New l3 Switch, Why can't clients ping certain subnets?

[kia75]

I just set up a new l3 switch. When connected from the switch, I can ping ips from the 192.168.3.x subnet. When I attach a host to that switch with an ip of 192.168.5.42, I can no longer ping anything from 192.168.3.x

Computers from the 192.168.2.x subnet can ping the computer just fine. The 192.168.5.42 computer can ping things from 192.168.2.x just fine. It's going from .5 to .3 and vice versa that's giving me trouble. Any suggestions?



Here is how my network looks:

192.168.3.x subnet and switches ------------- Router-------------- 192.168.2.x subnet and switches
|                                                 |                                            |
|                                                 |                                            |
192.168.3.198 255.255.255.0                        192.168.4.x                                 192.168.2.96 computer
Level 3 switch
192.168.5.35 255.255.255.224
|
|
192.168.5.42
computer

The l3 switch has the following Static routing table.
192.168.3.0 24 Local
192.168.5.32 27 Local
0.0.0.0 0 192.168.3.254 Remote Static 1


Any Suggestions?

 

[jlazzaro]

switch make/model? is the default gateway of the clients on the 3 and 5 subnet the layer 3 switch? there is no reason why 2 networks on connected interfaces cannot ping each other unless there is a layer 2 vlan, layer 3 addressing, or client configuration issue.

When connected from the switch, I can ping ips from the 192.168.3.x subnet.

this will use the source address of the exiting interface, 192.168.3.198. what if you source your pings from 192.168.5.35?

 

[kia75]

switch make/model? is the default gateway of the clients on the 3 and 5 subnet the layer 3 switch? there is no reason why 2 networks on connected interfaces cannot ping each other unless there is a layer 2 vlan, layer 3 addressing, or client configuration issue.

It probably is a configuration issue on my part.

Switch is a cisco 300 series 28 port Switch.

The default gateway of the .5 subnet clients is the layer 3 switch (192.168.5.35).
The default gateway of the .3 subnet clients is the router in the middle (192.168.3.254).

Should the .3 subnets have a default gateway of 192.168.3.199(switch ip)? Wouldn't that just add a 2nd hop to everything? There's tons of computers and switches connected between the layer 3 switch and the Router. I'll go ahead and try it later.

this will use the source address of the exiting interface, 192.168.3.198. what if you source your pings from 192.168.5.35?

I'm not quite certain how to do that from this switch, but if I attach a client to the 192.168.5.35 port and give it the ip of 192.168.5.41 and a default gateway of 192.168.5.35 it can ping anything on the 192.168.2.x subnet, the 192.168.4.x subnet and vice versa.

 

[Pheran]

My first guess is that your router is missing a route to 192.168.5.32/27 via 192.168.3.198 (though, you might have already ruled that out, but I can't quite tell from the vague language in the OP).

The other issue is that having a subnet (192.168.3.0/24) with hosts on it between two routers like this is a bad idea, and it's another potential source of your problem. When hosts on the 5.32 net try to access the hosts on 3 net, those hosts will send the replies the wrong direction due to their default gateway pointing at your router. If the router knows the right route to 5.32, it will have to issue an ICMP redirect to the system on 3 net to point it in the other direction. If the router isn't issuing redirects or clients aren't paying attention to them, the connection will fail.

The only fixes for this problem that don't involve redirects getting sent all the time are:

1) Rearchitect things so you don't have hosts between 2 routers

OR

2) Put a static route for the 5.32 net on every single host on 3 net.

It should be obvious that solution #1 is a better idea.

 

[kia75]

Thanks everyone! Changing the default gateway on the 192.168.3.0/24 to the switch fixed everything!

The other issue is that having a subnet (192.168.3.0/24) with hosts on it between two routers like this is a bad idea, and it's another potential source of your problem. When hosts on the 5.32 net try to access the hosts on 3 net, those hosts will send the replies the wrong direction due to their default gateway pointing at your router. If the router knows the right route to 5.32, it will have to issue an ICMP redirect to the system on 3 net to point it in the other direction. If the router isn't issuing redirects or clients aren't paying attention to them, the connection will fail.

The only fixes for this problem that don't involve redirects getting sent all the time are:

1) Rearchitect things so you don't have hosts between 2 routers

I agree, the network over here is designed badly and I'd rather do it another way. What I'm hoping to do is use this as a proof of concept. If we can prove that things work much better with all the computers segmented then I'll get a budget to do things the right way.