Home > Cisco, Firewall, Networking, Router, Virtualisation, VLAN > No inter-VLAN comms? A classic example of KISS

No inter-VLAN comms? A classic example of KISS

So, here’s the problem (exhibit below):

  • You have 2 VLANs terminated on a firewall with discrete subnets (VLAN100 & VLAN200).
  • Both VLANs are configured identically.
  • VLAN100 has subnet 192.168.192.192/28.
  • VLAN200 has subnet 192.168.192.208/28
  • The VLANs lead to two separate virtual servers on the same physical host (vServer1 & vServer2).
  • VLAN100 has full IP connectivity to other VLANs and to the Internet.
  • The virtual server on VLAN200 can PING the default gateway on the Firewall.
  • The firewall can PING the virtual server on VLAN200.
  • The virtual server on VLAN200 can’t reach any other IP connected host or interface including the virtual server on the same physical host.

What’s the solution?

VLAN Configuration

Drum roll please…

The default gateway on vServer2 had been set to the network address of: 192.168.192.208 instead of the actual next hop of 192.168.192.209.

Moral of the story: Always verify the obvious, in spite of assurances from Windows Admins and Keep It Simple Stupid!

Can’t believe I wasted 30 minutes trawling through configs for this! Grumble, grumble…

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: