s* what does this means ?

Flebin joy · ‎06-21-2023

172.23.7.0 is directly connected, Vlan170
S* 0.0.0.0/0 [1/0] via 172.17.17.1
What does this means? (S* 0.0.0.0/0 [1/0] via 172.17.17.1 )

Flavio Miranda · ‎06-21-2023

Hi

S* stand for static.

This is a static (default route) where all traffic will be sent througt 172.17.17.1

the [1/0] - means the administrative distance. Which is 1 for static routes

marce1000 · ‎06-21-2023

- Asterisk is used to designate a route as a candidate default route. When multiple candidate defaults exist, the router will then select one of these to be the actual default route.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎06-21-2023

show ip route
in first lines there is explanation for symbol appear in routing table, check it easy than remember it.

Flebin joy · ‎06-21-2023

i think the DHCP is not ok because i will show you something.

CORE_SWITCH#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.17.17.1 to network 0.0.0.0

172.17.0.0/24 is subnetted, 6 subnets
C 172.17.26.0 is directly connected, Vlan150
C 172.17.21.0 is directly connected, Vlan110
C 172.17.20.0 is directly connected, Vlan140
C 172.17.23.0 is directly connected, Vlan100
C 172.17.22.0 is directly connected, Vlan160
C 172.17.17.0 is directly connected, Vlan130
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.25.0 is directly connected, Vlan120
172.23.0.0/24 is subnetted, 1 subnets
C 172.23.7.0 is directly connected, Vlan170
S* 0.0.0.0/0 [1/0] via 172.17.17.1
CORE_SWITCH#

Richard Burts · ‎06-21-2023

I am puzzled about your question. You say that you think DHCP is not working and show us the routing table. What is the relationship between DHCP and the routing table?

What I see in the output posted is that your switch has 8 vlans configured with an IP subnet for each of the vlans. The switch has ip routing enabled and is doing routing for traffic from one vlan to another vlan. For traffic from any vlan where the destination is not another vlan on this switch the switch forwards the traffic using a static default route with next hop of 172.17.17.1 (which is in vlan 130). What does this have to do with DHCP?

Can you be specific about what is not working?

HTH

Rick

Flebin joy · ‎06-22-2023

I created a new VLAN 170 for this switch, and I assigned one port to the VLAN, while I was connecting to the port it is not giving me internet access, no internet access with the unidentified network.

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/14, Gi1/0/1
100 Data_Network active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
110 CCTV_Network active Fa1/0/21
120 IPTV_Network active Fa1/0/22
130 Network_Farm active Fa1/0/24
140 IP_Telephony active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
150 WLAN_VLAN active Fa1/0/15, Fa1/0/16, Fa1/0/17
Fa1/0/18, Fa1/0/19, Fa1/0/20
160 BGM active
170 GUEST_ACCESS active Fa1/0/13 (created )
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Running Config
---------------

Building configuration...

Current configuration : 8906 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE_SWITCH
!
boot-start-marker
boot-end-marker
!
enable password delta123*
!
no aaa new-model
switch 1 provision ws-c3750v2-24ps
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
enrollment selfsigned
serial-number
revocation-check none
rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
certificate self-signed 01
3082026C 308201D5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
45311530 13060355 0403140C 434F5245 5F535749 5443482E 312C300F 06035504
05130837 35433446 45383030 1906092A 864886F7 0D010902 160C434F 52455F53
57495443 482E301E 170D3933 30333031 32303030 33395A17 0D323030 31303130
30303030 305A3045 31153013 06035504 03140C43 4F52455F 53574954 43482E31
2C300F06 03550405 13083735 43344645 38303019 06092A86 4886F70D 01090216
0C434F52 455F5357 49544348 2E30819F 300D0609 2A864886 F70D0101 01050003
818D0030 81890281 8100E46E 03544554 DAFEEDCC 719B8AD1 ABA8184E 63BFDF02
BD6D5FD9 8675FF12 85BBEDB9 EB185791 DF9B5B78 7999D68D B5DC6CF3 764D61A0
246A1125 8CECF7D4 E5F28007 988AAC60 317BBB6A 3BE7E117 9DE78019 49FE6849
3DB1FCD6 D2B36DD3 C0509637 FFABC04C 7C14FA0B 427CC9A6 7C1B8095 93C7DDAE
5F8C1188 43FA906B 90B90203 010001A3 6C306A30 0F060355 1D130101 FF040530
030101FF 30170603 551D1104 10300E82 0C434F52 455F5357 49544348 2E301F06
03551D23 04183016 80144285 3C7648F8 057715C4 9127C142 B01DB6EC 4284301D
0603551D 0E041604 1442853C 7648F805 7715C491 27C142B0 1DB6EC42 84300D06
092A8648 86F70D01 01040500 03818100 B45FBDDF F98ED98A 954B30DF F263C694
D89DAAB1 B985B6C9 8F12000D A624D3E2 F599A991 4B9130AD CEE40E69 7933ACDD
3C070E37 6DE18622 1136616C F5945AC4 8B63B327 9F1EAC56 145454C9 B97CF601
460F28BF D6093C2B EEF7C025 6371D433 96BEEB1C E67EFA81 CFB53654 EA94CB56
1F820DA1 974420A8 48EE1BAB 3BED1603
quit
!
!
!
errdisable recovery cause psecure-violation
errdisable recovery interval 30
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/2
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/3
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/4
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/6
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/7
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/8
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/9
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/10
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/11
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/12
switchport access vlan 100
switchport mode access
switchport voice vlan 140
spanning-tree portfast
!
interface FastEthernet1/0/13
switchport access vlan 170
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
switchport access vlan 150
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 150
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 150
!
interface FastEthernet1/0/18
switchport access vlan 150
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 150
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 150
switchport mode access
!
interface FastEthernet1/0/21
description ###Connect to CCTV
switchport access vlan 110
switchport mode access
!
interface FastEthernet1/0/22
description ### Connected IPTV Switch ###
switchport access vlan 120
switchport mode access
!
interface FastEthernet1/0/23
description ### Connected Data
switchport access vlan 100
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/24
description ### Connected Sophos XG ###
switchport access vlan 130
switchport mode access
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
description ####CONNECTED TO LADIES GYM ACCESSSWITCH01#####
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
ip helper-address 172.17.17.1
!
interface Vlan100
description Data_Network
ip address 172.17.23.254 255.255.255.0
ip helper-address 172.17.17.1
!
interface Vlan110
description CCTV_Network
ip address 172.17.21.254 255.255.255.0
!
interface Vlan120
description IPTV_Network
ip address 172.20.25.254 255.255.255.0
!
interface Vlan130
description Network_Farm
ip address 172.17.17.254 255.255.255.0
!
interface Vlan140
description IP_Telephony
ip address 172.17.20.254 255.255.255.0
!
interface Vlan150
description WLAN_VLAN
ip address 172.17.26.254 255.255.255.0
ip helper-address 172.17.17.1
!
interface Vlan160
description BGM
ip address 172.17.22.254 255.255.255.0
!
interface Vlan170
ip address 172.23.7.1 255.255.255.0
ip helper-address 172.17.17.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.17.1
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
password delta123*
login
length 0
line vty 5 15
password delta123*
login
!
end

Richard Burts · ‎06-22-2023

Thanks for the additional information. I have looked through the config and do not see any particular issues that might relate to the problem. I do have several questions to help us understand the issue better:

- does the device connected in vlan 170 get an appropriate IP address, mask, and gateway?

- can the device connected in vlan 170 ping devices connected in other vlans?

- can the device connected in vlan 170 ping the gateway 172.17.17.1?

Based on what we know at this point I think the issue might be that when the new device attempts to access the Internet that there is not any Network Address Translation configured for the new vlan.

HTH

Rick

Flebin joy · ‎06-22-2023

its is fixed now , the issue was the ip routing inside the firewall.

Richard Burts · ‎06-23-2023

Thanks for the update. Glad to hear that it is fixed now. Problems in the firewall are consistent with the suggestions that I made.

HTH

Rick

jadechris667 · ‎07-03-2023

The statement "172.23.7.0 is directly connected, Vlan170" indicates that the network with the IP address range of 172.23.7.0 is directly connected to the device or interface where this information is being displayed. The network is associated with VLAN 170, which is a virtual LAN used to logically group devices or subnets within a larger network.

The second statement, "S* 0.0.0.0/0 [1/0] via 172.17.17.1," is a routing entry. It describes the default route for the device or interface. Let's break it down:

"S*" indicates that this route is static, meaning it has been manually configured rather than learned dynamically through a routing protocol.
"0.0.0.0/0" represents the destination network or IP address range. In this case, it is a shorthand way of denoting the default route, which matches any destination IP address (0.0.0.0) with a subnet mask of 0 (indicating a match for all IP addresses).
"[1/0]" is the administrative distance and metric for the route. The administrative distance of 1 indicates that this route has the highest priority or preference, meaning it will be used if there are multiple routes available. The metric of 0 signifies that this route has no associated cost or metric.
"via 172.17.17.1" specifies the next-hop IP address for the default route. Any traffic that doesn't match a more specific route will be forwarded to the IP address 172.17.17.1 for further routing.

In summary, the statement indicates that the device or interface has a directly connected network 172.23.7.0 in VLAN 170 and has a manually configured default route (0.0.0.0/0) pointing to the next-hop IP address 172.17.17.1.