router on a stick

We just installed a new Internet filter that uses a source SPAN port to see traffic to or from the Internet. A problem arises because our remote access vpn users are bypassing the filter because their traffic never crosses the SPAN source port. I remember with hubs that we don't carry in and out hubs, and before ASA, a PIX would not let the traffic in and out of the same interface. He was to be sent to a router. I use an ASA now and of course the same security perm intra command takes to care about this, but I'm trying to find a way to restore somehow and use a router to route traffic vpn for remote access only. The path looks like

Internet-> ASA-> 4510 (source SPAN is a link between the ASA and 4510)

So I want to be able to send the default traffic of a client for remote access to the 4510 and then the traffic turned to the ASA and the Internet. Possible?

Thank you

Bill

You can try a default route by tunnel.

Route inside 0.0.0.0 0.0.0.0 <4510.ip>tunnel

Tags: Cisco Security

Similar Questions

Router-on-a-stick with RVS4000

Hi all

I intend to reshape our network topology and the creation of at least three VLANs using a router-on-a-stick of the installation type. We have two switches Cisco Small Business sg200-50 and a small RVS 4000 router business. I haven't implemented the configurations of router-on-a-stick in IOS, but I was unable to figure out if it is possible to do with small business of operating systems on the router and switches, we have. Does anyone have an experience with this? It is even possible with the equipment of small businesses?

Sorry if this question is already answered elsewhere on the forums; I searched around, but can't find anything.

See you soon,.

Curtis

Hi Curtis,.

Without having the RVS4000 in front of me, it looks like you can. I suppose that you have several VLANs on your SG200 and want to route between them as the SG200 is only a layer 2 switch. You can connect the RVS 4000 via trunk on the switch and the router port (its in L2 Switch-> vlan configuration of the port on the rvs4000) and add each vlan of the trunk (under L2 switch-> belonging to a vlan on the rvs). Please note that the RVS4000 is limited to 4 virtual local networks, including the vlan by default. I think that the router will automatically create the static routes appropriate when you create them VLAN (vlan create a L2 Switch->). The default value on the RVS4000 is for intervlan routing be enabled under Setup-> routing advanced but double check if you encounter any problems. Also, check the routing table and add static routes as needed.

You can also switch a switch to a SG300, which is a layer 3 switch.

Best,

David

Do not forget to note resonses useful and identify the right answers.

Router-on-a-stick VLAN possible with SRP547w & SG200-26?

According to the title, I need just 3 or 4 VLANS with communication inter - VLAN enabled.

In the past I used this router with every internal switch set to one VLAN port different with each in turn hooked up to a switch. This did work for me, but I want to dip my toe in the world of .1q VLAN and acquire additional flexibility and cleanliness.

Kind regards

Brandon.

Hi Brandon,.

On the RPS, navigate;
- The interface Setup > LAN > Configuration of VLAN
- Create the VLAN with the attribute as you want
- Below are 2 sections, VLAN and added interface, add the interfaces to the port
The SX200 switch, you will need to assign a port as a vlan native containing the tag VLAN untagged and all others.
- Connect the SX200 and access management of VLANS
- Create the desired VLAN
- Access the belonging to a VLAN ports, change the proposed port connect to the RPS, use the arrow on the slide to add the VLAN to the port as members marked
* Ensure that connection ports are port trunk allowed several VLANS to be set on the link. An access port allows 1 membership alone a VLAN.

Hi Andrew! You me before I can submit

-Tom

Post edited by: Thomas Watts

Drop ' n Go subnet to breast pre-existing network - Help with routing please

Hi all

I consider myself the best entry level when it comes to the Cisco ASA 5505, and I appreciate help or direction that someone would be able to provide regarding this question, I'll have. I'm sure there is something out there for this, but I was still not able to understand this with what I found.

We currently have our installation of infrastructure like this: modem(69.14.72.6/255.255.255.248)-> ASA (192.168.1.1)-> Switch-> hosts and Servers(192.168.0.X\24).

What I'm trying to do is to drop in a small router somewhere within this network with its own subnet and be able to communicate back him 192.168.0.X network, so it will look something like this: modem-> ASA-> Switch-> hosts and Servers(192.168.0.X\24) & hosts and Servers(192.168.1.X\24).

I will allow this traffic if all goes well, then that only have 2 interfaces configured on the SAA (0/0 and 0/1-0/5 inside) outside and without changing the configuration of the switch. A few key phrases that come to mind from my research so far are "Hair pin" and "permit same-security-traffic intra-interface". Also, I am aware of the port-forwarding and as I understand it would not as convenient to configure a rule for each device connected to the 192.168.1.X\24 network.

I hope someone can help me with this question, I've been at this for 3 weeks now.

Thanks again to all!

EDIT: Here is a diagram to help explain what I'm trying to do. The area in red is what I'm trying to add to the others that I already have.

Hi James,

For the route between the 2 networks, that you will need to either use a layer 3 switch or a "router on a stick".

Installation of a layer 3 switch would interrupt less to your existing network.

You are then ASA "inside" interface--> Layer 3 Distribution Switch--> 2 or more switches to access

ESXi-> Cisco 3850-> router upstream routing does not

Please see the attached diagram.

I currently have the installation of "router on the stick" and I move to lass on Cisco 3850 battery. Initially, I moved VLAN100. I can ping to each of the directly connected devices (i.e. the router 3850 and 2911). I can't do a ping to a virtual machine on vlan 100 router and vice versa. Here's what works what doesn't work.

Work in both sense

VM (172.16.100.51) <->GW on IVR (172.16.100.254)

VM (172.16.100.51) <->an another IVR (172.16.230.254)

VM (172.16.100.51) <->Int L3 on 3850 (10.2.2.2)

L3 on 3850 (10.2.2.2) int <->int L3 on 2911 (10.2.2.1)

SVI on 3850 (172.16.100.254) <->int L3 on 2911 (10.2.2.1)

Does not not in both directions:

VM (172.16.100.51) <->L3 interface on 2911 (10.2.2.1)

VM (172.16.100.51) <->else NOT routed on 3850

I have following routes on 2911 and 3850.

3850:
IP route 0.0.0.0 0.0.0.0 10.2.2.1

2911:

IP route 172.16.100.0 255.255.255.0 10.2.2.2

IP route 172.16.230.0 255.255.255.0 10.2.2.2

If in theory everything that comes from 172.16.100.51 no 3850 premises must be sent to 10.2.2.1 since it is the default route on 3850.

I suspect that this is a problem with the license. I have IP Base feature set stack license 3850. I have checked using the license to show and display the version controls.

According to this FAQ Cisco, http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-..., routing should work because I do not have more than 16 static routes and I'm only using base L3 routing features.

I am at a loss here. What is going on? Can someone please confirm?

I bought WS-C3850-24 t-S,

http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst3850/software/...

thinking that I would be able to use Lass and keep all traffic to get into the routers as switches upstream of our most ancient were only L2.

It looks like an upgrade for all IP Services features is possible.

https://cisco3850.wordpress.com/2015/04/22/licensing-for-cisco-catalyst-....

That I have to upgrade the image so or can I just pass the license using the built-in commands described here.

http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst3850/software/...

I hope that I don't have to reboot switches because this configuration is currently using this stack as the core and distribution.

Any help is appreciated.

Thank you

Turning and the "IP routing" did?

Configure the DHCP on the router and switch

Good afternoon

I'm trying to set up DHCP using CLI on a 2610 router and switch 2950. With my current config, the host at the end of the switch (set to receive ip via DHCP) does not have anything assigned. Here are a few shows:

Router:

Router_1 #show ip int br
Interface IP-Address OK? Method State Protocol
192.168.10.1 FastEthernet0/0 YES manual up up (leading to pass)
Serial0/0 YES no not defined administratively down down
Serial0/1 no YES not defined administratively down down
Ethernet1/0 YES no not defined administratively down down
Ethernet1/1 no YES not defined administratively down down
Ethernet1/2 no YES not defined administratively down down
Ethernet1/3 no YES not defined administratively down down

Router_1 #show ip dhcp pool

Pool acer_pool:
Brand usage (up/down): 100 / 0
Size of the subnet (first/next): 0 / 0
Total addresses: 254
Rental addresses: 0
Waiting for the event: no
subnet 1 is currently in the pool:
Range of addresses IP of Current index leased addresses
192.168.10.1 192.168.10.1 - 192.168.10.254 0

Switch:

Switch_1 #show ip int br
Interface IP-Address OK? Method State Protocol
Vlan1 unassigned YES NVRAM up up
FastEthernet0/1 no YES unset upward, upward (leading to the router)
FastEthernet0/2 not assigned YES unset down down
FastEthernet0/3 not assigned YES unset down down
FastEthernet0/4 not assigned YES unset down down
FastEthernet0/5 not assigned YES unset down down
FastEthernet0/6 not assigned YES unset down down
FastEthernet0/7 not assigned YES unset down down
FastEthernet0/8 not assigned YES unset down down
FastEthernet0/9 no YES unset down down
FastEthernet0/10 not assigned YES unset down down
FastEthernet0/11 no assigned YES unset down down
FastEthernet0/12 not assigned YES unset down down
FastEthernet0/13 not assigned YES unset down down
FastEthernet0/14 not assigned YES unset down down
FastEthernet0/15 no assigned YES unset down down
FastEthernet0/16 not assigned YES unset down down
FastEthernet0/17 no assigned YES unset down down
FastEthernet0/18 no assigned YES unset down down
FastEthernet0/19 not assigned YES unset down down
FastEthernet0/20 not assigned YES unset down down
FastEthernet0/21 no assigned YES unset down down
FastEthernet0/22 YES no assigned unset upward, upward
FastEthernet0/23 not assigned YES unset down down
FastEthernet0/24 no assigned YES unset down down

What other info I can provide to solve this problem?

Thank you.

I think that you need to configure the router-on-a-stick.

Post your DHCP configuration.

Traffic Internet PIN for router ACL

Hello, I create a router-on-a-stick typical configuration where remote locations running IOS Cisco direct Internet traffic out through an IPSec tunnel that ends on an ASA5510. I'm 99% it and can't seem to move between the rays and the Internet. I'm looking for advice on how to configure properly the ACL entering the router WAN interfaces spoke.

My question is, what I specifically authorize the return of Internet traffic in the router speaks ACL? I was under the impression that what allows the Hub ASA IPSec traffic would include traffic Internet has hairpined through the ASA and I wouldn't need a specific ACL entry to addresses of Internet sources.

The router has spoken, I work now is a 3620 running IOS 12.3.26. When I configure the ACL entering on the WAN Interface to allow only the esp/isakmp Hub ASA, I'm not able to receive traffic from the Internet. If I remove the inbound ACL everything works fine. Here are the current incoming ACL from the laboratory network router:

access-list authorized note 130 incoming WAN connections

Note access-list 130 IPSec

Note LAN Access - list 130 subnets

access-list 130 allow ip 192.168.75.0 0.0.0.255 192.168.168.0 0.0.0.255

access-list 130 allow ip 192.168.50.0 0.0.0.255 192.168.168.0 0.0.0.255

access-list 130 allow ip 10.199.199.0 0.0.0.255 192.168.168.0 0.0.0.255

Note access-list 130 HUB ASA

access-list 130 permit udp host 172.16.1.4 host 172.16.1.21 eq non500-isakmp

access-list 130 permit udp host 172.16.1.4 host 172.16.1.21 eq isakmp

access-list 130 allow esp 172.16.1.4 host 172.16.1.21

access-list 130 allow host 172.16.1.4 ahp 172.16.1.21

Note access-list 130 NTP to the router

access-list 130 permit udp host 192.43.244.18 ntp host 172.16.1.21 eq eq ntp

access-list 130 authorized note ICMP traffic

access-list 130 permit icmp any echo host 172.16.1.21

access-list 130 permit icmp any any echo response

access-list 130 permit icmp any any source-quench

access-list 130 permit icmp any a package-too-big

access-list 130 allow icmp all once exceed

access-list 130 refuse icmp a whole

access-list 130 authorized note circulation of Managment

Note 130-list of access allow ssh

access list 130 permit tcp any any eq 22

With the list above applied inbound access on my WAN Interface, internal hosts are able to ping Internet addresses (allowing a response to ICMP echo) but cannot browse the Internet.

Should I enable a firewall on the router policy to allow the return of the Internet traffic? I thought that rule of ESP permits that would cover.

Any help is appreciated!

Dan

Dan

Unless you're running the IOS Firewall feature on your spoke routers then the router is unable to keep the State of outbound connections. So yes, you will need to also allow the traffic unencrypted in your inbound ACLs on the WAN interface because once the traffic is decrypted, it is then checked against the acl on the interface, see this link to order operations.

http://www.Cisco.com/en/us/Tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

On ASA/Pix firewalls you can tell the device to check against the acl on the external interface once that traffic has been decrypted with the command "sysopt connection" but I'm not aware of a similar option for IOS.

Jon

Switch-on-a-stick.

I'm looking for a solution to set up what is essentially the version of switch L3 to a router on a stick.

I have an ESXi server connected to a 3550 and I'm looking for intervlan routing between VLANS which exist on a trunk between the esxi server and the 3550 switch.

Earlier today, I was successfully on setup intervlan routing using a router and using interfaces of void.

With my attempt to use a L3 switch, I see that you cannot create interfaces and I don't quiet understand how to properly configure the switch.

Is attached a picture of what I'm trying to do.

Again, this works by using a router instead of the L3 switch and sub interfaces, but I need to know how to proceed to a l3 switch.

Thank you.

You can do the same functionality on the switch, but instead to use the secondary interfaces you use lass.

So for each vlan, you create an IVR and give each IVR and IP address:

Example of vlan 10 and 20

config t

inter vlan 10

IP 10.10.10.1 255.255.255.0

only HS

inter vlan 20

IP 10.10.20.1 255.255.255.0

only HS

I guess that your Lass multiple configuration and routing inter - vlan 3550 is compatible.

config t

IP routing

HTH

Routing multiple subnets on a site to site VPN

What is the recommended solution to deliver several subnets on a site to site vpn? Each subnet requires its own policy or a policy can be used for one or more subnets if the remote site has several subnets? In addition, if the remote router has only two fastethernet interfaces, it'll work if one of the interfaces of subinterface configuration or router on a stick?

If you talk about static routing, you can simply add the routes and change the ACL for encrypted as a result traffic.

If you want to run a dynamic routing. you will then need to IPSEC VTI. Here is the link

http://www.Cisco.com/en/us/docs/iOS/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1063136

and although I did not use of subinterfaces for IPSEC VTI. but according to me, it will work.

How can I get my new router (Netgear N150) to recognize my HP Officejet Pro L7580

Problems with getting the router to recognize the printer. Any ideas on that?

Welcome to the HP Forum!

carbonant wrote:

Problems with getting the router to recognize the printer. Any ideas on that?

It will depend on if you are using a wired or wireless connection.

Your router is a router WNR-1000? NETGEAR N150 is just a designation of bandwidth. It applies to a lot of models that NETGEAR. Look at the back of the router for the sticker.

Wired is simple. CAT5 cable allows you to connect to the router and configure the router as DNS server in its web graphical user interface.

Kind regards
ERICO

802 1 q trunk between ESX server and router Cisco

Hello team.
I want to create 3 VLANs on my server ESXi, each with 2 VMS and these VLAN transported by an external Cisco "router on a stick", that is to say router with a configured ethernet wth 3 subinterfaces, each of them for each of VLAN (IP subnets) inside the ESXi server.
I built the following image to explain my purpose. First it is possible to implement on ESXi? I guess it is.
Advice will be greatly appreciated.
Best regards, Rogelio ([email protected])

It will work very well. Ive done a similar thing in the past, but rather than use sub interfaces I used Lass rather on a layer 3 switch.

Session of the monitor on the chennel Port in Dell P6448

Hello

I use Dell P6448 is my access switch with router on a stick architecture. There is a port-chennel between the dell switch and interfaces of the router LAN. Now my requirement is I want to sniff all traffic passes on this switch chennel port end and he mirrored to a free port. It is once I have set the source interface 1 moonitor session? It offers the possibility of physical interface only and port-chennel1 cannot be specified there. Secondly if we try the physical ports in the interface of the source of the session monitor command it gives an error that this port cannot be used as a source interface. I use 3.3.1.10 Image.

Thanks for the help in advance.

Ashok Dhaktode

There is a limitation of the port mirroring. A port channel cannot be the source of a mirror, which includes physical ports in the port channel. You will find that if you get rid of the channel of the port of the individual ports will be able to mirror.

ISP or internet access redundancy failover

Hi Experts,

There are four figures (A, B, C, D) shown in the attached diagram.

My goal-side wan failover, means,

If an ISP or router fails, the other should

always be accessible.

Cisco 2960 Switch L2 =

Cisco 3560 Switch L3 =

I speak here of only two methods i.e. redundancy

Floating static route and IP SLA. There are folllowing

questionnaires on the attached diagram below,

Please give me answers in options Yes or no, if yes, then

guide me how to do, give me a short idea with config:

Figure A:

1. floating static route (Yes or no)

2 IP SLA (Yes or no)

Figure b:

1. floating static route (Yes or no)

2 IP SLA (Yes or no)

Figure C:

1. floating static route (Yes or no)

2 IP SLA (Yes or no)

Figure D:

1. floating static route (Yes or no)

2 IP SLA (Yes or no)

Figiure A and B, the two subnet side LAN are same

Figure C and D, subnet side LAN both are different

Note: Please do not discuss HSRP or any routing protocol in this post...

Hi again Kuldeep!

First of all - I would like to know what hides behind switches. I will assume that there is some host machines, because if there was some other routers, things will become more complex.

In addition, it is a pity that we cannot use routing protocols here, it would facilitate the Setup as much.

Figure A:

I hate to say it but Figure A is a typical scenario of HSRP/GLBP - I'll tell you why and and then leave, as you suggested, that we should not use HSRP in this thread.

You have common LAN IP subnet. Therefore, all hosts that are connected to the switch must have default gateway configuration. But what happens if one of the gateways become unavaible? Or the link to ISP becomes Athens? There is no other way to deal with this problem than the FHRP protocols.

Let's think about the following scenario: Router 1 will work, but its link to isps1 breaks down. Router 1 will always be the gateway by default for guests, but cannot transfer the Internet traffic. She could have floating static route set to ROUTER2 and ROUTER2 if its connection to ISP2 up - it will pass traffic rather ROUTER1. But as you can see - FHRP would solve the problem better. Now traffic have still must be sent to the Router 1 and then again in LAN Router 2 to send to the ISP.

Thus,-online 1. Floating static route - might be, but:

But consider this scenario with ONLY floating static routes defined. ROUTER1 has ROUTER2 to ROUTER1 and ROUTER2 FSR failed link to Internet service providers. But what happens if the two links on isps1-R1 and R2-ISP2 sink? Traffic will be a loop between ROUTER1 and ROUTER2 until TTL expires. That's because ROUTER1 trying to forward all traffic to ROUTER2 due to the static route - ROUTER2 is do exactly the same. It of a rare scenario - but can occur.

2 IP SLA - Yes, you could improve floating static route combining with IP SLA. You will configure floating but static route on Router 1 to Router 2, Router 1 will monitor router ' s2 ISP link. Then the floating static route will appear only if the IP SLA test is passed. In this case, you prevent loops where the two links to ISPS goes down.

Very brief example (may include some errors):
```
R1(config)# ip sla 11
R1(config-ip-sla)# icmp-echo 125.36.56.45
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit ! 2x
R1(config)# track 1 ip sla 11 reachability
R1(config-track)# delay down 10 up 1
R1(config-track)# exit
R1(config)# ip sla schedule 11 life forever start-time now
R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.3 253 track 1
```
And I have a similar setup on ROUTER2.

Explanation:
```
The first step in this configuration defines the probe.
Probe 11 is defined by the ip sla 11 command.
The test defined with the icmp-echo 125.36.56.45 command specifies that the ICMP echoes are sent to destination 125.36.56.45 to check connectivity.
The frequency 10 command schedules the connectivity test to repeat every 10 seconds.
The ip sla schedule 11 life forever start-time now command defines the start and end time of the connectivity test for probe 11; the start time is now and it will continue forever.
The second step defines the tracking object, which is linked to the probe from the first step.
The track 1 ip sla 11 reachability command specifies that object 1 is tracked; it is linked to probe 11 (defined in the first step) so that the reachability of the 125.36.56.45 is tracked.
The last step defines an action based on the status of the tracking object.
The ip route 0.0.0.0 0.0.0.0 192.168.1.3 254 track 1 command conditionally configures the default route, via 10.1.1.1, with an administrative distance of 2, if the result of tracking object 1 is true.
Thus, if 125.36.56.45 is reachable, a static default route via 192.168.1.3with an administrative distance of 253, is installed in the routing table.
```
Figure b:

OK I'm not sure if this switch is also active L3, or just capable L3 and it behaves like L2 switch.

If his behavior is L2 - same as Figure

If his behavior is L3 and routing - you could configure IP SLA + floating static routes in a similar way as in the Fig. A.

Switch must have two floating static routes and two probes IP SLA defined.

Figure b:

1. floating static route - not alone

2 IP SLA - Yes, with a floating static route
```
Example:
```
```
Switch(config)# ip sla 11
Switch(config-ip-sla)# icmp-echo 78.22.33.3
Switch(config-ip-sla-echo)# frequency 10
Switch(config-ip-sla-echo)# exit ! 2x
Switch(config)# ip sla 22
Switch(config-ip-sla)# icmp-echo 125.36.56.45
Switch(config-ip-sla-echo)# frequency 10
Switch(config-ip-sla-echo)# exit ! 2x
Switch(config)# track 1 ip sla 11 reachability
Switch(config-track)# delay down 10 up 1
Switch(config-track)# exit
Switch(config)# track 2 ip sla 22 reachability
Switch(config-track)# delay down 10 up 1
Switch(config-track)# exit
Switch(config)# ip sla schedule 11 life forever start-time now
Switch(config)# ip sla schedule 22 life forever start-time now
Switch(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.2 2 track 1
Switch(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.3 3 track 2
```
Figure C:

This one is a little tricky. Because you said that there are several different LANs. So there must be some VLAN. If the connection between routers and Switch is set as the trunk, you have routing Inter VLAN past, known as router-On-A-Stick. If this is the case - it would be similar to Figure A.

If you do not have Inter VLAN routing in this scenario I can't think of any possible solution here. It is simply because the ROUTER1 would not be able to send anything to ROUTER2 (if it was in different VLAN).

Figure D:

Similar to Figure B.

There might be some errors in the configuration of the example, if so - don't hesitate to correct me. Please do not take that 100% accurate, ready for use in the direct network. Hope that helps.

Best regards

Jan

Switchport access and trunk on Layer 3 switch problems

Hi all

I was building a network design just for practice and I came across a problem that I didn't understand. Can someone please help. I have attached a picture to clarify things.

Please let me know if you need information to answer my question. Thank you

Francis

Yes the router on a stick. However only vlan 100 is necessary because you have between multilayer switch and router ospf.

Please don't forget to rate and select the correct answer

SG300 + SG500 = intervlan headaches

OK, so I'm pulling my hair out with this one and now it's time to ask the people with experience. Basically I have a stack of sg500 running a router-on-a-stick Setup. I ran out of virtual ports on the sonicwall and now trying to get internet to route between VLANS by taking them out of the equation the sonicwall. I had NO chance and ner access to any vlan other than 50 see internet. So here goes.

Main SG500

-Vlan 50 contains a direct connection of the trunk to the sonicwall on IG 13

-Vlan 50 contains a direct connection from trunk to sg300 on IM 42

-14-41 are in vlan 50 as access ports (internet is ok)

-Vlan 50 is set for an IP 192.168.50.1

-Sonicwall ip is 192.168.50.254

Remote SG300

VLAN - 51 is access ports 1-5 IP 192.168.51.1

VLAN - 52 is access ports 6-9 IP address 192.168.52.1

VLAN - 53 is 10-11 ports access 192.168.53.1 ip address

VLAN - 50 is trunk port ip 20 address 192.168.50.2

-dhcp is configured on each interface as well

I'm not even sure it's possible, but I need to get the 192.168.51.1 to 192.168.50.254 somehow while he can get online. However no matter what I try in the routing table I constantly make me stuck behind the bridge vlan. So, if im on 192.168.52.10 and I trace route on 192.168.50.1 or 192.168.50.2 or 192.168.50.254 it stops ALWAYS at 192.168.52.1. Any idea? Suggestions? I'm about to give up on it and just throw it all together. I spent far to on it for a long time already.

Just to give you an idea what it is, because there are 3 rental offices that all three need internet but should not be able to talk to eachother. The private ports would work, but these offices have several ethernet ports and if they connect a printer and PC will not able to talk. Any idea would be greatly appreciated

Hi Matt, looks like you're missing a route on the sonicwall to point to the gateway of the switch.

If a VLAN is working and the rest are not, it is because the sonicwall is not supported/configure for VLANs or is not a routing table for the subnet.

-Tom
Please mark replied messages useful

router on a stick

Similar Questions

Maybe you are looking for