Solved: Re: C3560 and problem with routing

SlawekDejneka69032 · ‎01-17-2022

Hi Guys,

I have created a 3x VLANs on C3560. I have configured 'ip routing' and needed interfaces. I have access to the internet and I can try ping hosts in the other vlans, however I get response from them only if I add a route manually on each host - even on def. gateway.

Sample config here:

C3560#sh vlan 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/13, Fa0/23, Fa0/24, Gi0/1, Gi0/2
2    VLAN0002                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12
3    VLAN0003                         active    Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
2    enet  100002     1500  -      -      -        -    -        0      0   
3    enet  100003     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

C3560#

C3560#sh ip int b
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.2.1     YES NVRAM  up                    down    
Vlan2                  10.1.2.1        YES NVRAM  up                    down    
Vlan3                  10.1.3.1        YES NVRAM  up                    down    
Vlan10                 10.1.10.1       YES NVRAM  down                  down    
FastEthernet0/1        192.168.1.50    YES NVRAM  up                    up      
FastEthernet0/2        unassigned      YES unset  down                  down    
FastEthernet0/3        unassigned      YES unset  down                  down    
FastEthernet0/4        unassigned      YES unset  down                  down   


C3560#
C3560#sh route 

C3560#sh run | in route
ip route 0.0.0.0 0.0.0.0 192.168.1.254
C3560#

Don't worry that those interfaces are DOWN as I have nothing connected while I'm writing this post.

Why I can't ping 192.168.1.254 which is my ASA5510 (gateway) unless I add route 192.168.1.0 255.255.255.0 192.168.1.50 (interface on a C3560) on that 5510?

I'm missing something simple, but can't figure out what it is...

Thanks in advance.

Slawek

balaji.bandi · ‎01-18-2022

I can't ping the above hosts each other. If you can help find out why is that all should start working I hope.

where is this host connected: 192.168.1.147/24, if the same switch what port?

sugestion for testing

default interface FastEthernet0/1
interface FastEthernet0/1
switchport access vlan 10
no shutdown
!
interface vlan 10
ip address 192.168.1.50 255.255.255.0
no shut

!

interface FastEthernet0/23
switchport access vlan 10

connect host to port 23 and test it

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Georg Pauwen · ‎01-17-2022

Hello,

post the full running configuration of your 3560 switch. Also:

--> however I get response from them only if I add a route manually on each host - even on def. gateway

does that mean it works only if you add something like 'route add' (on a Windows host) ?

balaji.bandi · ‎01-18-2022

Why I can't ping 192.168.1.254 which is my ASA5510 (gateway) unless I add route 192.168.1.0 255.255.255.0 192.168.1.50 (interface on a C3560) on that 5510?

Pinging from Switch you mean ?

if you add that route on ASA , are you able to Ping back and forth ?

By Default p2p IP should able to ping with out any Route adding, since we do not ASA config we can not comment here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SlawekDejneka69032 · ‎01-18-2022

Thanks for your responses.

Let's try again from different angle to be sure that I have not mixed things up.

We are talking about 2x VLANs:

- 192.168.1.0/24

- 10.1.2.0/24

Switch is C3560 with L3 routing enabled:

- Native VLAN IP is: 192.168.1.50/24

- VLAN2 IP is: 10.1.2.1/24

FW is ASA5510 as a default gateway (192.168.1.254).

Hosts are:

Host1 - 192.168.1.147/24 - with def. GW set as 192.168.1.254 (ASA5510)

Host2 - 10.1.2.100/24 with def. GW set as 10.1.2.1 (VLAN2 IP in switch C3560)

I can't ping the above hosts each other. If you can help find out why is that all should start working I hope.

Here's a config from the switch C3560 - I've removed password and usernames:

current configuration : 4796 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C3560
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-3587941504
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3587941504
 revocation-check none
 rsakeypair TP-self-signed-3587941504
!

!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.1.50 255.255.255.0
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/7
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/8
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/9
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/10
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/11
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/12
 switchport access vlan 2
 switchport mode access

         
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/14
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/15
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/16
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/17
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/18
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/19
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/20
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/21
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/22
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 ip address 10.1.2.1 255.255.255.0
!
interface Vlan3
 ip address 10.1.3.1 255.255.255.0
!
switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/21
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/22
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 ip address 10.1.2.1 255.255.255.0
!
interface Vlan3
 ip address 10.1.3.1 255.255.255.0
!
interface Vlan10
 ip address 10.1.10.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip http server
ip http secure-server
!
!
control-plane
!

!
line con 0
line vty 0 4
 password 7 01203C07411E160E22564B02495052
 login local
 transport input ssh
line vty 5 15
 password 7 1521310F1E3F3B252B293029435253
 login local
 transport input ssh
!
ntp clock-period 36029428
ntp server 192.168.1.100
end

and routing again from the switch:

C3560#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.2.0 is directly connected, Vlan2
C    192.168.1.0/24 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 192.168.1.254
C3560#

So all networks should be routable....

and here is a config from ASA5510:

ASA5510# sh run | in route
 description PlusNet router
route outside 0.0.0.0 0.0.0.0 Gateway 1
route inside-NAT 10.1.2.0 255.255.255.0 192.168.1.50 1
route inside-NAT 192.168.2.0 255.255.255.0 192.168.1.50 1

ASA5510# sh ip address 
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method 
Ethernet0/0              outside                172.16.0.254    255.255.255.0   CONFIG
Ethernet0/1              inside-NAT             192.168.1.254   255.255.255.0   CONFIG
Ethernet0/2              DMZ                    unassigned      unassigned      DHCP  
Ethernet0/3              Guest                  10.10.10.254    255.255.255.0   CONFIG
Management0/0            management             192.168.10.1    255.255.255.0   CONFIG
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method 
Ethernet0/0              outside                172.16.0.254    255.255.255.0   CONFIG
Ethernet0/1              inside-NAT             192.168.1.254   255.255.255.0   CONFIG
Ethernet0/2              DMZ                    unassigned      unassigned      DHCP  
Ethernet0/3              Guest                  10.10.10.254    255.255.255.0   CONFIG
Management0/0            management             192.168.10.1    255.255.255.0   CONFIG
ASA5510#

I cannot put the whole config for obvious reasons. On ASA5510 there's no VLANs created.

Any idea what I have done incorrectly? The things is that all hosts can go to the internet but can't ping each other.

Many thanks.

Georg Pauwen · ‎01-18-2022

Hello,

this won't work:

--> Host1 - 192.168.1.147/24 - with def. GW set as 192.168.1.254 (ASA5510)

The default gateway for the hosts need to be a Vlan interface in the 192.168.1.0/24 range. What Vlan are your hosts supposed to be in ?

SlawekDejneka69032 · ‎01-18-2022

Hi,

HOST1 (192.168.1.147/24) is in the same VLAN as its def. gateway which is 192.168.1.254 (ASA5510).

I even tried to change def GW to 192.168.1.50, but it doesn't work either.

Georg Pauwen · ‎01-18-2022

Which Vlan is the host in ? You need to use the IP address of a Vlan interface as the default gateway.

SlawekDejneka69032 · ‎01-18-2022

I did - see below please:

Host1 - 192.168.1.147/24 - with def. GW set as 192.168.1.254 (ASA5510) --- for this one I have tried to change def. GW to 192.168.1.50 which the IP address of the switch, but it lost access to the internet immediately and I couldn't ping HOST2 nor 8.8.8.8.

Host2 - 10.1.2.100/24 with def. GW set as 10.1.2.1 (VLAN2 IP in switch C3560)

I can ping any host I want directly from the switch. It must single thing.....

Georg Pauwen · ‎01-18-2022

Which port on the switch is the host with IP address 192.168.1.147/24 connected to ?

You need a Vlan interface with an IP address in the 192.168.1.0/24 subnet. That IP address must be the gateway for your host. You cannot use the IP address of FastEthernet0/1.

balaji.bandi · ‎01-18-2022

I can't ping the above hosts each other. If you can help find out why is that all should start working I hope.

where is this host connected: 192.168.1.147/24, if the same switch what port?

sugestion for testing

default interface FastEthernet0/1
interface FastEthernet0/1
switchport access vlan 10
no shutdown
!
interface vlan 10
ip address 192.168.1.50 255.255.255.0
no shut

!

interface FastEthernet0/23
switchport access vlan 10

connect host to port 23 and test it

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SlawekDejneka69032 · ‎01-18-2022

Thanks Both!

I live in UK and it’s late here. I’ll check it tomorrow morning first thing.

I think you may be right with that VLAN for 192.168.1.0 network. Will L3 switching still work?

SlawekDejneka69032 · ‎01-19-2022

Amazing! That was it! I totally didn't think that not having any VLAN in 192.168.1.0/24 and no ports added to that VLAN, can cause this problem.

I've learned something today

Many thanks Guys for your help. I appreciate it as you have read a random help request and you have sacrificed your time to help a stranger

balaji.bandi · ‎01-19-2022

nice to know all works as suggested...this is best part of community sharing the knowledge....i live in brit too..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SlawekDejneka69032 · ‎01-19-2022

One more question. How about L3 switching? Since I have re-configured F0/1 into switchport mode, it is not anymore L3 port as per this document from Cisco:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swint.html#wpxref48776

What it is then? L2 I think. How switch then works on L3?

balaji.bandi · ‎01-19-2022

Port is Layer 2, But VLAN SVI Layer 3 and it has routing enable

show ip route show you if no routing enabled as below :

show ip route
Default gateway is not set

same document give you information as below :

Configuring Layer 3 Interfaces

The switch supports these types of Layer 3 interfaces:

•

SVIs: You should configure SVIs for any VLANs for which you want to route traffic. SVIs are created when you enter a VLAN ID following the interface vlan global configuration command. To delete an SVI, use the no interface vlan global configuration command. You cannot delete interface VLAN 1.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help