Can you post your config of the core?
I've been planning this for ages, and all is going well apart from this 'ickle issue.
I'm taking our /22 network from SWGfL and subnetting it into 4 x 24 Subnet; like a good little network admin as it was getting pretty big . I've setup the first of the VLANs on one of the /24 ranges, and after tweaking subnet masks of servers, adding subnets to sites, dhcp helper addresses, etc I'm logging on quite happily on this other /24 subnet. I've got routing switched on, along with multicast (to support the phone system here as well as other things). For the life of me now, I can't access the internet from this new subnet. I'm purposely using these subnets as they fall within my range given by SWGfL so I wouldn't need to worry about NAT just let our Core (HP 5406zl) do the routing.
What am I missing? Help appreciated or am I just being a complete idiot!!!?
Can you post your config of the core?
Code:; J8697A Configuration Editor; Created on release #K.15.10.0009 ; Ver #03:03.1f.ef:f0 hostname "Core" module 1 type j8702a module 2 type j8702a module 3 type j8702a module 4 type j8702a module 5 type j8706a module 6 type j8706a trunk F15-F16 trk1 trunk power-over-ethernet pre-std-detect qos type-of-service diff-services timesync sntp sntp unicast sntp server priority 1 10.43.48.4 time daylight-time-rule western-europe ip default-gateway 10.43.48.1 no ip ssh ip route 0.0.0.0 0.0.0.0 10.43.48.1 ip routing ip multicast-routing snmp-server community "public" unrestricted snmp-server host 10.43.48.220 community "public" snmp-server host 10.43.50.107 community "public" snmp-server host 10.43.48.158 community "public" snmp-server contact "ICT Network Manager" location "Server Room" router rip enable exit router pim enable exit vlan 1 name "DEFAULT_VLAN" no untagged C1-C12,C22,D12 untagged A1-A24,B1-B12,B14-B24,C13,C15-C21,C23-C24,D1-D11,D13-D21,D24,E3,E5,E7,E13-E14,E16-E18,E20-E24,F2,F4-F6,F8,F10,F12,F14,F17-F18,F21-F22,Trk1 tagged B13,C14,D22-D23,E1-E2,E4,E6,E8-E12,E15,E19,F1,F3,F7,F9,F11,F13,F19-F20,F23-F24 ip address 10.43.48.95 255.255.255.0 ip igmp ip rip 10.43.48.95 ip rip 10.43.48.95 receive v1-only ip rip 10.43.48.95 send v1-only ip pim-dense ip-addr any exit exit vlan 2 name "OUTSIDE" no ip address exit vlan 3 name "INSIDE" tagged D16 ip address 10.43.50.1 255.255.255.0 ip helper-address 10.43.48.4 ip helper-address 10.43.48.49 ip helper-address 10.43.48.33 ip igmp ip rip 10.43.50.1 ip rip 10.43.50.1 receive v1-only ip rip 10.43.50.1 send v1-only ip pim-dense ip-addr any exit exit vlan 4 name "ICT SUITES" no ip address exit vlan 50 name "Phones" untagged C1-C12 tagged B13,C14,D16,D22-D23,E1-E2,E4-E9,E11-E13,E15,E17,E19,E21,E23,F1,F3,F5,F7,F9,F11,F13,F17,F19-F24 ip address 172.17.50.1 255.255.255.0 ip igmp qos dscp 101110 voice exit vlan 666 name "Guest-WiFi" untagged C22,D12 tagged C24,D15-D16,E5,E7,E13,E17,E21,E23,F5,F17,F21-F22,Trk1 ip address 10.74.204.16 255.255.255.0 ip helper-address 10.43.48.4 exit vlan 667 name "WiFi Prov" tagged C22,C24,D12,D15-D16,E5,E7,E13,E17,E21,E23,F5,F17,F21-F22,Trk1 ip address 172.17.60.1 255.255.255.0 ip helper-address 10.43.48.4 exit spanning-tree Trk1 priority 4 password manager password operator
Is that IP route the IP address your Smoothwall (or whatever you use)?
Are the clients default gateway pointing to the VLAN IP?
The IP route is our 'gateway' address supplied by SWGfL.
Device that is on the 'INSIDE' vlan, has a gateway address of 10.43.50.1
Can you ping the gateway from one of the clients? They might have to make changes to the config on the gateway to account for the new subnet masks.
No, I can't ping 10.43.48.1 from a client in the 'INSIDE' vlan.
You will need the edge router (the Swgfl one) to have it's net mask changed.
It'll still be using the 252 one i'd guess?
Double Cr*p! Should done more homework!
Internet access is still operational for 10.43.48.0/24 address, but beyond that its a no go. Hells bells. I'll go speak to the Grid.
Why even use their addresses? Only need one for the edge firewall/router.
Am i right in assuming you don't have a firewall between you and the SWGfL network then?
because SWGfLs network isn't secured against access from other schools within the same grid, load up procurve manager plus and start sticking some random 10. ip ranges in to the discovery and you might find you can suddenly see the HP switches of other schools within the grid. Laughed our bottoms off when we found that out 6-7 years ago (i guess they might have sorted that since then, but we are talking about swgfl here mind)
Using an internal range of 172.18.*.* here with /24 subnets with an ISA server between us and SWGfL on 10.7.*.* /22, didn't have to get swgfl to change anything that way.....albeit we'll be free of them and the ISA this month so yay
There are currently 1 users browsing this thread. (0 members and 1 guests)