Click on Pictures to View

To view a larger version of an image within a post, just click on the picture you want to view :)

Wednesday, June 6, 2018

Cannot Ping Device on Different Subnet

While working on deploying the network at a new operations center in Texas, we ran into some issues regarding both security cameras and credit card reader device installations.  The security cameras and card readers are each installed and managed by other departments (ie Security dept., Help Desk, etc.)

These devices were initially plugged into ports configured by default as end-user data ports and received DHCP addresses.  However, due to the general security reasons and architectural design of the VLANs, their corresponding subnets, and network segmentation of the campus, the devices needed static addresses on purpose-specific subnets configured.  This required our network team to change switchport configs off the default DHCP vlan accordingly to allow for connectivity.

The problem here was many times the device (after static address assigned and port config updated) was only pinging from the local subnet.  Even on the Layer 3 switch, a ping was only successful when sourced from that subnet's SVI (eg #ping 192.168.100.27 source vl 200)

Turns out, when the device is only pinging on the local subnet, it was usually because of one (or both) of two simple reasons.

Reason 1 - Wrong Statically Assigned Subnet Mask

Our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and IP address 3rd octet spread across various layer 3-separated closets.  The folks assigning the static address would configure either a /24 mask by habit or default, or mix up the /26 and the /27 masks, etc.  Once the mask was fixed to match the mask of the assigned subnet's local gateway, the issue was resolved.

Reason 2 - Wrong Statically Assigned Default Gateway

Again because our network was utilizing a mix of /26 & /27 networks for the same VLAN ID and 3rd octet spread across various layer 3-separated closets, the gateway was not always the same host address; so the first three octets were the same for all of these subnets, but the gateway differed in the fourth octet.  The folks assigning the static address would again, either do the standard gateway IP for a /24 network by default or habit, or confuse the correct gateway for that /26 or /27 subnet.  Once the gateway IP address was fixed, the device became reachable from outside its own subnet.


Posted by at
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Give my post a +1 or let me know if you found any of my blog content helpful!

Subscribe to: Post Comments (Atom)