Question : Can't ping secondary subnet, possible routing issue?

What I thought would be a simple project has me pulling my hair out. I'm sure the answer is right in front of me, but I can't seem to find it. I'm hoping someone can help.

I have a fairly simple network set up using a layer3 switch to manage 2 subnets through 1 firewall & T1 line.

10.0.0.- subnet 1 (uses 10.0.0.1 port/ip on switch as gateway)
192.168.2.- subnet 2 (uses 192.168.2.1 port/ip on switch as gateway)
10.0.1.- uses only 2 ip addresses: 10.0.1.1 = trusted IP of firewall and 10.0.2.2 is the port/ip on the switch

The following is the routing table BEFORE i tried adding another subnet.
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

I wanted to add a 3rd subnet, so I enabled/configured another port on the switch. The routing table now looks like this:
Network address     Subnet                Protocol   Next Hop     Next Hop IP       Best Route
0.0.0.0                   0.0.0.0                Default    0.1              10.0.1.1            Yes
10.0.0.0                 255.255.255.0      Local       0.3              10.0.0.1            Yes
10.0.1.0                 255.255.255.252   Local      0.1              10.0.1.2             Yes
10.0.2.0                 255.255.255.0      Local       0.7              10.0.2.2             Yes   <-- new entry
192.168.2.0            255.255.255.0      Local      0.5              192.168.2.1        Yes

Now, I still have full functionality on the 10.0.0. and the 192.168.2. I can communicate freely between those 2 subnets as well as out through the firewall (10.0.1.1).

From both the 10.0.0 and the 192.168.2 I CAN ping the new 10.0.2.2 ip (which is the port on the switch) but I can't ping any other IP's on that subnet (10.0.2.1, 10.0.2.5, etc). All tracert's stop at the switch.

I have confirmed from a PC on the 10.0.2 subnet that I can ping the switch IP (10.0.2.2).
I can ping the same switch IP (10.0.2.2) from both the 10.0.0 subnet and the 192.168.2 subnet.
I can also use the switch's "internal" ping tool (run from the web interface) and can ping any IP on ANY subnet.

What am I missing????

Thanks in advance,
-Scott

Answer : Can't ping secondary subnet, possible routing issue?

PAQed with points refunded (500)

modulo
Community Support Moderator