[responses inline; quotes re-ordered for editorial purposes]
On Feb 11, 2008 11:20 AM, Joe Heaton <[EMAIL PROTECTED]> wrote:
> * I get green link lights on all ports. (Except firewall, which gives
> me a yellow Gig link light)
If you're getting link lights, then the MDI polarity is not your
problem. (If there was an MDI polarity mismatch, the ports wouldn't
link at all.)
> I cannot ping the Cisco from inside the HP.
> I log into the firewall, and cannot ping the 192 address of the Cisco port.
> I console into the Cisco, and cannot ping in either direction.
Keep in mind that the switch's internal IP addresses are also
subject to VLANs. If your firewall is plugged into a port configured
to be just VLAN 5, but the IP address of the Cisco is associated with
just VLAN 2, the firewall will not be able to ping the switch's IP
address. VLANs work just like physical LANs -- if they're not
connected, no traffic will flow.
You may want to use external equipment (i.e., an independent
computer) for the ping tests. That saves you the trouble of having to
figure out how to configure the switch's management IP addresses and
VLANs to work together all at once.
> * I put things back the way they were, and everything works.
We don't know what "the way they were" means here. Describe
physical topology, any link aggregation, VLAN assignments, IP address
assignments, and IP routing plan. Do likewise for "the way you want
things to be". Post both descriptions here.
It is entirely likely that, once you get done writing out all the
above for us, you'll see the problem and won't need our help anymore.
:-)
> * From my desk, the persistent pings I've had going to the remote site
> servers are now alternating between Destination Host Unreachable, and
> Request timed out.
It sounds like you've got multiple issues. You've certainly got
multiple points where problems could be. You need to isolate the
trouble.
One possible plan of attack:
If you're not using VLAN tagging on the Ethernet link to the
firewall, get a small unmanaged switch and put it between the firewall
and whatever the firewall is normally plugged into. (You'll see why
in a minute.) Make sure that doesn't disrupt things. (If the
firewall is VLAN aware and expecting to add/decode VLAN tags in its
Ethernet frames, this whole idea is invalid. Yell if that's the
case.)
Configure a test computer with appropriate manual IP address, route,
etc. Plug it into the unmanaged switch. See if if you can ping the
firewall. If you can, see if you can ping the next hop beyond the
firewall. This gives us a known-good to start testing with.
Next, configure a port on the Cisco to be on the same VLAN as the
port for the firewall. Plug that unmanaged switch into firewall's
port on the Cisco, as if it was the firewall itself. Plug the test
computer into the other port we just configured. Run those tests
again. If this doesn't work, there is a problem with the config on
the Cisco. Get that sorted out before moving on.
Next, configure a likewise test port on the HP, connect the HP to
the Cisco, and plug the test computer into the HP and test. If that
doesn't work, the problem is either on the HP, or between the HP and
the Cisco. If you get to that, try plugging that unmanaged switch
into a third port on the HP, all configured with appropriate VLANs,
and see if you can ping through just the HP. If that works, you know
the issue is with the inter-switch link.
-- Ben
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
