Routing between VLANS

Danté · ‎07-30-2018

Hi,

I have a physical interface which have two ports that are configured in LAG and those ports are tagged with all my VLANS.

We have 22 Cisco Switches in all departments which are also tagged with all the vlans.

Under my physical interface (10.1.0.x/23) I have three vlan interfaces which I am trying to route between.

10.3.0.0/24 staff wifi 50, 10.4.0.0/24 guest wifi 60, 10.10.0.0/24 voice 5.

I can see in the routing monitor that there are routes connected since they are directly attached. From this I understand that I only need bi-directional ipv4 policies between the subnets to make them communicate. I created these policies and can perfectly communicate and ping all devices between 10.1.0.0/23 and 10.3.0.0/24 but not between any of the other combinations. I need to be able to access 10.10.0.0/24 from 10.1.0.0./23 and I also need access to 10.4.0.0/24. Why is only one combination working when the policies are identical for the combinations? I can ping the gateway on those ranges only no other ip's, for example with the policy on I can ping 10.4.0.1 which is the gateway interface for the vlan but I can't ping a device on 10.4.0.2-254.

Thanks

Toshi_Esumi · ‎07-30-2018

Sounds like they pass through the FGT. Have you sniffed at output vlan interface to see they're actually going out? Or if you do "diag sniffer packet any 'host DESTINATION_IP' 4", you should see it comes in from the source vlan then goes out the destination vlan. And then if responses coming back, you should see the packet on opposite direction.

I would assume it goes out but no response comes back. Then problem is on the Cisco side. I would run wire on the destination device to see if it arrives at the same time running the sniffing at the FGT.