Question : Switch cannot ping device connected to another switc

We have the configurations that are at the end of this description. The 3750 is being used as the head end switch. There is a 3560 in a department in another building. The two are linked via a 3560 in between. I've listed the configs for the two end points.

Here is what we're trying to accomplish:
There is a watchguard firewall at 10.0.0.1 that is the default gateway for the majority of the network. On the 3560, port fa0/21 there is a sonic wall firewall at ip 192.168.215.1. For the users in the 192.168.215.x network, we want them to all be in VLAN 114, and we want their Internet access to go to the sonic wall. The rest of the network has 10.x addresses, and these 192.168.215.x users should be able to access this network. However, what is happening is that they are able to go out the sonic wall for a couple of VPN access sites they have, that are 167.198.204.x addresses, but all other Internet access fails, as does access to the 10.x.x.x addresses.

One thing that seems odd... from the 3750 (10.10.0.1) we can ping the sonic wall firewall, but we cannot from the 3560 (10.10.0.56) which is where it is actually plugged in.

Cisco 3750
=========================================
hostname AdminFiberHost
!
switch 1 provision ws-c3750g-12s
ip subnet-zero
ip routing
ip dhcp excluded-address 10.100.0.1 10.100.0.20
ip dhcp excluded-address 10.100.0.225 10.100.0.255
ip dhcp excluded-address 10.114.0.225 10.114.0.255
ip dhcp excluded-address 10.214.0.1 10.214.0.20
ip dhcp excluded-address 192.168.215.1 192.168.215.99
ip dhcp excluded-address 192.168.215.200 192.168.215.255
!
ip dhcp pool Admin_Data
network 10.100.0.0 255.255.0.0
default-router 10.100.0.1
option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=200"
domain-name xxxx.org
dns-server 10.0.0.11 10.0.0.9
option 4 ip 10.0.0.11
netbios-name-server 172.16.1.103
netbios-node-type h-node
!
ip dhcp pool Admin_Voice
network 10.200.0.0 255.255.0.0
default-router 10.200.0.1
option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=200"
domain-name xxxx.org
dns-server 10.0.0.11 10.0.0.9
option 4 ip 10.0.0.11
netbios-name-server 172.16.1.103
netbios-node-type h-node
!
ip dhcp pool Health_Data
network 192.168.215.0 255.255.255.0
default-router 192.168.215.1
option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=214"
dns-server 64.192.56.20 64.192.56.22
!
ip dhcp pool Health_Voice
network 10.214.0.0 255.255.0.0
default-router 10.214.0.1
option 156 ascii "ftpservers=10.0.0.4, country=1, language=1, layer2tagging=1, vlanid=214"
domain-name EffinghamCounty.org
dns-server 10.0.0.11 10.0.0.9
option 4 ip 10.0.0.11
netbios-name-server 172.16.1.103
netbios-node-type h-node
!
ip dhcp pool HD_wic1
host 192.168.215.9 255.255.255.0
client-identifier 0100.0802.52a8.f8
client-name echdwic1
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_wic2
host 192.168.215.11 255.255.255.0
client-identifier 0100.0802.52b2.0c
client-name echdwic2
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_wic3
host 192.168.215.12 255.255.255.0
client-identifier 0100.0802.50b9.06
client-name echdwic3
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_win1
host 192.168.215.5 255.255.255.0
client-identifier 0100.6097.1e23.ae
client-name echdwin1
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_win2
host 192.168.215.6 255.255.255.0
client-identifier 0100.a0cc.54e8.4f
client-name echdwin2
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_win3
host 192.168.215.7 255.255.255.0
client-identifier 0100.508b.623c.4e
client-name echdwin3
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_win4
host 192.168.215.8 255.255.255.0
client-identifier 0100.a0cc.54d5.4b
client-name echdwin4
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_echdbill
host 192.168.215.14 255.255.255.0
client-identifier 0100.16d4.06c9.af
client-name echdbill
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_japk
host 192.168.215.13 255.255.255.0
client-identifier 0100.0f20.fa57.ba
client-name echdjapk
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
netbios-node-type h-node
!
ip dhcp pool HD_echdscot
host 192.168.215.15 255.255.255.0
client-identifier 0100.a0cc.54e8.51
client-name echdscott
default-router 192.168.215.3
dns-server 10.0.0.11 10.0.0.9
netbios-node-type h-node
!
ip dhcp pool HD_ecdscot
default-router 192.168.215.1
dns-server 64.192.56.20 64.192.56.22
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls * automatically generated qos statments omitted *
mls qos
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 10.0.0.13 255.255.0.0
!
interface Vlan10
description MANAGEMENT VLAN
ip address 10.10.0.1 255.255.0.0
ip helper-address 10.0.0.11
no ip route-cache cef
no ip route-cache
!
interface Vlan114
description Health Data
ip address 192.168.215.3 255.255.255.0
!
!
interface Vlan214
description Health Voice
ip address 10.214.0.1 255.255.0.0
!
ip default-gateway 10.0.0.1
ip classless
ip default-network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 167.198.204.0 255.255.255.0 192.168.215.1
ip http server
!
AdminFiberHost#
====================================================
Cisco 3560
hostname Health_3560_01
!
ip subnet-zero
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
m* Generated mls statements omitted *
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 114
switchport mode trunk
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/21
description Sonic Wall Soho3
switchport access vlan 114
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/22
description Link to Health_3560_02
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
macro description cisco-switch | cisco-switch
auto qos voip trust
!
interface FastEthernet0/23
description ShoreTel 60/12 Voice Switch
switchport access vlan 214
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/24
description Linksys EF3124 Switch
switchport access vlan 114
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch | cisco-switch
auto qos voip trust
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.0.0.56 255.255.0.0
shutdown
!
interface Vlan10
ip address 10.10.0.56 255.255.0.0
!
ip classless
ip http server
!
!
control-plane
!
Health_3560_01#

Answer : Switch cannot ping device connected to another switc

Hi clbrownjr

The firewalls are the default gateways for the internal networks directly connected to them. For these networks to talk to other internal networks, the firewalls will need routing entries to another router that connects these networks. Since the 192.168.215.0/24 network can't talk to the 10.x.x.x networks, I suspect these routes have not been configured.

The 3750 can ping the Sonicwall because it will use its 192.168.215.3 address.
The 3560 will fail because 1) It doesn't have a default gateway and 2) As above, suspect no route from the Sonicwall to the 10.10.0.0/16 network.

The reservation for host HD_echdscot, 192.168.215.15, has a gateway of 192.168.215.3, not 192.168.215.1 ??

It wasn't clear which addresses could connect to 164.198.204.x but I'm guessing that the path goes via tthe 3750, which has a static entry for this network, and the default perhaps goes via a firewall that doesn't handle the source addresses or has now return route, so Internet access fails.

Random Solutions

NTFS directory locked out -- can't take ownership

Apache SSL VHosts not displaying correct DocumentRoot webpage

Meaning of terminology for Dynamic DNS

Reject clients with no reverse hostname

Could not login to ALTIRIS console & server from client PC

Exception in thread "main" java.lang.NoClassDefFoundE<wbr />rror: weblogic/Deployer

Copy ACL from one folder to another

Sendmail Queue error

Using 3 IP addresses on 1 laptop - will hardware profiles work?