- Cisco Community
- Technology and Support
- Networking
- Other Network Architecture Subjects
- Re: 2960-S 24p switch not keeping config
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2022 05:15 PM
Hi fellows,
I'm using a 2960-S switch on my test lab, for learning purposes, and when trying to ping between hosts and VLANs, I'm getting some troubles. After some troubleshooting with a buddy of mine, we discovered that this might be due to NVRAM not being able to keep configurations over ports. I can see VLANs, and their respective configurations as well, but when it comes to my trunk port in g0/1, I can that this port is not holding any configuration I've made.
Searching around, I found that perhaps configuration register is putting me into this issue, as for some switches and routers, the default is 0xF. I also found some tricks to change it from 0xF to 0x2142 or 0x2102. Is this true ? Changing this would have any effect in my switch ?
I'm even thinking that maybe is time to get rid of this switch and try to get another one, but for the prices I'm able to afford, 3560 series switch is the only viable, but, the configs set is almost the same as of 2960 when it comes to configuration register.
Solved! Go to Solution.
- Labels:
-
Other Network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 12:13 PM
Thanks for the update. It is good to have the complete running config. I do have a few comments based on the config:
- you have configured both enable password and enable secret. When enable secret is configured then enable password is ignored. Since it is not being used I suggest that you remove it from the config.
- you have vlan 10 and a vlan 10 interface (with an IP). So vlan 10 should work (assuming that there are devices connected to the interfaces in that vlan).
- you have vlan 20 configured with a couple of ports in it. the vlan should work if there are devices connected to the ports in that vlan. But there is no vlan interface for vlan 20.
- you have vlan 30 interface but as far as I can tell there is no vlan 30.
- the configured default-gateway is an address in vlan 30. What is that? Where is that? In the current configuration this will not work.
- it appears that ip routing is not enabled. So the switch is not doing any routing between vlans.
- there is a trunk configured on the first interface. What does the trunk connect to?
- assuming that the trunk connects to a router, does the router have vlan subinterfaces configured for vlans 10 and 20?
Based on what I see in the configuration I would expect that any device in vlan 10 should communicate successfully with any other device in vlan 10. I would expect that any device in vlan 20 should communicate successfully with any other device in vlan 20. Whether devices in vlan 10 and 20 can communicate with each other depends on how the router is configured.
I am still confused about whether the configuration is stable or whether you still believe that parts of the config are not maintained. Any clarification about that would be appreciated.
If things still are not working then I would ask for the following things:
- output of show interface status on the switch
- output of show cdp neighbor on the router
- output of show run on the router
- output of slow ip route on the router
- output of show arp on the router
- description of what is not working
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2022 04:35 PM - edited 04-18-2022 05:30 PM
Hi Rick,
Thanks for the detailed questions. I'll answer them in such order, showing the respective output of what was asked.
- you have configured both enable password and enable secret. When enable secret is configured then enable password is ignored. Since it is not being used I suggest that you remove it from the config.I tried `no enable password`, but I guess this isn't the complete way to do, right ?
- you have vlan 10 and a vlan 10 interface (with an IP). So vlan 10 should work (assuming that there are devices connected to the interfaces in that vlan).Thats correct, I have one machine connected to it. But when two machines are in vlan 10, nothing happens.
- you have vlan 20 configured with a couple of ports in it. the vlan should work if there are devices connected to the ports in that vlan. But there is no vlan interface for vlan 20.Yes, there is one machine connected in the `g0/24` interface. I created now interface for vlan 20 with IP address 192.168.20.2.
- you have vlan 30 interface but as far as I can tell there is no vlan 30.
When I use `sh vlan` command, it shows vlan 30 in my VLAN table. Should I add `g0/1` as part of this VLAN ?
- the configured default-gateway is an address in vlan 30. What is that? Where is that? In the current configuration this will not work.I used VLAN 30 as my Management VLAN, which will, through port 1, in trunk mode, receive and send traffic to my router. So VLAN 30 IP address 192.168.30.1 is the default-gateway for my switch and hosts connected to it.
- it appears that ip routing is not enabled. So the switch is not doing any routing between vlans.
Correct, I didn't do anything related to routing. Since my running IOS is 12.2(53r)SE, from IOS version 12.2(55)SE is allowed. So, we can I'm not able to do it unless I can upgrade my IOS version, correct ?
- there is a trunk configured on the first interface. What does the trunk connect to?
Connects to `g0/1` in my switch and to `g0/1` in my router, in ROAS scheme.
- assuming that the trunk connects to a router, does the router have vlan subinterfaces configured for vlans 10 and 20?
Yes, it has. It's in `g0/1.10` and `g0/1.20` sub-interfaces.
I am still confused about whether the configuration is stable or whether you still believe that parts of the config are not maintained. Any clarification about that would be appreciated.Me and my friend assumed that this happened, since nothing related to configuration register showed up in the outputs. We can be totally wrong on that. And, finally, one clue that we took as being the lighter to this suspicious behavior from the switch, is that in `g0/1`, some configurations that I've made didn't take effect at all.
But, looking further, I have this output, which seems that I actually have configuration register of 0xF :
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960S-24TS-S 12.2(58)SE1 C2960S-UNIVERSALK9-M
Configuration register is 0xF
But, in some section in the beginning of `sh ver`, I got :
ROM: Bootstrap program is Alpha board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(53r)SE, RELEASE SOFTW)So, it's confusing if my IOS is actually 12.2(53r)SE or 12.2(58)
- output of show interface status on the switch
Here follows :
sh int status
Port Name Status Vlan Duplex Speed Type
Gi0/1 RT-2901-G0/1 connected trunk a-full a-1000 10/100/1000BX
Gi0/2 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/3 Kurilonga-SRV connected 10 a-full a-100 10/100/1000BX
Gi0/4 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/5 Kurilonga-SRV connected 10 a-full a-100 10/100/1000BX
Gi0/6 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/7 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/8 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/9 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/10 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/11 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/12 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/13 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/14 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/15 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/16 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/17 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/18 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/19 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/20 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/21 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/22 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX
Gi0/23 Menga-SRV notconnect 20 auto auto 10/100/1000BX
Gi0/24 Menga-SRV notconnect 20 auto auto 10/100/1000BX
Gi0/25 notconnect 1 auto auto Not Present
Gi0/26 SFP-PORT notconnect 1 auto auto Not Present
Fa0 disabled routed auto auto 10/100BaseTX
- output of show cdp neighbor on the router
Here follows :
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
kurilongaswitch Gig 0/1 156 S I WS-C2960S Gig 0/1
- output of show run on the router
Here follows :
Building configuration...
Current configuration : 14004 bytes
!
! Last configuration change at 14:09:09 GMT-3 Mon Apr 11 2022 by cisco
version 15.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname kurilongarouter
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.152-2.T.bin
boot-end-marker
!
!
card type e1 0 3
logging buffered 4096
enable secret 5 $1$rix7$fWghEbF/JyBnJDA.MY9Kl0
enable password 7 060506324F41
!
no aaa new-model
clock timezone GMT-3 -3 0
network-clock-participate wic 3
network-clock-select 1 E1 0/3/0
!
no ipv6 cef
!
!
!
!
ip dhcp pool mainpool
network 180.100.10.0 255.255.255.0
default-router 180.100.10.1
dns-server 1.1.1.1
!
!
ip domain name yourdomain.com
ip cef
multilink bundle-name authenticated
!
!
stcapp ccm-group 9999
!
stcapp feature access-code
!
!
!
stcapp supplementary-services
port 0/1/0
fallback-dn 530393702
port 0/1/1
fallback-dn 530393704
port 0/1/2
fallback-dn 530393748
port 0/1/3
fallback-dn 530393749
!
stcapp call-control mode feature
!
!
!
trunk group outgoing
hunt-scheme sequential both down
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2314210447
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2314210447
revocation-check none
rsakeypair TP-self-signed-2314210447
!
!
crypto pki certificate chain TP-self-signed-2314210447
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333134 32313034 3437301E 170D3132 30363037 30323334
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33313432
31303434 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AA45 DA0BE30C 875DFE3E 9FFD7555 CD999833 32C71C61 67D56122 C17366B2
24E62BA7 0D03CCCD D6DB7D9E D7A28AA1 A6AEB603 CEAAF47A CB3E9CFF 1CBC1DB4
EAC7C3DA A46A3390 E0A90014 02C14355 ADE5500E 7CCA40EA 5832D570 F29019D7
60BA0BE7 BFC0E009 A3E25CC9 4EB7AD8A D820AE48 B8FBAF31 8CFDCCE6 FBF933C7
CE7B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 143D1D3C AE388C15 E52AAEA1 42002246 AC7B8927 6B301D06
03551D0E 04160414 3D1D3CAE 388C15E5 2AAEA142 002246AC 7B89276B 300D0609
2A864886 F70D0101 05050003 81810016 7A58F5C3 635DC25F 1C5AD603 E2548D16
08E5376B 5541D21C 9A654B2B 5B4DD01B D95332D4 E0AF1F94 74157872 7601923E
E1031756 2C7108D4 2D3CC9C6 0C2B1334 40F1A2F1 95CBABEF 5639B852 195D9D75
387E1F28 12899549 9DF91CFA FDAFC866 6EF37983 325AF022 5B1D4027 992E893E
FDAF32C3 D583B1D2 893B6B6D 1C3BDD
quit
voice-card 0
dspfarm
dsp services dspfarm
!
!
voice call carrier capacity active
voice rtp send-recv
!
voice service pots
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
signaling forward unconditional
fax protocol t38 nse force version 0 ls-redundancy 0 hs-redundancy 0 fallback e
h323
modem passthrough nse codec g711ulaw
sip
registrar server expires max 600 min 60
redirect contact order best-match
!
voice class codec 15
codec preference 1 g711ulaw
codec preference 2 g729r8
!
voice class h323 1
h225 timeout tcp establish 3
call preserve
!
!
voice register global
timeouts interdigit 2
max-dn 36
max-pool 12
!
voice register pool 12
id network 180.238.161.96 mask 255.255.255.224
translate-outgoing called 1
voice-class codec 15
no vad
!
!
!
voice translation-rule 1
rule 1 /987654/ //
!
voice translation-rule 2
rule 1 /3700/ /113700/
!
!
voice translation-profile CVP
translate called 2
!
voice translation-profile block
translate called 1
!
!
!
http client cache memory pool 15000
http client cache memory file 600
http client cache refresh 86400
http client connection timeout 60
http client response timeout 30
ivr prompt memory 15000
!
application
service survivability flash:survivability.tcl
paramspace english index 0
paramspace english language en
param open-hours-agent1 530393708
paramspace english location flash:
paramspace english prefix en
param open-hours-time0 12345:0800-1800
!
service CVPSelfService flash:CVPSelfServiceBootstrap.vxml
paramspace english language en
paramspace english index 0
paramspace english location flash:
paramspace english prefix en
!
service AutoAttendant flash:CVPSelfService.tcl
paramspace english index 0
paramspace english language en
param CVPSelfService-port 7000
param CVPSelfService-app AutoAttendant
param keepalive AutoAttendant
paramspace english location flash:
param CVPPrimaryVXMLServer 180.188.179.91
paramspace english prefix en
param survive survivability
param CVPBackupVXMLServer 180.188.179.94
!
!
license udi pid CISCO2901/K9 sn FTX162383B7
license accept end user agreement
hw-module pvdm 0/0
!
!
!
archive
log config
hidekeys
username cisco password 7 02050D480809
username opertp privilege 9 password 7 00071A150754
username rootbesp privilege 15 password 7 030752180500
username telefonica privilege 15 password 7 060506324F41
username operador password 7 0822455D0A16
!
redundancy
!
!
controller E1 0/3/0
framing NO-CRC4
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled ani
cas-custom 0
country brazil
metering
seizure-ack-time 78
release-ack
double-answer
answer-signal group-b 1
dnis-digits min 1 max 32
ani-digits min 1 max 32
trunk-group outgoing
!
!
translation-rule 1
Rule 1 4000 4005
Rule 2 515614000 515614005
!
!
!
!
!
interface Loopback7
description Loopback_TOIP_Multicast_MOH
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
shutdown
!
interface GigabitEthernet0/0.20
shutdown
!
interface GigabitEthernet0/0.30
shutdown
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description Kurilonga-SRV
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.20
description Menga-SRV
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1.30
description Management
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 111 interface GigabitEthernet0/0 overload
ip nat inside source list nat_acl interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 180.238.161.97
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
ip access-list standard nat_acl
permit 192.168.1.0 0.0.0.255
!
ip access-list extended ACL_IPSLA
permit icmp any host 172.27.156.112
permit icmp any host 172.27.155.222
ip access-list extended Lista_Gerencia
permit udp any any eq snmp
permit udp any eq snmp any
permit udp any any eq snmptrap
permit udp any eq snmptrap any
permit udp any any eq syslog
permit tcp any any eq tacacs
permit tcp any eq tacacs any
permit tcp any any eq telnet
permit tcp any eq telnet any
permit tcp any eq 22 any
permit udp any eq 22 any
permit tcp any any eq 22
permit udp any any eq 22
!
logging trap notifications
access-list 1 permit any
access-list 15 permit 10.152.19.11
access-list 15 permit 172.19.244.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 111 permit ip 192.168.1.0 0.0.0.255 180.100.10.0 0.0.0.255
access-list 111 permit icmp any 180.100.10.0 0.0.0.255 echo
access-list 111 permit ip any 180.100.10.0 0.0.0.255
access-list 112 permit ip 180.100.10.0 0.0.0.255 192.168.1.0 0.0.0.255
!
route-map IP_SLA permit 10
match ip address ACL_IPSLA
set ip precedence immediate
!
route-map IP_SLA deny 20
!
route-map Gerencia_CE permit 10
match ip address Lista_Gerencia
set ip precedence immediate
!
route-map Gerencia_CE deny 20
!
!
snmp-server view PingISPM ciscoRttMonMIB included
snmp-server view PingISPM ciscoPingEntry included
snmp-server community bel2ptv7 RO
snmp-server community ESCRITO RW 5
snmp-server community BSphrRO RO
snmp-server community t3r3@1w view PingISPM RW 15
snmp-server community t3r3@1r RO
snmp-server community csvsantander RW
snmp-server community public RO
snmp-server location SUZANO-INT-SP
snmp-server contact 11561.0
snmp-server enable traps tty
snmp-server enable traps entity-sensor threshold
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server host 172.24.192.10 ESCRITO
snmp-server host 172.24.192.10 GESTION
snmp-server host 192.168.102.140 version 2c csvsantander syslog
!
control-plane
!
!
voice-port 0/3/0:0
translation-profile incoming CVP
cptone BR
timeouts interdigit 2
!
voice-port 0/1/0
cptone BR
timeouts interdigit 16
timeouts ringing infinity
timeouts wait-release 1
!
voice-port 0/1/1
cptone BR
timeouts interdigit 16
timeouts ringing infinity
timeouts wait-release 1
!
voice-port 0/1/2
cptone BR
timeouts interdigit 16
timeouts ringing infinity
timeouts wait-release 1
!
voice-port 0/1/3
cptone BR
timeouts interdigit 16
timeouts ringing infinity
timeouts wait-release 1
!
!
!
!
ccm-manager music-on-hold
ccm-manager config server 180.188.179.107 180.188.179.115 180.188.179.105
ccm-manager sccp local GigabitEthernet0/0
!
!
mgcp profile default
!
sccp ccm 180.188.179.115 identifier 115 version 7.0
sccp ccm 180.188.179.107 identifier 107 version 7.0
sccp ccm 180.238.161.98 identifier 40 version 7.0
!
sccp ccm group 9999
description *** C1AS2C1AS1 ***
associate ccm 115 priority 1
associate ccm 107 priority 2
associate ccm 40 priority 3
associate profile 1 register 3039-X-CFB
!
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
!
dial-peer cor custom
!
!
dial-peer voice 11 pots
description Chamadas via PSTN - Entrada
destination-pattern 0T
direct-inward-dial
port 0/3/0:0
!
dial-peer voice 12 pots
trunkgroup outgoing
description Chamadas via PSTN - Saida
destination-pattern 0T
!
dial-peer voice 1000 pots
description *** Entrada AutoAttendant ***
service autoattendant
incoming called-number 113700
direct-inward-dial
!
dial-peer voice 530393702 pots
description FAX_OU_GG
service stcapp
port 0/1/0
!
dial-peer voice 530393704 pots
description GA S/FIO
service stcapp
port 0/1/1
!
dial-peer voice 530393748 pots
description ALARME
service stcapp
port 0/1/2
!
dial-peer voice 530393749 pots
description FAX
service stcapp
port 0/1/3
!
dial-peer voice 100 voip
preference 1
destination-pattern 53039[3*]...
modem passthrough nse codec g711ulaw
session target ipv4:180.188.179.107
voice-class codec 15
voice-class h323 1
dtmf-relay h245-alphanumeric
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 101 voip
preference 2
destination-pattern 53039[3*]...
modem passthrough nse codec g711ulaw
session target ipv4:180.188.179.115
voice-class codec 15
voice-class h323 1
dtmf-relay h245-alphanumeric
ip qos dscp cs3 signaling
no vad
!
!
num-exp 3...$ 530393...
num-exp 80000001 53039*001
num-exp 80000002 53039*002
num-exp 80000003 53039*003
num-exp 80000004 53039*004
num-exp 80000005 530393749
num-exp 80000000 53039*005
gateway
timer receive-rtp 1200
!
sip-ua
timers keepalive active 10
mwi-server ipv4:180.188.179.105 expires 86400 port 5060 transport tcp
offer call-hold conn-addr
!
!
!
gatekeeper
shutdown
!
!
call-manager-fallback
max-conferences 8 gain -6
transfer-system full-consult
timeouts interdigit 6
ip source-address 180.238.161.98 port 2000
max-ephones 30
max-dn 40
transfer-pattern T
keepalive 10 auxiliary 5
moh "flash:/SantanderU-LAU.wav"
multicast moh 239.1.1.2 port 16384 route 180.238.161.98 1.1.1.1
!
!
privilege router level 7 network
privilege controller level 9 cas-custom
privilege controller level 9 ds0
privilege controller level 9 ds0-group
privilege controller level 9 framing
privilege interface level 9 shutdown
privilege exec level 9 configure terminal
privilege exec level 9 configure
privilege exec level 7 show controllers
privilege exec level 7 show startup-config
privilege exec level 7 show running-config
privilege exec level 7 show interfaces
privilege exec level 7 show
privilege exec level 7 clear ip cache
privilege exec level 7 clear ip route *
privilege exec level 7 clear ip route
privilege exec level 7 clear ip
privilege exec level 7 clear arp-cache
privilege exec level 7 clear interface
privilege exec level 7 clear counters
privilege exec level 7 clear
banner motd ^CCC
***********************************************************
* Voce esta em um ambiente controlado. *
* Proibido o acesso para pessoas nao autorizadas! *
* IBM-V6 *
***********************************************************
^C
!
line con 0
password 7 13061E010803
login local
line aux 0
password 7 05080F1C2243
transport input all
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 15 0
privilege level 15
password 7 0835495C04100B161E195C113E2E36796A6772
login local
history size 50
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password 7 0835495C04100B161E195C113E2E36796A6772
login local
transport input none
!
scheduler allocate 20000 1000
ntp server 180.188.171.171 prefer
!
end
- output of slow ip route on the router
Here follows :
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback7
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1.10
L 192.168.10.1/32 is directly connected, GigabitEthernet0/1.10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet0/1.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/1.20
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, GigabitEthernet0/1.30
L 192.168.30.1/32 is directly connected, GigabitEthernet0/1.30
- output of show arp on the router
Here follows :
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10
Internet 192.168.20.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10
Internet 192.168.30.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10
- description of what is not working
I couldn't ping any of the subinterfaces from hosts in both VLAN 10 and 20, but, I guess this is due to misconfigurations and missing configurations as well in switch. Even from switch, I can't ping sub-interfaces and hosts, so, reachability from switch isn't happening by any means.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2022 01:34 AM
Thanks for the additional information. Here are my responses:
- I would have expected no enable password to have removed that entry in the config. If that did not work I am surprised but it is not a big deal, so no further action needed.
- " But when two machines are in vlan 10, nothing happens." That is surprising. Are you saying that if 2 machines are connected in vlan 10 that they can not communicate with each other? The output you posted shows 2 devices connected in vlan 10. Are you saying that they can not communicate with each other (for example can not ping each other?) I do not see any indication of dhcp for the subnets in those vlans. Are the devices in vlan 10 manually configured? Can you provide the IP address, mask, and default gateway for each of them? Are these devices able to ping the router address 192.168.10.1?
- For the single device in vlan 20 can you verify its IP address, mask, and default gateway? Is it able to ping the router address 192.168.20.1?
- You say that you have created a vlan interface for vlan 20. Since the switch is operating as a layer 2 switch (inter vlan routing is provided by the router) there is no need (and no benefit) from having multiple vlan interfaces on the switch. I suggest that you have a single vlan interface on the switch which will act as the management interface for the switch. And since the switch default-gateway is in vlan 30 then vlan interface for 30 is the one to keep.
- the router config shows that the subinterfaces for vlans 10, 20, and 30 are shut down. That will prevent any intervlan routing. This is probably the major issue at this point. No shut these subinterfaces and see if things begin to work.
I am not going to respond about other points until the subinterfaces are working and we see if some things still do not work.
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2022 04:42 PM - edited 04-19-2022 05:15 PM
Right before I start to re-configure things, I tried to ping from one host to another, in VLAN 10, and worked all fine. I even didn't woke up sub-interfaces for VLANs which where down, but I did it anyway.
My guess is that as I created an interface for VLAN 10 inthe switch then, this worked well.
But after shutting down interface of VLAN 10 in the switch, I couldn't anymore reach the other host.
VLAN 10 I can ping both gateway and 192.168.10.1 address as well 192.168.20.1.
For hosts in VLAN 10 the IP addresses are 192.168.10.3 and .4, for VLAN 20 192.168.20.3 and .4.
Netmask for all of them is 255.255.255.0 and gateway is 192.168.30.1.
On what concerns VLAN 20, things weren't that well, I couldn't ping both hosts, but curiously I could reach gateway from both hosts connected to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2022 10:48 AM
@Richard Burts Any advice here fellow ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 12:16 AM
In my previous response I made some suggestions and asked some questions. Have you removed vlan interfaces on the switch (leaving a single vlan interface)? Have you done no shut on the router subinterfaces? Have you answered the questions that I asked?
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 07:29 AM
Hi Rick,
Yes, I answered all of them in the previous post as well. I removed vlan interfaces and did a no shut on sub-interfaces. I could ping each host from one to another only in vlan 10, and not vlan 20. After I removed vlan interfaces, vlan 10 stop working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 08:08 AM
If it is not working please post the output of these commands:
- On the router
show ip interface brief
show ip route
show arp
- On the switch
show interface trunk
show interface status
show arp
For the devices that can not ping each other give us the IP address, mask, and default gateway and which switch port they are connected to.
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 09:59 AM - edited 04-22-2022 10:02 AM
Alright Rick, here it's :
sh ip int br Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM down down GigabitEthernet0/0.10 unassigned YES unset administratively down down GigabitEthernet0/0.20 unassigned YES unset administratively down down GigabitEthernet0/0.30 unassigned YES unset administratively down down GigabitEthernet0/0.100 unassigned YES unset down down GigabitEthernet0/1 unassigned YES NVRAM up up GigabitEthernet0/1.10 192.168.10.1 YES manual up up GigabitEthernet0/1.20 192.168.20.1 YES manual up up GigabitEthernet0/1.30 192.168.30.1 YES manual up up Loopback7 1.1.1.1 YES NVRAM up up NVI0 1.1.1.1 YES unset up up
sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback7
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1.10
L 192.168.10.1/32 is directly connected, GigabitEthernet0/1.10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet0/1.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/1.20
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, GigabitEthernet0/1.30
L 192.168.30.1/32 is directly connected, GigabitEthernet0/1.30sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/1.10 Internet 192.168.20.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/1.20 Internet 192.168.30.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/1.30
Now on the switch :
sh int trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 1001 Port Vlans allowed on trunk Gi0/1 10,20,30 Port Vlans allowed and active in management domain Gi0/1 10,20,30 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 10,20,30
sh int status Port Name Status Vlan Duplex Speed Type Gi0/1 RT-2901-G0/1 connected trunk a-full a-1000 10/100/1000BaseTX Gi0/2 Kurilonga-SRV connected 10 a-full a-1000 10/100/1000BaseTX Gi0/3 Kurilonga-SRV connected 10 a-full a-1000 10/100/1000BaseTX Gi0/4 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/5 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/6 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/7 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/8 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/9 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/10 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/11 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/12 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/13 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/14 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/15 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/16 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/17 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/18 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/19 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/20 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/21 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/22 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BaseTX Gi0/23 Menga-SRV notconnect 20 auto auto 10/100/1000BaseTX Gi0/24 Menga-SRV notconnect 20 auto auto 10/100/1000BaseTX Gi0/25 notconnect 1 auto auto Not Present Gi0/26 SFP-PORT notconnect 1 auto auto Not Present Fa0 disabled routed auto auto 10/100BaseTX
sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 - e8ba.708c.afc1 ARPA Vlan10 Internet 192.168.30.2 - e8ba.708c.afc2 ARPA Vlan30
Devices :
On VLAN 10: Machine1 has IP address 192.168.10.3 and Machine2 has IP address 192.168.10.4, netmask 255.255.255.0 and gateway 192.168.30.1. I used the same machines for testing VLAN 20, but changed IP addresses for 192.168.20.3 and 192.168.20.4, with netmask 255.255.255.0 and gateway 192.168.30.1.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 02:09 PM
Thanks for the additional information. I believe that you are making progress with this. Let me deal with the most important issue first and then a few more comments.
You say " gateway 192.168.30.1" This is a big problem. The device's gateway needs to be in the same subnet as the device address. So for 192.168.10.3 the gateway needs to be 192.168.10.1. So for the 4 devices you need to configure the appropriate gateway.
Next - show arp on the router shows the router interfaces in the vlans but does not show any device from the switch. I would have expected to see the switch vlan IP addresses in the arp table. And ideally would see the device IP addresses in the arp table. We need to figure out what is causing this. As a first step would you post the output of the command show cdp neighbor on both the router and the switch?
The arp table on the switch show entries for 2 vlan interfaces. I thought you had eliminated all but one vlan interface.
I see only 2 switch ports showing connected devices. Is that correct?
Is the switch connected to G0/0 or to G0/1?
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 05:49 PM
Ok Rick, I think I overreacted I little bit, my apologize !
I reordered the whole thing.
For my machines, I assigned 192.168.10.3 for Machine0 and 192.168.10.4 for Machine1 both with gateway 192.168.10.1. Machine2 received 192.168.20.3 and Machine3 assigned with 192.168.20.4 both with gateway 192.168.20.1.
I could ping each host and their respective gateways, as well I could ping one host in other VLAN without issues.
You only saw two connected ports because in the moment I did the tests, only two were connected, now I have the fully setup of two ports of each VLAN connected.
Switch is connected to G0/1.
I'll post outputs from router and switch :
Switch :
kurilongaswitch#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.30.2 - e8ba.708c.afc2 ARPA Vlan30
sh int status Port Name Status Vlan Duplex Speed Type Gi0/1 RT-2901-G0/1 connected trunk a-full a-1000 10/100/1000BX Gi0/2 Kurilonga-SRV connected 10 a-full a-1000 10/100/1000BX Gi0/3 Kurilonga-SRV connected 10 a-full a-1000 10/100/1000BX Gi0/4 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/5 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/6 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/7 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/8 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/9 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/10 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/11 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/12 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/13 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/14 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/15 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/16 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/17 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/18 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/19 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/20 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/21 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/22 Kurilonga-SRV notconnect 10 auto auto 10/100/1000BX Gi0/23 Menga-SRV connected 20 a-full a-1000 10/100/1000BX Gi0/24 Menga-SRV connected 20 a-full a-100 10/100/1000BX Gi0/25 notconnect 1 auto auto Not Present Gi0/26 SFP-PORT notconnect 1 auto auto Not Present Fa0 disabled routed auto auto 10/100BaseTX
sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
kurilongarouter.yourdomain.com
Gig 0/1 143 R S I CISCO2901 Gig 0/1Router :
sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID kurilongaswitch Gig 0/1 153 S I WS-C2960S Gig 0/1
sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10 Internet 192.168.10.3 18 0021.5e6c.dac3 ARPA GigabitEthernet0/10 Internet 192.168.10.4 18 2c76.8a4f.220c ARPA GigabitEthernet0/10 Internet 192.168.20.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10 Internet 192.168.20.3 19 0022.6406.99e4 ARPA GigabitEthernet0/10 Internet 192.168.20.4 57 0017.a446.c61c ARPA GigabitEthernet0/10 Internet 192.168.30.1 - a493.4c68.cdc9 ARPA GigabitEthernet0/10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2022 12:17 PM
Apology appreciated. Thanks for the additional information and for explaining what you have done. Glad to know that now you have it working. I believe that there have been several issues to be solved along the way, the most recent probably being the appropriate gateway for computers connected in the various vlans. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2022 03:01 PM
Hi Rick,
For sure I'll continue engaging in this great community. The same way I can learn, I can help others.
My investigation is just beginning, as I do plan to create a whole complete virtualization lab environment, and next steps involves ACLs, VACLs, VXLAN-EVPN and other stuffs out there for large scale networks, but now, baby steps first. I'll love to share all of this with community folks.
YS,
Pedro Alves.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2022 01:41 PM
Fellow @Richard Burts
I can say I managed the problem ! Thankyou very much for helping me to go through the process.
What happened is that I created the interface for VLAN 10 unnecessarily as you quite noted, and also attributed the IP address 192.168.10.2 for that interface. After removing it, everything is working just fine in both VLANs, I can ping hosts in the same VLAN and also reach out other VLAN as well.
I really aprecciate all the help and advises.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2022 11:10 PM
@pedroalvesbatista wrote:
The output is exactly the same as I wrote before.
Get a different machine to console into the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
