Mailing List Archive: Blackdiamond 8806

Hello,

i have a Blackdiamond with 8 VLANs configured... VLAN1,10,20,30,40,50,60,70

One Port ist configured with TagAll to my Firewall (Sonicwall) In the SonicWall there are 8 VLAN Subinterfaces for each VLAN.

Standard Gateway on the Clients are the Switch.

Ive configured a default route in each VLAN to the Firewall like:

Configure iproute add default 192.168.100.251 (Firewall IP in VLAN 1)

Configure iproute add default 192.168.98.251 (Firewall IP in VLAN 10)

Configure iproute add default 192.168.96.251 (Firewall IP in VLAN 20)

... so for each vlan..

I can ping in each vlan the Firewall`s ip, but i cant ping the firewalls other vlan ip, for example, im in VLAN 1 (Switch IP: 192.168.100.250)

I have an IP: 192.168.100.10

Subnet: 255.255.255.0

Default-Gateway: 192.168.100.250

I can ping all other things in the network (there is ip forwading enabled at all)

I can ping the SonicWall in my Network 192.168.100.251

But i cant ping the sonicwalls ip in the other networks like 192.168.98.251 or 192.168.96.251

Should i add a own vlan for the internet access? Dont know, i come more from cisco, and there is a default route like 0.0.0.0/0 to Firewall

Hüttner, Christof | Network / Application Specialist
MEGATECH communication GmbH | Englfinger Strasse 56 | DE - 94508 Schoellnach / Germany
Phone : +49 (0)9903 9324 220 | Fax : +49 (0)9903 9324 200 | christof.huettner@megatech-communication.de <mailto:jens.schneider@megatech-communication.de>

==============================
Sitz der Gesellschaft: Schoellnach
Handelsregister: Amtsgericht Deggendorf, HRB 2315
Geschäftsführung: Rigobert Kuehn

Wichtiger Hinweis: Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben sollten,
weisen wir Sie darauf hin, dass das unerlaubte Kopieren sowie die unbefugte Weiterleitung dieser E-Mail nicht gestattet ist.
Bitte informieren Sie sofort den Absender und löschen Sie diese E-Mail. Vielen Dank.
Important Note: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information.
If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited.
Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.
==============================

Most likely a firewall problem. You would want to check the firewall
policies to ensure

1. It allows ICMP from your host
2. Intra zone traffic is allowed if All interfaces are in the same security
zone. Some firewalls disable this by default.
3. There are correct policies in place for inter-zone traffic is all
interfaces are in seperate security zones.

cheers

On Wed, Oct 19, 2011 at 8:47 AM, Huettner, Christof <
Christof.Huettner@megatech-communication.de> wrote:

> Hello,****
>
> ** **
>
> i have a Blackdiamond with 8 VLANs configured… VLAN1,10,20,30,40,50,60,70*
> ***
>
> ** **
>
> One Port ist configured with TagAll to my Firewall (Sonicwall) In the
> SonicWall there are 8 VLAN Subinterfaces for each VLAN.****
>
> ** **
>
> Standard Gateway on the Clients are the Switch.****
>
> ** **
>
> Ive configured a default route in each VLAN to the Firewall like:****
>
> ** **
>
> Configure iproute add default 192.168.100.251 (Firewall IP in VLAN 1)****
>
> Configure iproute add default 192.168.98.251 (Firewall IP in VLAN 10)****
>
> Configure iproute add default 192.168.96.251 (Firewall IP in VLAN 20)****
>
> ... so for each vlan..****
>
> ** **
>
> I can ping in each vlan the Firewall`s ip, but i cant ping the firewalls
> other vlan ip, for example, im in VLAN 1 (Switch IP: 192.168.100.250)****
>
> ** **
>
> I have an IP: 192.168.100.10****
>
> Subnet: 255.255.255.0****
>
> Default-Gateway: 192.168.100.250****
>
> ** **
>
> ** **
>
> I can ping all other things in the network (there is ip forwading enabled
> at all)****
>
> I can ping the SonicWall in my Network 192.168.100.251****
>
> ** **
>
> But i cant ping the sonicwalls ip in the other networks like
> 192.168.98.251 or 192.168.96.251****
>
> ** **
>
> Should i add a own vlan for the internet access? Dont know, i come more
> from cisco, and there is a default route like 0.0.0.0/0 to Firewall****
>
> ** **
>
> ** **
>
> *Hüttner, Christof | Network / Application Specialist*
> MEGATECH communication GmbH | Englfinger Strasse 56 | DE – 94508
> Schoellnach / Germany
> Phone : +49 (0)9903 9324 220 | Fax : +49 (0)9903 9324 200 |
> christof.huettner@megatech-communication.de<jens.schneider@megatech-communication.de>
>
> ****
>
> ==============================
> Sitz der Gesellschaft: Schoellnach
> Handelsregister: Amtsgericht Deggendorf, HRB 2315
> Geschäftsführung: Rigobert Kuehn****
>
> *Wichtiger Hinweis:* Diese E-Mail enthält vertrauliche und/oder rechtlich
> geschützte Informationen.
> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
> erhalten haben sollten,
> weisen wir Sie darauf hin, dass das unerlaubte Kopieren sowie die
> unbefugte Weiterleitung dieser E-Mail nicht gestattet ist.
> Bitte informieren Sie sofort den Absender und löschen Sie diese E-Mail. Vielen
> Dank.
> *Important Note:* This e-mail may contain trade secrets or privileged,
> undisclosed or otherwise confidential information.
> If you have received this e-mail in error, you are hereby notified that
> any review, copying or distribution of it is strictly prohibited.
> Please inform us immediately and destroy the original transmittal. Thank
> you for your cooperation.
> ==============================****
>
> ** **
>
> _______________________________________________
> extreme-nsp mailing list
> extreme-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/extreme-nsp
>