While working on deploying the network at a new operations center in Texas, we ran into some issues regarding both security cameras and credit card reader device installations. The security cameras and card readers are each installed and managed by other departments (ie Security dept., Help Desk, etc.)
These devices were initially plugged into ports configured by default as end-user data ports and received DHCP addresses. However, due to the general security reasons and architectural design of the VLANs, their corresponding subnets, and network segmentation of the campus, the devices needed static addresses on purpose-specific subnets configured. This required our network team to change switchport configs off the default DHCP vlan accordingly to allow for connectivity.
The problem here was many times the device (after static address assigned and port config updated) was only pinging from the local subnet. Even on the Layer 3 switch, a ping was only successful when sourced from that subnet's SVI (eg #ping 192.168.100.27 source vl 200)
Turns out, when the device is only pinging on the local subnet, it was usually because of one (or both) of two simple reasons.
Reason 1 - Wrong Statically Assigned Subnet Mask
Our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and IP address 3rd octet spread across various layer 3-separated closets. The folks assigning the static address would configure either a /24 mask by habit or default, or mix up the /26 and the /27 masks, etc. Once the mask was fixed to match the mask of the assigned subnet's local gateway, the issue was resolved.
Reason 2 - Wrong Statically Assigned Default Gateway
Again because our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and 3rd octet spread across various layer 3-separated closets, the gateway was not always the same host address; so the first three octets were the same for all of these subnets, but the gateway differed in the fourth octet. The folks assigning the static address would again, either do the standard gateway IP for a /24 network by default or habit, or confuse the correct gateway for that /26 or /27 subnet. Once the gateway IP address was fixed, the device became reachable from outside its own subnet.
Click on Pictures to View
To view a larger version of an image within a post, just click on the picture you want to view :)
Showing posts with label subnet mask. Show all posts
Showing posts with label subnet mask. Show all posts
Wednesday, June 6, 2018
Friday, September 25, 2015
Can't Ping VLAN (ELAN) from Outside the Local LAN?
So here's a short post.
I installed a Cisco layer 3 switch and moved all the configs for the local LAN's VLANs, ip routing, from the old switch and router etc. over to the new switch.
Everything seemed fine and dandy upon completion, and I could ping back to Headquarters from the remote site, and could get internet and intranet access, etc.
However, it turned out that Headquarters (or any other remote site than the one where I installed the switch) reported they could not ping the ELAN for that site.
So all data, voice and wireless VLANs for that site were pingable from Headquarters, but the ELAN was not pingable.
Back on site, everything seemed to be working, and I could ping everything from within the local LAN. It just seemed that from OUTSIDE my local LAN, ELAN was unreachable.
Solution:
I double-checked the EIGRP routing statement on the layer three switch with a simple "show run."
Sure enough the ELAN IP address was missing from the EIGRP statement.
Once I added that in, I was able to ping the ELAN from outside the LAN and it was available for Telecomm's purposes.
So if you can ping inside the network, but not FROM outside the network, check your routing statement!
...also, if you are adding in equipment, make sure your configs are correct!
Short Info on ELANs:
http://www.c-sharpcorner.com/Interviews/answer/851/what-is-a-vlan-what-is-an-elan-what-is-the-difference
I installed a Cisco layer 3 switch and moved all the configs for the local LAN's VLANs, ip routing, from the old switch and router etc. over to the new switch.
Everything seemed fine and dandy upon completion, and I could ping back to Headquarters from the remote site, and could get internet and intranet access, etc.
However, it turned out that Headquarters (or any other remote site than the one where I installed the switch) reported they could not ping the ELAN for that site.
So all data, voice and wireless VLANs for that site were pingable from Headquarters, but the ELAN was not pingable.
Back on site, everything seemed to be working, and I could ping everything from within the local LAN. It just seemed that from OUTSIDE my local LAN, ELAN was unreachable.
Solution:
I double-checked the EIGRP routing statement on the layer three switch with a simple "show run."
Sure enough the ELAN IP address was missing from the EIGRP statement.
Once I added that in, I was able to ping the ELAN from outside the LAN and it was available for Telecomm's purposes.
So if you can ping inside the network, but not FROM outside the network, check your routing statement!
...also, if you are adding in equipment, make sure your configs are correct!
Short Info on ELANs:
http://www.c-sharpcorner.com/Interviews/answer/851/what-is-a-vlan-what-is-an-elan-what-is-the-difference
Subscribe to:
Posts (Atom)