1

Before I ask any questions, here's a bit of an overview:

Simple example of my network topology

What I have in the diagram is two networks segregated by a point-to-point LOS system (the "towers") and two network encryption/decryption devices on either side, each having a cipher- and plain-text NIC. From there, Switch 1 and Router have a tunnel built between each of them that run through the other devices.

Switch 1 can ping everything on both sides of the tunnel, including other devices that use the router on the left side (not shown in the diagram) as well as the plain-text side of the encrypt/decrypt device (192.168.100.1).

Switch 2 can ping everything within its network on its side of the tunnel, but nothing on the opposite side (it can't reach the router or opposite encrypt/decrypt device).

The static routes in Switch 1 are as follows:

ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.100.2 255.255.255.255 Vlan674 192.168.0.1

Note: Vlan674 is the vlan I'm using for all ports across both switches. The vlan is also what's assigned the IP for both switches.

Again, from switch 1 I can pretty much ping everything. From switch 2 I can't route my packets (for example, the VMs) through to switch 1 so they can communicate with the far router.

Would any of you smart folks out there know what static routes I might need to build to get the VMs to talk to the router on the far side? I tried 0.0.0.0 0.0.0.0 192.168.0.2 on switch 2, to route packets to the first switch, but it doesn't seem to work. I've tried multiple static routes, but still no cigar.

jmcdee
  • 11
  • 2

1 Answers1

1

Switches don't route traffic (unless they are Layer 3 switches, but I'm assuming they are not in this case). What you need to do is to configure switch 2 with the same routes as those configured on switch 1.

You shouldn't need to specifically add a route for 192.168.100.2 to switch 1 or switch 2. Traffic from switch 1 or switch 2 destined for 192.168.100.2 will be sent to their Default Gateway of 192.168.0.1.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • That's what I tried initially and I assumed it would have worked, but I'm wondering if the tunnel settings on switch 1 play into it a bit more. Also, they are L3 switches. – jmcdee Nov 18 '15 at 04:46
  • Oh, I missed the part about Switch 1 and the Router having a tunnel between them. You'll need to create a tunnel between Switch 2 and the Router. – joeqwerty Nov 18 '15 at 12:33
  • Do you think I could build a tunnel from switch 2 to 1 to interface with the pre-existing tunnel? Another obstacle is that I'm not the admin for that router – jmcdee Nov 18 '15 at 17:38
  • At this point I'd probably recommend enabling and configuring the routing component on Switch 1 and then using it as the Default Gateway for all devices on that network. – joeqwerty Nov 18 '15 at 18:13
  • I've got that configured as well. All devices on Switch 1 use Switch 1 as the gateway. The VMs on Switch 2 _have_ to have Switch 2 as their gateway due to the type of system it is, but I have Switch 2's gateway set as the IP for Switch 1. I do have a laptop plugged into Switch 2 for testing and I still haven't gotten it to work. I wonder if the way the tunnel is built is causing the hiccup. Unfortunately, I'm at a stalemate right now because the Router I referenced in my diagram is currently down. Isn't that always how it works? :) – jmcdee Nov 18 '15 at 21:05