Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing & default gateway problems.

Status
Not open for further replies.
summoner

summoner

Technical User
Sep 28, 2002
105
US
We are redesigning our network at work and our aim is for all subnets to be able to access the internet. Our core switch is an alcatel 7800 omniswitch. It hosts 5 VLANS and the switch also has an IP address on each VLAN that is the default gateway for each VLAN.

Clients can ping other computers on other VLANS, a traceroute shows the packets being routed to other VLANS through the switch just fine.

Our firewall is located in VLAN2. Clients on VLAN2 (192.168.2.0/24) send packets to default gateway (the switch 192.168.2.254) which forwards them to the firewall 192.168.2.1. Its not true routing, the packets never leave the subnet but internet access works fine.

The real problem is other VLANS can't get out to the internet. Clients send packets to the switch as the default gateway, but then it can;t talk to the firewall. I have entered a default route (static route)into the switch that sends all traffic to the firewall but it just doesn't work.

Firewall is a watchguard firebox 1000...I can't see anything on the firebox as to why it doesn't accept traffic routed to it from other VLANS. It works fine for our vlan2 network.

Little visual diagram:
192.168.2.0/24-->192.198.2.254 (D.G.)-->192.168.2.1(firewall)-->internet works just fine.

192.168.3.0/24-->192.168.3.1 (D.G.)->192.168.2.1(firewall) no internet

Same thing with other VLANS.

Any suggestions? I'm about scraping the bottom of the barrell here. Thanks in advance.
 
Sort by date Sort by votes
Bad internal route in the VLAN setup preventing access to other VLAN trunks and this preventing the Internet/firewall?

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
The wierd thing is...I can access other VLANs and the switch is able to route packets from one VLAN to another. I think the problem is when packets destined to the outside world, the switch doesn't know what to do with them. It just doesnt route packets from these extra VLANS to the company firewall. Its almost as if the default route to the firewall doesn;t apply to the other VLANs, only to the VLAN where the firewall resides.
 
Upvote 0 Downvote
And does the firewall have a route to the other VLANS and is it configured to NAT traffic from those networks? Look at the routing table and see if it knows how to get to the other VLANs and via what gateway address.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Yes it is configured for NAT. I just found an area in the firebox and remembering what was posted here...put a route in there back to the other VLANs. That seems to do it. Internet access works fine for those VLANs.Thanks for all the help.
 
Upvote 0 Downvote
192.168.3.0/24-->192.168.3.1 (D.G.)->192.168.2.1(firewall) no internet

Some Cisco, XyXel and other switches will let you do this, but it is not a common feature to bond the VLANs to a common Gateway.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

matept
  • Locked
  • Question
Assign default gateway routing
Replies
0
Views
69
matept
matept
Sylric
  • Locked
  • Question
Audiocodes Mediant 1000B Routing question
Replies
0
Views
94
Sylric
Sylric
turksthegreat
  • Locked
  • Question
inter VLAN Routing
Replies
2
Views
152
VinceWhirlwind
VinceWhirlwind
xz157cng
  • Locked
  • Question
Lost original ip configuration, and default gateway
Replies
1
Views
94
DrB0b
DrB0b
laketech
  • Locked
  • Question
subnet gateway?
Replies
1
Views
96
bnorton916
bnorton916

Part and Inventory Search

Sponsor

Back
Top