Solved: 2X sg550 and 1X3750

mark.stewart1 · ‎04-20-2021

Hi, I have this current setup, two sg550 switches connected to a 3750 which is in turn has an external connection to the internet.

from the 3750, i can ping both sg550 and also 8.8.8.8 over the internet.

what i want to be able to do is ping 8.8.8.8 from the sg550's, currently doing a traceroute it gets as far as the 3750 and that is it.

below are the configs for one of the sg550 (both very similar) and the 3750.

the 2 sg550's and plugged into ports 2 and 3 of the 3750 from port 3 on the sg550's.

---------------------------------------------------------------------------------------------------------

3750
Building configuration...

Current configuration : 1883 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchB
!
enable secret 5 XXXXXXXXX
enable password XXXXXXXXX
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface GigabitEthernet2/0/1
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet2/0/2
switchport access vlan 66
switchport mode access
!
interface GigabitEthernet2/0/3
switchport access vlan 66
switchport mode access
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface Vlan1
no ip address
shutdown
!
interface Vlan666
ip address 80.0.0.11 255.255.255.240
!
interface Vlan999
ip address 192.168.0.5 255.255.255.0
!
ip default-gateway 10.50.1.145
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 80.0.0.0 255.255.255.240 80.0.0.12
ip route 80.0.0.0 255.255.255.240 80.0.0.13
ip http server
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password XXXXXX
login
line vty 5 15
password XXXXXX
login
!
end

---------------------------------------------------------------------------------------------------------

SG550

config-file-header
-----
v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 665-668
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname -----
aaa authentication login authorization SSH local
aaa authentication enable authorization SSH enable
line ssh
login authentication SSH
enable authentication SSH
password XXXX encrypted
exit
username admin password encrypted XXXX privilege 15
ip ssh server
ip ssh-client source-interface vlan 65
ip ssh-client server authentication
!
interface vlan 65
name abc
ip address 10.50.1.145 255.255.255.240
!
interface vlan 66
name def
ip address 80.0.0.12 255.255.255.240
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
switchport access vlan 65
!
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport access vlan 66
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface TengigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
exit
ip default-gateway 80.0.0.11

balaji.bandi · ‎04-21-2021

On 3750 remove the " no ip default-gateway 10.173.1.145"

what is this device - 192.168.42.1 (hope this device doing all NAT for you to send out)

when you do ping from 3750, it uses 192.168.42.X range to go out.

So if you doing same traeceroute 80.80.80.X network its not going out and there is no route back

On 192.168.42.1 - make static route point towards your network range 80.80.80.X 255.255.255.240 towards 192.168.42.5 ( Cisco 3750)

also make sure 80.80.80.X also added in the NAT.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎04-20-2021

Make sure VLAN numbers are correct you have Intervace vlan 666 and vlan 999 ( make sure you extend the same vlan to other switches)

Make Trunk on 3750 side :

interface GigabitEthernet2/0/2
switchport mode trtunk
!
interface GigabitEthernet2/0/3
switchport mode trtunk

same on SG side :

interface GigabitEthernet x/x
switchport mode trunk

Device connected port need to be

interface GigabitEthernet1/0/2
switchport access vlan 666 ( example ?)

test and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mark.stewart1 · ‎04-21-2021

ok, on the 3750, this is now the config:-

interface GigabitEthernet2/0/1
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/3
switchport trunk encapsulation dot1q
switchport mode trunk

1 is the internet access port, 2 and 3 are connected to the sg550's

on the sg550's

i now have this on the ports connected to the 3750

interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!

i can still ping 8.8.8.8 and the sg550's from the 3750.

but from the sg550's i can still only ping the 3750, no further.

thanks,

mark.

balaji.bandi · ‎04-21-2021

For testing :

n the sg550's

i now have this on the ports connected to the 3750

interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
no macro description switch
!next command is internal.
no macro auto smartport dynamic_type switch
!

Post show ip route and traceroute where it blocking ? (on SG Switch)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mark.stewart1 · ‎04-21-2021

HI, below is the shop ip route and traceroute on the sg550

SW01#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP

S 0.0.0.0/0 [1/4] via 80.80.80.11, 46:34:24, vlan 666
C 80.80.80.0/28 is directly connected, vlan 666

SW01#traceroute ip 8.8.8.8
Tracing the route to 8.8.8.8 (8.8.8.8) from , 30 hops max, 18 byte packets
Type Esc to abort.
1 80.80.80.11 (80.80.80.11) <10 ms <20 ms <10 ms
2 * * *
3 * * *
4 * * *

where 80.80.80.11 is the 3750.

thanks,

Mark.

balaji.bandi · ‎04-21-2021

You IP address is on 3750 is below

interface Vlan666
ip address 80.0.0.11 255.255.255.240

On other switch shows as below ? is this correct IP address configured ?

S 0.0.0.0/0 [1/4] via 80.80.80.11, 46:34:24, vlan 666
C 80.80.80.0/28 is directly connected, vlan 666

correct it and test.

still issue post complete new config of both the device 3750 and SG to look

post show ip route also from 3750.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mark.stewart1 · ‎04-21-2021

Apologies i confused things earlier, i had changed some of the ip';s since original config. heres a full new config for both.

Building configuration...

Current configuration : 1901 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SWITCH
!
enable secret 5xxxx
enable password xxxx
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface GigabitEthernet2/0/1
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface Vlan1
no ip address
shutdown
!
interface Vlan666
ip address 80.80.80.11 255.255.255.240
!
interface Vlan999
ip address 192.168.42.5 255.255.255.0
!
ip default-gateway 10.173.1.145
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.42.1
ip route 80.80.80.0 255.255.255.240 80.80.80.12
ip route 80.80.80.0 255.255.255.240 80.80.80.13
ip http server
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password xxxx
login
line vty 5 15
password xxxx
login
!
end

SG550

v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 665-668
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SW01
aaa authentication login authorization SSH local
aaa authentication enable authorization SSH enable
line ssh
login authentication SSH
enable authentication xxxx encrypted
exit
username admin password encrypted xxxx privilege 15
ip ssh server
ip ssh-client source-interface vlan 665
ip ssh-client server authentication
!
interface vlan 665
name ext-fw
ip address 10.173.1.145 255.255.255.240
!
interface vlan 666
name outgoing
ip address 80.80.80.12 255.255.255.240
!
interface vlan 667
name abc
!
interface vlan 668
name Sync
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
switchport access vlan 665
!
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/6
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 668
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/7
switchport access vlan 665
!
interface GigabitEthernet1/0/18
switchport access vlan 666
!
interface TengigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
exit
ip default-gateway 80.80.80.11

FRom the 3750:-

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 192.168.42.1 to network 0.0.0.0

C 192.168.42.0/24 is directly connected, Vlan999
80.0.0.0/28 is subnetted, 1 subnets
C 80.80.80.0 is directly connected, Vlan666
10.0.0.0/23 is subnetted, 1 subnets
S 10.173.0.0 [1/0] via 80.80.80.12
[1/0] via 80.80.80.13
S* 0.0.0.0/0 [1/0] via 192.168.42.1

many thanks,

Mark.,

balaji.bandi · ‎04-21-2021

On 3750 remove the " no ip default-gateway 10.173.1.145"

what is this device - 192.168.42.1 (hope this device doing all NAT for you to send out)

when you do ping from 3750, it uses 192.168.42.X range to go out.

So if you doing same traeceroute 80.80.80.X network its not going out and there is no route back

On 192.168.42.1 - make static route point towards your network range 80.80.80.X 255.255.255.240 towards 192.168.42.5 ( Cisco 3750)

also make sure 80.80.80.X also added in the NAT.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help