04-20-2021 05:58 AM
Hi, I have this current setup, two sg550 switches connected to a 3750 which is in turn has an external connection to the internet.
from the 3750, i can ping both sg550 and also 8.8.8.8 over the internet.
what i want to be able to do is ping 8.8.8.8 from the sg550's, currently doing a traceroute it gets as far as the 3750 and that is it.
below are the configs for one of the sg550 (both very similar) and the 3750.
the 2 sg550's and plugged into ports 2 and 3 of the 3750 from port 3 on the sg550's.
---------------------------------------------------------------------------------------------------------
3750
Building configuration...
Current configuration : 1883 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchB
!
enable secret 5 XXXXXXXXX
enable password XXXXXXXXX
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface GigabitEthernet2/0/1
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet2/0/2
switchport access vlan 66
switchport mode access
!
interface GigabitEthernet2/0/3
switchport access vlan 66
switchport mode access
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface Vlan1
no ip address
shutdown
!
interface Vlan666
ip address 80.0.0.11 255.255.255.240
!
interface Vlan999
ip address 192.168.0.5 255.255.255.0
!
ip default-gateway 10.50.1.145
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 80.0.0.0 255.255.255.240 80.0.0.12
ip route 80.0.0.0 255.255.255.240 80.0.0.13
ip http server
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password XXXXXX
login
line vty 5 15
password XXXXXX
login
!
end
---------------------------------------------------------------------------------------------------------
SG550
config-file-header
-----
v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 665-668
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname -----
aaa authentication login authorization SSH local
aaa authentication enable authorization SSH enable
line ssh
login authentication SSH
enable authentication SSH
password XXXX encrypted
exit
username admin password encrypted XXXX privilege 15
ip ssh server
ip ssh-client source-interface vlan 65
ip ssh-client server authentication
!
interface vlan 65
name abc
ip address 10.50.1.145 255.255.255.240
!
interface vlan 66
name def
ip address 80.0.0.12 255.255.255.240
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
switchport access vlan 65
!
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport access vlan 66
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface TengigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
exit
ip default-gateway 80.0.0.11
Solved! Go to Solution.
04-21-2021 04:36 AM
On 3750 remove the " no ip default-gateway 10.173.1.145"
what is this device - 192.168.42.1 (hope this device doing all NAT for you to send out)
when you do ping from 3750, it uses 192.168.42.X range to go out.
So if you doing same traeceroute 80.80.80.X network its not going out and there is no route back
On 192.168.42.1 - make static route point towards your network range 80.80.80.X 255.255.255.240 towards 192.168.42.5 ( Cisco 3750)
also make sure 80.80.80.X also added in the NAT.
04-20-2021 07:29 AM
Make sure VLAN numbers are correct you have Intervace vlan 666 and vlan 999 ( make sure you extend the same vlan to other switches)
Make Trunk on 3750 side :
interface GigabitEthernet2/0/2
switchport mode trtunk
!
interface GigabitEthernet2/0/3
switchport mode trtunk
same on SG side :
interface GigabitEthernet x/x
switchport mode trunk
Device connected port need to be
interface GigabitEthernet1/0/2
switchport access vlan 666 ( example ?)
test and advise.
04-21-2021 12:39 AM
ok, on the 3750, this is now the config:-
interface GigabitEthernet2/0/1
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
1 is the internet access port, 2 and 3 are connected to the sg550's
on the sg550's
i now have this on the ports connected to the 3750
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
i can still ping 8.8.8.8 and the sg550's from the 3750.
but from the sg550's i can still only ping the 3750, no further.
thanks,
mark.
04-21-2021 02:17 AM
For testing :
n the sg550's
i now have this on the ports connected to the 3750
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
no macro description switch
!next command is internal.
no macro auto smartport dynamic_type switch
!
Post show ip route and traceroute where it blocking ? (on SG Switch)
04-21-2021 03:32 AM
HI, below is the shop ip route and traceroute on the sg550
SW01#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
S 0.0.0.0/0 [1/4] via 80.80.80.11, 46:34:24, vlan 666
C 80.80.80.0/28 is directly connected, vlan 666
SW01#traceroute ip 8.8.8.8
Tracing the route to 8.8.8.8 (8.8.8.8) from , 30 hops max, 18 byte packets
Type Esc to abort.
1 80.80.80.11 (80.80.80.11) <10 ms <20 ms <10 ms
2 * * *
3 * * *
4 * * *
where 80.80.80.11 is the 3750.
thanks,
Mark.
04-21-2021 03:58 AM
You IP address is on 3750 is below
interface Vlan666
ip address 80.0.0.11 255.255.255.240
On other switch shows as below ? is this correct IP address configured ?
S 0.0.0.0/0 [1/4] via 80.80.80.11, 46:34:24, vlan 666 C 80.80.80.0/28 is directly connected, vlan 666
correct it and test.
still issue post complete new config of both the device 3750 and SG to look
post show ip route also from 3750.
04-21-2021 04:23 AM
Apologies i confused things earlier, i had changed some of the ip';s since original config. heres a full new config for both.
Building configuration...
Current configuration : 1901 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SWITCH
!
enable secret 5xxxx
enable password xxxx
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface GigabitEthernet2/0/1
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface Vlan1
no ip address
shutdown
!
interface Vlan666
ip address 80.80.80.11 255.255.255.240
!
interface Vlan999
ip address 192.168.42.5 255.255.255.0
!
ip default-gateway 10.173.1.145
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.42.1
ip route 80.80.80.0 255.255.255.240 80.80.80.12
ip route 80.80.80.0 255.255.255.240 80.80.80.13
ip http server
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password xxxx
login
line vty 5 15
password xxxx
login
!
end
SG550
v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 665-668
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SW01
aaa authentication login authorization SSH local
aaa authentication enable authorization SSH enable
line ssh
login authentication SSH
enable authentication xxxx encrypted
exit
username admin password encrypted xxxx privilege 15
ip ssh server
ip ssh-client source-interface vlan 665
ip ssh-client server authentication
!
interface vlan 665
name ext-fw
ip address 10.173.1.145 255.255.255.240
!
interface vlan 666
name outgoing
ip address 80.80.80.12 255.255.255.240
!
interface vlan 667
name abc
!
interface vlan 668
name Sync
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
switchport access vlan 665
!
interface GigabitEthernet1/0/3
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/6
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 668
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/7
switchport access vlan 665
!
interface GigabitEthernet1/0/18
switchport access vlan 666
!
interface TengigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
exit
ip default-gateway 80.80.80.11
FRom the 3750:-
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.42.1 to network 0.0.0.0
C 192.168.42.0/24 is directly connected, Vlan999
80.0.0.0/28 is subnetted, 1 subnets
C 80.80.80.0 is directly connected, Vlan666
10.0.0.0/23 is subnetted, 1 subnets
S 10.173.0.0 [1/0] via 80.80.80.12
[1/0] via 80.80.80.13
S* 0.0.0.0/0 [1/0] via 192.168.42.1
many thanks,
Mark.,
04-21-2021 04:36 AM
On 3750 remove the " no ip default-gateway 10.173.1.145"
what is this device - 192.168.42.1 (hope this device doing all NAT for you to send out)
when you do ping from 3750, it uses 192.168.42.X range to go out.
So if you doing same traeceroute 80.80.80.X network its not going out and there is no route back
On 192.168.42.1 - make static route point towards your network range 80.80.80.X 255.255.255.240 towards 192.168.42.5 ( Cisco 3750)
also make sure 80.80.80.X also added in the NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide