Hello, this is not a vital issue, but it bugs me when I fail to understand and fix something that should be easy to understand and fix, so here's the puzzle for you to crack.
I have a network with the following devices (irrelevant ones left out for simplicity).
From Pc01 I can ping any device on the network - Router, Switch00, Switch01, Switch02, Switch03, Pc02, as well as all the devices I left out from the diagram. However, from the router (PuTTY shell) I can't ping either Switch01, Switch02 or Switch03. The only switch I am able to ping is Switch00. All the other devices in the network do ping fine from the router, and all of them connect without a problem. However, the switches themselves are not pingable. Any idea what's going on?
All Netgear, L2. Switch00 is a gs116e, Switch01-03 are gs108e. Some time ago I had a gs108e in the Switch00 position, so the issue shouldn't be related to the specific models.
No routing. All the devices are in one subnet.
I really don't think so. I doubt these switches even have such security features.
As I said, it's only one subnetwork (192.168.1.xxx), so I doubt this is relevant.
Your reply got me thinking about VLANs. You may be on to something, @iplaywithtoys! (edit: and @jeff).
Here's the situation with VLANs. The links Router<->Switch00, as well as the links between Switch_N<->Switch_(N+1), are all "trunk" links (I mean they carry all VLANs, all tagged). The link PC01<->Switch00 only carries VLAN1. The link PC02<->Switch03 is a trunk link.
I just checked pingability from PC02, and I found PC02 can ping Switch00 but not the other switches. I would have expected only Switch03 to be pingable, not Switch00!
EDIT
In the ProSAFE configuration utility - the only tool for switch configuration available for these devices, as far as I know - there is no choice of Management VLAN, but I assume VLAN1 would be it.
Just had a thought: what is the management IP address of each switch? Are they identical, or different? Is there any chance there might be some IP collision going on?
Lastly, it might help you to troubleshoot if you draw a diagram of every connection and note which ports are trunk ports, which are access ports, and which VLANs are present on each. Then double-check the switch management VLAN configuration (and IP address configuration) to look for any conflicts.
A point about VLANs: even on the same L3 subnet, traffic cannot cross to another L2 VLAN. The other device might have a unique address in the same subnet, but if it's in a different VLAN it might as well be invisible.
If you're going to mix VLANs, it might be easier to introduce separate subnets and routing as well.
Whatever ID the VLAN for management is, it should be trunked anyway, since I'm using "Simple 802.1q-based" VLANs (in Netgear parlance), where the only choice for a port is either a specific VLAN or "All" (and I assume they must all be tagged as they are). Indeed, VLAN communication itself between all the devices works fine. Inter-VLAN routing is only made by Router and it works (it's very limited, as the VLAN are used for segregation of a private LAN, a guest LAN and a management-only LAN if some password gets lost).
EDIT
Clarification - VLAN1 is on 192.168.1.xxx. All the assigned switch addresses are in this subnet. VLAN2 and VLAN3 have address resp. in the ranges 192.168.2.xxx and 192.168.3.xxx.
And by the way, I do have stickers on all the switches with port->VLAN assignment written out for reference
However, my switches don't actually say "management address", they only refer to "(switch) IP address", which I assume to be the same thing.
And PC02 has all 3 VLANs on its link. However, the only VLAN that it uses by default is VLAN1. Which is tagged. Which might be the issue! Maybe gs108e's only can be pinged on untagged VLANs, while the gs116e (which is v3, thanks for the hint on web management!) might be more sophisticated.
Yes it does, but they're all disabled now (and have been for months). And it's just a series of MAC addresses to be blacklisted from the guest network (VLAN2). Random freeloaders who used to suck too much bandwidth in the past and have since disappeared, so I disabled the script.
Just to be sure, I connected Router and Switch00 via an additional ethernet cable on a VLAN1-only port. No change. However, a more effective test would require changing, e.g., the Switch00<->Switch01 link with a non-trunk link (untagged VLAN1 only).
If after doing this, I am able to ping Switch01 as well as Switch00 - but not Switch02 or Switch03 - this would likely mean that the issue is indeed with pinging gs108e's via a tagged VLAN connection.
Unfortunately, such a replacement isn't immediate and would benefit from some physical help for remote plugging/unplugging. Maybe one day I'll get around to it, just for the satisfaction of experimenting this hypothesis.
Taking my own advice, I added VLAN and subnet details to a diagram. It helps me think about what's going on when there's a problem to solve. I came up with this:
Is that a fair representation of your network (even if the exact IP addresses are different, are they definitely all in the same subnet?)?
