STP, VLANs redundant router problem
- From: "BCCS" <lateagain99@xxxxxxxxxxx>
- Date: Sun, 08 Jan 2006 08:13:10 GMT
I have a fully redundant network that is being migrated from an externally
managed Cisco network to an internally managed network.
We have three Dell 5324's and two firewalls that failover
For the sake of simplicity I'll refer to them as 5324.1, 5324.2 & 5324.3.
When a specific is referenced, I'll add it to the end of the name (i.e.
5324.1.23 = 1st 5324, port 23).
All 5324's have the following in common:
VLAN 20 = WAN, ports g1-4 - 200.x.x.x
VLAN 30 = DMZ, ports g5-10 - 20.x.x.x
VLAN 40 = LAN, ports g11-23 - 2.x.x.x
All have default gateway set to 2.x.x.3
No IP address is assigned to the WAN VLAN
The DMZ VLAN is assigned an address
The LAN VLAN is assigned an address
Both routers have WAN, DMZ, LAN and failover interfaces
Both routers have the following in common:
Port 0 = WAN - 200.x.x.x
Port 1 = DMZ - 20.x.x.x
Port 2 = LAN - 2.x.x.x
The failover allows for a virtual IP address on the LAN and WAN interfaces.
I'll refer to the Routers and their ports are follows:
RTR.1.2 = 1st Router, port 2 (or LAN)
WAN (VLAN) connections
RTR.1.0 - 5324.1.1 - 200.x.x.1
RTR.2.0 - 5324.3.1 - 200.x.x.2
Virtual IP -200.x.x.3
DMZ (VLAN) Connections
RTR.1.1 - 5324.1.5 - 20.x.x.1
RTR.2.1 - 5324.3.5 - 20.x.x.2
LAN (VLAN) Connections
RTR.1.2 - 5324.1.11 - 2.x.x.1
RTR.2.2 - 5324.2.11 - 2.x.x.2
Virtual IP - 2.x.x.3
STP (Rapid) Configuration
5324.1.21 - 5324.2.21 (root bridge priority 4096)
5324.2.22 - 5324.3.22 (bridge priority 8192)
5324.1.23 - 5324.3.23 (bridge priority 32768)
None of the 5324's show that any STP or blocking.
The root bridge shows FRW, Desg status on 1.21 & 1.23
The bridge with priority 8192 shows 2.21 as FRD, Root & 2.22 as FRW, Desg
The bridge with priority 32768 shows 3.22 as DSCR, Altn & 3.23 as FRW, Root
Now for the problem:
The default gateway for all 5324's is the Virtual LAN IP of the routers. I
can ping from any 5324 LAN IP address to any other of the 5324 LAN IP
addresses. I can ping also the DMZ interface from 5324.1, but not the other
two (.2 &.3). All switches can ping out to the internet and can use DNS for
name resolution.
A device plugged into a DMZ port on 5324.1 can not access other devices with
the DMZ VLAN but connected to one of the other 5324's.
I'm sure in all the detail I'm missing a simple problem, but.
Any thoughts are appreciated!!
.
- Follow-Ups:
- Re: STP, VLANs redundant router problem
- From: anoop
- Re: STP, VLANs redundant router problem
- Prev by Date: Netgear router setup problem
- Next by Date: Re: Netgear router setup problem
- Previous by thread: Netgear router setup problem
- Next by thread: Re: STP, VLANs redundant router problem
- Index(es):
Relevant Pages
|
