a default gateway of 192.168.162.1, and DNS as 192.168.168.16
192.168.168.16, has its default gateway set to 192.168.170.17, a server with the same subnet routing as above. these 2 servers can both access each other.
192.168.170.17 has a default gateway of 192.168.170.40 (Internet gateway).
So basically, anything on the 170.0 subnet can access the internet with a default gateway of 170.17.....also giving it access to all other subnets, but the other subnets cannot acess the internet.
If i am a PC on VLAN20, this is the route i would expect to take
192.168.162.34 (My PC)
192.168.162.1 (Layer 3 Switch Routing)
192.168.168.16 (DNS Server, DG on 170 subnet, so route to that)
192.168.168.1 (Layer 3 Switch Again)
192.168.170.17
192.168.170.40 (Internet Gateway)
Internet
This is obviously wrong, i feel that I am close, but not quite sure where i am wrong.
Any help would be greatly appreciated.
15 years 1 month ago #31324
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Noob.......can't get my head around a routing issue
davidh101,
Your analysis provides quite an insight on your network setup and possible problems.
Since all your VLANs are able to communicate between each other, hence InterVLAN routing is working correctly for you, I feel that your problem is around your Internet Gateway marked as 192.168.170.40.
The 192.168.170.40 device needs to be able to provide Internet access for every internal network. This effectively means that NAT must be performed for each VLAN.
From your testing and troubleshooting, I believe that your Gateway is only performing NAT for the clients belonging in the same network that is, 192.168.170.0.
My suggestion is to check your configuration on your Internet Gateway as this is more likely to be the source of your problem.
Hope that helps.
Cheers,
Your analysis provides quite an insight on your network setup and possible problems.
Since all your VLANs are able to communicate between each other, hence InterVLAN routing is working correctly for you, I feel that your problem is around your Internet Gateway marked as 192.168.170.40.
The 192.168.170.40 device needs to be able to provide Internet access for every internal network. This effectively means that NAT must be performed for each VLAN.
From your testing and troubleshooting, I believe that your Gateway is only performing NAT for the clients belonging in the same network that is, 192.168.170.0.
My suggestion is to check your configuration on your Internet Gateway as this is more likely to be the source of your problem.
Hope that helps.
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
15 years 1 month ago #31325
by davidh101
Replied by davidh101 on topic Re: Noob.......can't get my head around a routing issue
Thanks for the response.
The Internet Gateways are a Linux box runnign IP Cop, i don't know much about them, but will check it out.
I am right in thinking that the default gateway for this box should be the IP address of the ADSL router it is connected to?
Secondly, I am able to ping the 170.40 address when i am on the local subnet, but not ping it from any of the other subnets, but can ping other 170.0 addresses, does this make sense?
The Internet Gateways are a Linux box runnign IP Cop, i don't know much about them, but will check it out.
I am right in thinking that the default gateway for this box should be the IP address of the ADSL router it is connected to?
Secondly, I am able to ping the 170.40 address when i am on the local subnet, but not ping it from any of the other subnets, but can ping other 170.0 addresses, does this make sense?
15 years 1 month ago #31340
by Nitishh
Replied by Nitishh on topic Re: Noob.......can't get my head around a routing issue
Looks like the 170.40 address does not know how to get to the other subnets .
I am not sure if i may have understood your issue but just humour me ....
If you have a L3 switch and all your vlans are terminating on this switch you should be putting a default route on this switch to point to the 170.40 address. And make sure the 170.40 address should have routes back to all the vlans
I am not sure if i may have understood your issue but just humour me ....
If you have a L3 switch and all your vlans are terminating on this switch you should be putting a default route on this switch to point to the 170.40 address. And make sure the 170.40 address should have routes back to all the vlans
Time to create page: 0.121 seconds