NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

getut1's avatar
getut1
Aspirant
Jan 09, 2013

L3 Routing Issue w/ diagram

Please help me with a mind boggler of a routing problem(to me). I have attached a diagram to show my environment. It is much simpler and more accurate than trying to type it out.



Additional details:

The master switch is a GSM7328FS. It has the default gateway set to 192.168.5.254 (Firewall 1) and static routes to all the VLANs. It handles all the routing to all the VLANs except for VLAN 5.

Firewall 1, 2, and 3 have static routes to 192.168.4.15 for all the VLANs except VLAN 5 in which case it is set to 192.168.5.252. Firewall 3's VLAN 5 interface is a virtual one with VLAN tagging turned on. It is the same physical interface on the same port as the shown VLAN 1 interface.

Client PC's on main VLAN 1 have their default gateway set to 192.168.5.254 and are provided static routes the other VLANs except 5 with a gateway of 192.168.4.15. VLAN 5's static route points to 192.168.5.252.

Client PC's on VLAN 5 only have the default gateway and it is set to 192.168.16.1

My problem is that I can't get packets through from VLAN 1 to VLAN 5 or vice-versa. They keep getting bounced off to the layer 3 switches default gateway of 192.168.5.254. I can find nowhere that I have a route set improperly.

Here are the results of ping tests:

Machine A ---> 192.168.5.252 = GOOD
Machine A ---> 192.168.16.1 = BAD when both devices are connected to my L3 switch and GOOD when both devices are attached to a regular unmanged switch.
Machine A ---> Machine B = BAD (my unmanaged switch doesn't have VLANs so can't test on non l3 switch)
Machine B ---> 192.168.16.1 = GOOD
Machine B ---> 192.168.5.252 = GOOD
Machine B ---> Machine A = BAD (my unmanaged switch doesn't have VLANs so can't test on non l3 switch)

Packet capture at Switch 3 during the Machine A ---> 192.168.16.1 test shows packets making it to Firewall 3 and then it shows itself responding.
Packet capture at Machine A during the same test shows the ping being sent and then a "redirect for host" coming from Firewall 1 (192.168.5.254) but the actual ping output still shows request timed out.

What could I possibly have set up wrong? I can't find it but it is obvious I have something pooched.

Troubleshooting

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More