Re: Getting router to talk to client subnet/VLAN

On Aug 23, 4:33 pm, "David L. West" <n...@xxxxxxxxxxxxxxxx> wrote:
Having a routing problem I need help with:

* All my routers and switches are on 172.16.0.0/23, VLAN 2 (mgmt vlan)

* My client VLANs are: VLAN101=172.16.2.0/23, VLAN102=172.16.4.0/23, etc

* The machine I use to manage the network is called NMS and is on
172.16.3.99 (VLAN 101)

* A linux machine runs NAT/DHCP/DNS for the clients.  It has IPs in each
VLAN *except* VLAN 2.

* iptables on the linux machine prohibits interVLAN routing but expressly
allows all traffic to/from NMS.

Here's the problem: all the routers and switches can ping each other, and
NMS can ping them as well. But the routers/switches cannot ping NMS, and I'm
don't understand why.  I tried making an interface on the linux
box within VLAN2, and can then ping that interface from the router, but that
eliminates the ability of NMS
to ping the router.

More config info follows.

=====================================================
Core router:

   interface GigabitEthernet0/1.2
    description v002-internal-mgt-vlan
    encapsulation dot1Q 2
    ip address 172.16.0.1 255.255.254.0
   !
   interface GigabitEthernet0/1.20
    description v020-public-ip-inside
    encapsulation dot1Q 20
    ip address 76.61.48.1 255.255.255.240
    no ip unreachables
   !
   ip default-gateway 208.05.19.73
   ip route 0.0.0.0 0.0.0.0 208.05.19.73
   ip route 76.61.48.0 255.255.255.0 Null0 15

======================================================

Core Switches (there are a series of these, 172.16.0.2-172.16.0.6)

   interface Vlan2
    description v002-internal-mgt-vlan
    ip address 172.16.0.2 255.255.254.0
    no ip redirects
    no ip route-cache

======================================================

Linux box ROMULUS (NAT, DHCP, DNS, NTP)

   eth0      Link encap:Ethernet  HWaddr 00:0D:56:FE:AD:FD
             inet addr:76.61.48.3  Bcast:76.61.48.15  Mask:255.255.255.240
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:1586 errors:0 dropped:0 overruns:0 frame:0
             TX packets:1894 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:1000
             RX bytes:395674 (386.4 KiB)  TX bytes:479735 (468.4 KiB)
             Interrupt:17

   eth1      Link encap:Ethernet  HWaddr 00:0D:56:FE:AD:FE
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:2284 errors:0 dropped:0 overruns:0 frame:0
             TX packets:1712 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:1000
             RX bytes:603934 (589.7 KiB)  TX bytes:431245 (421.1 KiB)
             Interrupt:18

   eth1.101  Link encap:Ethernet  HWaddr 00:0D:56:FE:AD:FE
             inet addr:172.16.2.1  Bcast:172.16.3.255  Mask:255.255.254.0
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:1266 errors:0 dropped:0 overruns:0 frame:0
             TX packets:890 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0
             RX bytes:392524 (383.3 KiB)  TX bytes:203254 (198.4 KiB)

   eth1.102  Link encap:Ethernet  HWaddr 00:0D:56:FE:AD:FE
             inet addr:172.16.4.1  Bcast:172.16.5.255  Mask:255.255.254.0
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:490 errors:0 dropped:0 overruns:0 frame:0
             TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0
             RX bytes:83958 (81.9 KiB)  TX bytes:55310 (54.0 KiB)

    <and so on for each subnet>

NMS Workstation:

   Physical Address. . . . . . . . . : 00-19-21-13-FB-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.16.3.99(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 172.16.2.1
   DHCP Server . . . . . . . . . . . : 172.16.2.1
   DNS Servers . . . . . . . . . . . : 172.16.2.1 172.16.2.2

Can you paste a show ip route 172.16.2.0 on the routers please. Can
you source a ping (type ping, hit enter, when it gets to extended
commands, hit 'y', then use a source of the 172.16.2.0 address on the
router. Does it work?
.

Relevant Pages

  • Re: Getting router to talk to client subnet/VLAN
    ... allows all traffic to/from NMS. ... NMS can ping them as well. ... to ping the router. ...   interface GigabitEthernet0/1.20 ...
    (comp.dcom.sys.cisco)
  • Re: Getting router to talk to client subnet/VLAN
    ... Add a subinterface on the router in the subnet and VLAN that also contains the NMS. ... all the routers and switches can ping each other, and NMS can ping them as well. ... box within VLAN2, and can then ping that interface from the router, but that eliminates the ability of NMS ...
    (comp.dcom.sys.cisco)
  • Re: Multihomed Server Routing Woes: Two network segments cant communi
    ... It must be the IP address of NMS in their subnet for this to work. ... Both NICs are connected to the same switch. ... and it's got a number of virtual machines on it with IPs of: ... Any other machine on 192.168.1.x cannot ping any machine on 170.34.179.x. ...
    (microsoft.public.windows.server.networking)
  • Getting router to talk to client subnet/VLAN
    ... A linux machine runs NAT/DHCP/DNS for the clients. ... iptables on the linux machine prohibits interVLAN routing but expressly allows all traffic to/from NMS. ... all the routers and switches can ping each other, and NMS can ping them as well. ... box within VLAN2, and can then ping that interface from the router, but that eliminates the ability of NMS ...
    (comp.dcom.sys.cisco)
Loading