cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2698
Views
0
Helpful
16
Replies

L3 Routing on Catalyst 2960S

cschmitt
Level 1
Level 1

Hi All,

 

I'm pretty new to switches and I've recently purchased a Catalyst 2960s. Although I'm aware this is an L2 switch, I'm pretty sure I can connect several devices to the internet using it (16 I believe, one for each SVI). I'm a few days into attempting this. From how I understand it, I need to create a VLAN and assign a port to it, then create an SVI, which is Level 3 by assigning an IP address to the VLAN. Then, I need to to IP routing (not sure how).

 

Any help here would be appreciated. I've been playing in the CLI for a few days, Googling just about everything, but no luck yet. Thanks in advance.

16 Replies 16

balaji.bandi
Hall of Fame
Hall of Fame

Not sure what IP routing you looking here.

 

If you created an L3 interface with ip routing enabled, inside switch L3 interface able to communcate each other.

If you like to default route to your uplink side, then you can add below command 

 

ip route 0.0.0.0 0.0.0.0 x.x.x.x ( x.x.x.x is your uplink route)

 

or if that not what you looking then - best to suggest to give post your configuration and exaplain more what routing you looking to add

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

For some reason I'm not able to ping the router's IP/ uplink route, which may explain why traffic can't be directed there? However when I ping the VLAN's IP that a gigabit port is in that the uplink route is connected to, I get a response, and only don't get a response when the uplink's not connected.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello,

in addition to enable ip routing in global config you may need to change the SDM template.

see the following thread

https://community.cisco.com/t5/switching/enable-l3-routing-on-c2960s/m-p/2177069

 

Hope to help

Giuseppe

 

I already did "sdm prefer lanbase-routing" and enabled ip routing but no cigar...

in this case we would like to see your complete configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Okay, however I've just been playing around with it so I don't think any part of the config is indicative of the problem.

 

Switch#show running-config 
Building configuration...

Current configuration : 3596 bytes
!
! Last configuration change at 22:48:24 UTC Sun Jan 1 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$joUk$rodinZKNW5JzEuxLe/5QT0
!
no aaa new-model
clock timezone UTC -5 0
clock summer-time UTC recurring
switch 1 provision ws-c2960s-24ts-l
ip routing
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-508573952
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-508573952
 revocation-check none
 rsakeypair TP-self-signed-508573952
!         
!         
crypto pki certificate chain TP-self-signed-508573952
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 35303835 37333935 32301E17 0D303630 31303230 30303035 
  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3530 38353733 
  39353230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  F2E5E526 7A3D964F 73C8CC43 DF602213 B2BF8A30 7AF958D6 7CE80727 87118A51 
  CAA3F7A7 23080592 F21B0FAB 62B62766 BD8FE0EE 4002E03A FA2762A0 C6806EF8 
  B5ED5AAF 204171B4 DA860804 CEF65ECF 3E3F0945 74C4ED9F 8D5D1EAA F0A3A410 
  90E48627 2ABE531D 315DCEF4 5918CCDE E11E0EA2 F866C9F7 7AD2F4E1 F797C3DB 
  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 
  23041830 16801420 54FB2156 41E8F596 BA8FAE17 7299C7F6 C70D8330 1D060355 
  1D0E0416 04142054 FB215641 E8F596BA 8FAE1772 99C7F6C7 0D83300D 06092A86 
  4886F70D 01010505 00038181 009EE424 F1AE4DFA 21C646AF 4CBF67CE 6E0306E2 
  EA632354 7095DC1E 6BBC689B D0B41949 225200ED 41043889 6402025C E74F918E 
  990F6C07 56992332 A73830B8 E4C312AC 92FF1644 522CE7F3 082DD0C0 E9DD1981 
  65BD28A5 FDDDE75C 39393399 8075123C D67C1AC9 9BFA4A1D 7F70AA24 4ADDE48B 
  436DDEFA 63093ED8 AE5407AC 4A
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!         
!         
!         
!         
vlan internal allocation policy ascending
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface FastEthernet0
 no ip address
 no ip route-cache
!         
interface GigabitEthernet1/0/1
!         
interface GigabitEthernet1/0/2
!         
interface GigabitEthernet1/0/3
!         
interface GigabitEthernet1/0/4
!         
interface GigabitEthernet1/0/5
!         
interface GigabitEthernet1/0/6
!         
interface GigabitEthernet1/0/7
!         
interface GigabitEthernet1/0/8
!         
interface GigabitEthernet1/0/9
!         
interface GigabitEthernet1/0/10
!         
interface GigabitEthernet1/0/11
!         
interface GigabitEthernet1/0/12
!         
interface GigabitEthernet1/0/13
 switchport access vlan 13
 switchport mode trunk
!         
interface GigabitEthernet1/0/14
 switchport access vlan 14
 switchport mode access
!         
interface GigabitEthernet1/0/15
!         
interface GigabitEthernet1/0/16
!         
interface GigabitEthernet1/0/17
!         
interface GigabitEthernet1/0/18
!         
interface GigabitEthernet1/0/19
!         
interface GigabitEthernet1/0/20
!         
interface GigabitEthernet1/0/21
!         
interface GigabitEthernet1/0/22
!         
interface GigabitEthernet1/0/23
!         
interface GigabitEthernet1/0/24
!         
interface GigabitEthernet1/0/25
!         
interface GigabitEthernet1/0/26
!         
interface GigabitEthernet1/0/27
!         
interface GigabitEthernet1/0/28
!         
interface Vlan1
 ip address 10.10.1.1 255.255.255.0
!         
interface Vlan13
 ip address 10.10.13.1 255.255.255.0
!         
interface Vlan14
 ip address 10.10.14.1 255.255.255.0
!         
ip default-gateway 10.10.1.2
ip http server
ip http secure-server
!         
!         
!         
!         
line con 0
line vty 0 4
 password 12345
 login    
line vty 5 15
 password 12345
 login    
!         
end 

I have the line from the router plugged into g1/0/13 and at the moment I'm just trying to get internet to a computer on g1/0/14. Keep in mind I've tried all sorts of configs already.

 

Thanks again everyone for continuing to help me with this.

interface Vlan1
 ip address 10.10.1.1 255.255.255.0
!         
interface Vlan13
 ip address 10.10.13.1 255.255.255.0
!         
interface Vlan14
 ip address 10.10.14.1 255.255.255.0
ip default-gateway 10.10.1.2  << -- this is need to point to your router IP uplink
example : ip route 0.0.0.0 0.0.0.0 10.10.13.x (X is your uplink router IP.

 

you need to have NAT configured on router for your local lan IP address range for both 

10.10.14.X  and 10.10.13.x - also you need to have route back from router to switch for the IP address range 10.10.14.x for the return traffic.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Okay, luckily the router is NAT capable. How would it look in the settings? This is what it looks like now:

 

Screen Shot 2019-05-20 at 7.28.55 PM.png

 

Is the gateway the router or the switch in this case?

With 192.168.1.2 I tried to ping this from the switch but it is unreachable.

 

Also, should the switch's IP be in the same subnet as the router? Thanks again.

add more static routes as suggested other post.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame
Unsure why you believe there's a limit of 16 hosts and/or why only one per VLAN on a 2960. If you would like, could you expand on that?

In addition to what the other posters have described, to connect to the Internet you often need a NAT capable device, which I believe the 2960 doesn't support. If you do have such a device, it will need to "know" about your internal networks and how to reach them. Many consumer "routers" only support one internal network.

I believe there's a limit of 16 static routes, the way I was thinking, that meant one static route per SVI that points to the router, one device per SVI so each device has a unique IP address, hence 16 internet-connected devices.

And in that case, would I be able to connect a single device to the internet/ my consumer router via the switch? Also if I used static routes would that allow the device to not need to be NAT capable?

Ah, yes I believe there is a limit of 16 static routes but they don't need to be host routes and from the switch you shouldn't need them to route to SVIs defined on the switch.

Having static routes shouldn't bear on whether you need NAT or not.

Gotcha. So without a NAT capable router, there's no way to get internet connectivity on any devices plugged into the 2960s?

Thanks again for the help by the way.

" So without a NAT capable router, there's no way to get internet connectivity on any devices plugged into the 2960s?"

For private IPs correct, for public IPs you don't need NAT (and the 2960 could host those).

Review Cisco Networking for a $25 gift card