No DNS resolution from host connected to VLAN

[fenderjbass]

Hello all,
I'm having this odd issue with an XP pro host I have setup in a test environment. I'm currently studying for CCNA, and working on vlan routing. On the default Vlan 1 the host worked fine. Once I connected it to a another VLAN, I can't access the internet. Do an ipconfig /all I can see ip of dhcp server, DNS server. I can ping the Default Gateway (IP of VLAN 10), and the IP of VLAN 1. So I can at least assume routing is working on my Core Switch. So here's were it gets interesting! If I plug my laptop running Win 7 in to Vlan 10, it works!! If I plug in another host running XP home, it works!!! I tried a few things, assigning a static IP in the Vlan 10 subnet, as well as just giving it a static DNS address. If i try to ping 8.8.8.8, I get no response. So I thought the issue may have been deeper. So tonight I rebuilt the computer. I did a bare metal install. And sure enough, it still doesn't access the internet. Web pages still time out. One interesting thing I noticed is that if i ping google.com, it resolves the correct IP. But still, pings time out. I didn't connect it to Vlan 1, so how it knew what to resolve google.com to, but not access internet is odd for sure. More info on my setup. I have a Cisco switch setup as my networks Default Gateway. I have DHCP setup on Windows Server 2008 R2. IP Helpers are assigned in VLAN. But I've at least proved my setup is good since, two other computers have no issues. Any help would be appreciated!!!

 

[Noway2]

Just a thought: you mentioned that you can see the gateway and by this I assume you mean the VLAN IP side of the gateway. Do you have any routing or NAT rules, including those for return traffic, in place to handle the traffic at the gateway?

 

[fenderjbass]

Noway2,
I can ping the vlans gateway, and the core switch's default route (My Router) from the host. I don't have any policies set on the core switch. I have nating, access lists, and a static route to vlan 10 set in my router. But I'm not 100% it's my router or switch setup. I've verified it works by connecting a win laptop, and a XP computer to VLAN 10. It's just when I connect this particular computer in, so I have an issue. Evan after I rebuild it. Today, just to double check everything, I connect it back into VLAN 1, which worked. If you want I can attach my sh runs, and sh vlan from router and core switch.
Thanks

 

[Noway2]

If some hosts are working and some are not, there must be something different between them. With respect to what you've done with a rebuild of the PC, I would suggest 1) trying it from a known location and 2) see if you have local LAN connectivity. If the problem is hardware related, I would anticipate you will have problems in places other than just this vlan. The fact that it is resolving google, tells me that basic network functionality is present as it can query the DNS, but that it won't ping says that the connection is breaking down somewhere.

The next thing I would run would be tracert (traceroute in Linux), which will progressively ping each host along the path. This will show you where the connection is breaking down. Also remember that traffic needs to flow in both directions and this can get buggered up with things like multiple gateways. I would also recommend looking at the output of 'route print' to see if anything looks suspicious.

 

[fenderjbass]

The differences are the hosts that work on the other Vlan are Win 7 pro, and XP Home. The win 7 is an HP laptop which I rebuilt about 4 months ago. The XP home is a Dell Dimension. I rebuilt that like 4 years ago. And the host I'm having an issue with is a Dell Optiplex. Which, as I stated above, I rebuilt 2 days ago. But I believe the issue is deeper then that. I'm going to have to double check the laptop, but one of the biggest differences is, the Host I'm having an issue with has a gig NIC, and I'm using a 10/100 switch. I know this doesn't matter. And I have the latest driver installed for that NIC. Then again, it works just fine on the default VLAN. I'll try your suggestions, and let ya know what I get.

 

[fenderjbass]

Trace route shows 10.10.10.1 (vlan 10) and then 192.168.10.1 (IP of router interface connected to LAN). Times out after that. Brilliant, shows it's stopping at my router before it hits my ISP. That would have answered my question, if none of the hosts worked. It seems my router just doesn't like that host.

 

[Noway2]

This situation is reaching the limits of my skill with networking so there may be a better approach, but what I would do at this point is use a program like TCPDump or Wireshark to see if I could watch the traffic pattern. Find out if you are not getting a response, or if it is trying to go somewhere else, etc. Obviously something is messed up, but the question is what. It sounds like the hardware is working at a low level, else you wouldn't be getting communication at all. So, at this point, I would actually try to look at the ICMP packets, in particular the headers (both TCP and IP) and see if it gave a clue as to the problem.

 

[fenderjbass]

I use wireshark as my preferred sniffer. So I set it to monitor icmp, and pinged google.com. In the header I saw the ip of the host for source, and one of googles IP's for destination. For layer 2 side, I saw the mac address of the hosts NIC, and the mac address of the router. So it's at least looking less and less like a layer 8 issue Just to add to it, I filtered for DNS, and tried pinging google.com. And DNS looked good too.