I was wondering if someone could help educate me here. Mods if this is against the rules feel free to remove.
My understanding of VLANs is that they cannot communicate between each other unless there is some layer 3 routing between them. I am working in an environment where we have several layer 2 switches connected back to one layer 3 core switch.
The vlans on the core switch are as follows:
interface Vlan1
description ***** DATA *****
ip address 192.168.10.1 255.255.254.0
no ip proxy-arp
!
interface Vlan10
description ***** VOICE *****
ip address 192.168.42.1 255.255.255.0
ip access-group DENY-VOICE-SECURITY out
no ip proxy-arp
!
interface Vlan20
description ***** SECURITY *****
ip address 192.168.0.1 255.255.255.0
ip access-group DENY-VOICE-SECURITY out
no ip proxy-arp
!
interface Vlan22
description **** GUEST ****
ip address 192.168.22.1 255.255.254.0
!
interface Vlan100
description ***** ASA-UNTANGLE *****
ip address 192.168.100.1 255.255.255.248
ip access-group DENY-UNTANGLE-ASA out
no ip proxy-arp
Everything is trunked back to the main switch which then goes to an Untangle firewall. Everything is currently running on VLAN 1 apart from the IP phones
What I am confused by:
1.) If I put a switch port on vlan access mode 22 ie:
interface 0/40
vlan pvid 22
vlan participation exclude 1,10,20
vlan participation include 22
exit
and connect a computer to it with a static IP in the 192.168.22.1/23 subnet I cannot get internet access or even ping the 192.168.22.1 gateway. Shouldn't I be able to ping the vlan interface?
I'm not even sure if I am asking the right questions but I hope someone here can put me on the right track.
No comments:
Post a Comment