Hi Kim: What happens if you try out this: modify the config on the C3 eliminating all the vlans and routes and just put the default route 0.0.0.0 0.0.0.0 pointing to the fw-ip-interface. Does it works!!! The thing is to figure out if the issue is the default route per se or the combination of routes. Francisco J Gar�����Álvarez Administrador Redes Direct��ía Inform��tica Rama Judicial Puerto Rico (939)389-3059 francisco.gar...@ramajudicial.pr
----- Original Message ----- From: Kim Pedersen <k...@cncsltd.com> To: Enterasys Customer Mailing List <enterasys@listserv.unc.edu> Sent: Mon Jun 08 08:04:52 2009 Subject: Re: [enterasys] Vlan configuration issue. & Default GW Hi Fransisco, Thanks for your suggestions - yes, I know the B3s don't do routing. I am trying to get it routing working on the central C3 switch. When I first worked on the problem, I was using a sniffer to monitor the traffic, and plugging into various ports on the different VLANs. On each VLAN I used the C3 switch as the default GW, and routing between VLANs was working perfectly fine, but as soon as I started to include Internet addresses the traffic stopped on the C3 switch (No arp requests were sent out, or any routing/traffic to the default GW. The immediate problem obviously had to be that there was no default route set. This was a couple of months ago now, and someone has suggested I set the default route on the router by using "ip route 0.0.0.0 0.0.0.0 (gateway address)" I think I've already tried this, but I will give it a go again now that it has been suggested. Kind regards, Kim Pedersen CNCS Ltd. Francisco Garcia Alvarez wrote: Hi Kim: From the info you mention, I don't get clear if you are sure that the default route isn't working for the B3's. I mean, have you tried to sniff packets at the firewall internal segment to see if the data is getting there? Have you checked the fw logs? Another thing that you can try to rule out any issue w the fw is putting any switch or router on the same internal segment of the fw and pointing the default route to that device and see if the packets go the device. One good example, to check if the data goes the way it should is to ping anything within the range of the default route; if the packets are routed correctly, you should go to the arp table of that B3 switch and see the mac address of the router/switch or fw that manages the route to get to that destination. If it works, then the conf is correct and maybe the issue is with firewall. Francisco J G�����������������Álvarez Administrador Redes Directo�������a Inf�����������tica Rama Judicial Puerto Rico (939)389-3059 francisco.gar...@ramajudicial.pr ----- Original Message ----- From: Kim Pedersen <k...@cncsltd.com> <mailto:k...@cncsltd.com> To: Enterasys Customer Mailing List <enterasys@listserv.unc.edu> <mailto:enterasys@listserv.unc.edu> Sent: Sun Jun 07 23:50:42 2009 Subject: Re: [enterasys] Vlan configuration issue. & Default GW Hi Michael, With last resort I presume you mean default route/gw? This is what I would like to accomplish, but I don't know the command that will do it, and have either misunderstood the documentation or been unable to find out which command to use. I did try and specify a default route by defining a static route as 0.0.0.0/0.0.0.0, but it didn't work out. I did not spend too much time on the whys as I felt I was on shaky ground trying a configuration that wasn't directly mentioned in the product documentation. I have included the router specific configuration below: ---------------------- C2(rw)->router(Config)#show running-config ! interface vlan 90 no shutdown ip address 192.168.90.250 255.255.255.0 interface vlan 91 no shutdown ip address 192.168.91.254 255.255.255.0 interface vlan 92 no shutdown ip address 192.168.92.250 255.255.255.0 interface vlan 93 no shutdown ip address 192.168.93.254 255.255.255.0 interface vlan 94 no shutdown ip address 192.168.94.250 255.255.255.0 interface vlan 95 no shutdown ip address 192.168.95.254 255.255.255.0 interface vlan 96 no shutdown ip address 192.168.96.250 255.255.255.0 interface vlan 99 no shutdown ip address 192.168.99.250 255.255.255.0 interface vlan 100 no shutdown ip address 192.168.100.250 255.255.255.0 ! router rip ---------------------- Regards, Kim Pedersen Pasetta, Michael wrote: Have you tried to add a route of last resort in the switches router configuration? ________________________________ From: Kim Pedersen To: Enterasys Customer Mailing List Sent: Sat Jun 06 21:23:38 2009 Subject: Re: [enterasys] Vlan configuration issue. & Default GW I have a question to add into this interesting thread, which adds a twist to Abhijit's scenario. I have a very similar setup to the diagram below, with the added difference that on my setup the IP addresses of the C3 switch on each of the VLANs (10,20 and 30) is set as the default gateway for the clients connected to the B3 switches. Above C3 switch in the diagram below, I have a firewall / internet router on VLAN 40, and I would like the C3 switch to route all non-local traffic to this firewall. I have been unable to get this to work, as the default route command on the C3 switch seems only to work for the C3 switch itself, and not for any routed networks. Does anyone have experience with this? Regards, Kim Pedersen CNCS Ltd. Pal, Abhijit IN CCU SISL wrote: Hello, I am describing the scenario. Five B3 switches will be connected with one C3 switch. Each B3 SW will be used as L2 SW and they will be in separate Vlan. One server which will be in separate vlan, will be directly connected to C3 switch. Now in C3 SW Vlan routing will happen. Attaching the worst Diagram came out of my best effort. What should I do? Best Regards, Abhijit Pal SIEMENS Information systems Limited. GO/ GTAS(Global Technology Application Services) 13th Floor, Tower-2,Millenium City Bldg, DN-62,Sector-5,SaltLake, Kolkata-700091. DID: +91 33 2339 9396 Board:+91 33 2339 9000 Fax: +91 33 2339 9001 * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys mpase...@enterasys.com * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys k...@cncsltd.com * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys francisco.gar...@ramajudicial.pr * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys k...@cncsltd.com ________________________________ Aviso de confidencialidad: Este correo elec��ónico y cualquier documento adjunto contiene informaci��n propietaria, confidencial o privilegiada que pertenece a la Rama Judicial. Se advierte que cualquier divulgaci��n, distribuci��n, copia o ac��ón relacionada al contenido de esta comunicac���n, sin la autoriza��ón del remitente e��á totalmente prohibida. Si usted no es el destinatario, debe destruir este mensaje y notificar al remitente o a la Oficina de Seguridad de los Sistemas al (787) 641-6363, Ext. 2775. La Rama Judicial ha tomado las precauciones necesarias para asegurar el e��ío del correo elec��ónico, libre de virus o contenido malicioso. No obstante, no podemos asegurar que as�� sea, por lo cual no nos hacemos responsables de cualquier da��o atribuible al caso. * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys k...@cncsltd.com ________________________________ Confidentiality Note: This e-mail and any other document attached contain proprietary, confidential or privileged information that appertains to the Judicial Branch. You are to become aware that any dissemination or disclosure, distribution, copying or the taking of any action in reliance on the contents of this communication is strictly forbidden without the consent of the sender. If you are not the intended recipient, you should destroy this message and should notify the sender or the Systems Security Office at (787) 641-6363 Ext. 2775. The Judicial Branch has taken the necessary precautions to ensure the remittance of e-mail communications free of virus or any other malicious contents. However, we cannot assure that this could be the case, for which we disclaim any responsibility of any damage attributable thereto. * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys k...@cncsltd.com * --To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys francisco.gar...@ramajudicial.pr ----------------------------------------- Aviso de confidencialidad: Este correo elec��ónico y cualquier documento adjunto contiene informac���n propietaria, confidencial o privilegiada que pertenece a la Rama Judicial. Se advierte que cualquier divulgaci��n, distribuc���n, copia o acci��n relacionada al contenido de esta comunicaci��n, sin la autorizac���n del remitente es��� totalmente prohibida. Si usted no es el destinatario, debe destruir este mensaje y notificar al remitente o a la Oficina de Seguridad de los Sistemas al (787) 641-6363, Ext. 2775. La Rama Judicial ha tomado las precauciones necesarias para asegurar el env��o del correo elect���nico, libre de virus o contenido malicioso. No obstante, no podemos asegurar que a��� sea, por lo cual no nos hacemos responsables de cualquier ��ño atribuible al caso. ----------------------------------------- Confidentiality Note: This e-mail and any other document attached contain proprietary, confidential or privileged information that appertains to the Judicial Branch. You are to become aware that any dissemination or disclosure, distribution, copying or the taking of any action in reliance on the contents of this communication is strictly forbidden without the consent of the sender. If you are not the intended recipient, you should destroy this message and should notify the sender or the Systems Security Office at (787) 641-6363 Ext. 2775. The Judicial Branch has taken the necessary precautions to ensure the remittance of e-mail communications free of virus or any other malicious contents. However, we cannot assure that this could be the case, for which we disclaim any responsibility of any damage attributable thereto. --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com