cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1248
Views
0
Helpful
9
Replies

c2960G-8TC-L is not routing IOS 15.0(2)

This is my house where I have numerous Cisco switches and routers for lab work. Probably all EOL. I have the latest IOS. I am simply trying to use a router on a stick method from my ISP through a switch to an internal LAN bidirectionally. I have done this before with other enterprise switches, but I would like stay at 1 Gbit. However no matter what I try I am unable to get outside of the switch. The encap function does not work on this switch. SO I changed to sdm prefer lanbase-routing and after the reload I set up ip routing and two vlans 10 and 20 and a default route. Nothing. vlan 10 and vlan 20 do not route. I really beleive it is this switch. What it says it should do and what is does are not the same.

 

 

1 Accepted Solution

Accepted Solutions

Leo Laohoo
Hall of Fame
Hall of Fame

@RobertHatcher69747 wrote:

The encap function does not work on this switch.


2960-series family of switches only support 802.1q and this is why the "encapsulation" option is not accepted.

View solution in original post

9 Replies 9

Richard Burts
Hall of Fame
Hall of Fame

You have described an issue but have not provided any details to help us identify what that issue really is or suggestions about how to resolve it. A good first step would be to provide the running configuration. Other things that might be helpful would be the output of these commands

show ip route

show arp (or perhaps show ip arp)

show interface status

HTH

Rick

I stand corrected on the obvious.

Den-Switch#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

 

Den-Switch#sho int status

Port Name Status Vlan Duplex Speed Type
Gi0/1 R720xd IDRAC7 connected 20 a-full a-100 10/100/1000BaseTX
Gi0/2 R720xd LOM1 connected 20 a-full a-1000 10/100/1000BaseTX
Gi0/3 R720xd LOM2 connected 20 a-full a-100 10/100/1000BaseTX
Gi0/4 LAB-PC .12 connected 20 a-full a-10 10/100/1000BaseTX
Gi0/5 notconnect 10 auto auto 10/100/1000BaseTX
Gi0/6 Den-Router Fa0/0 notconnect 10 auto auto 10/100/1000BaseTX
Gi0/7 Bobs-Win10 connected 10 a-full a-1000 10/100/1000BaseTX
Gi0/8 Basement-Sw connected trunk a-full a-1000 10/100/1000BaseTX

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

1.0.0.0/32 is subnetted, 1 subnets
C 1.2.3.4 is directly connected, Loopback0
C 192.168.11.0/24 is directly connected, Vlan20
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 10.0.0.1

 

Den-Switch#sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.1 0 3c9a.77f3.9c55 ARPA Vlan10
Internet 10.0.0.37 - 108c.cf3c.da41 ARPA Vlan10
Internet 192.168.11.1 - 108c.cf3c.da42 ARPA Vlan20
Internet 192.168.11.12 0 ac16.2d12.06d8 ARPA Vlan20

 

Thanks for the additional information. Thanks to @Leo Laohoo for the explanation about the encapsulation. And that could only impact the one interface which is configured as a trunk, and that would not have anything to do with routing on the switch or to do with access to the Internet.

 

Let me first comment on the config that you posted and what I consider to be the important things that I see in it:

- you do have ip routing enabled (and that is confirmed in the output of show ip route that you posted)

- you do have vlans 10 and 20 configured.

- you do have some access ports in vlan 10 and some access ports in vlan 20.

- you have configured vlan interfaces for both vlan 10 and 20 and have configured appropriate IP addressing on both interfaces. 

Based on that I am convinced that your switch is routing between those two vlans. If you had devices connected in both vlans I am convinced that they would communicate with each other. But the arp table says that you have 1 device connected in vlan 20 and only your gateway device connected in vlan 10 (and there are issues impacting your device communicating with the gateway which I will discuss).

 

In your original post you say "no matter what I try I am unable to get outside of the switch". I believe that if you had a device connected in vlan 10 that it wold be able to get outside. Perhaps you can test that? But looking at the big picture here I believe that there are 2 issues involved. They have to do with the gateway device at 10.0.0.1. I assume that 10.0.0.1 is the ISP device? I am guessing that it does not have a route for the 192.168.11.0 network on vlan 20. That is one reason why vlan 20 can not get outside. The other reason why vlan 20 can not get outside is that there is no address translation for 192.168.11.0.

 

Since your switch does not support address translation the solution to both issues will require changes on the ISP device. Do you have access to make changes on the ISP device? If so can you configure a route on that device for the 192.168.11.0 network? And can you configure address translation for 192.168.11.0?

HTH

Rick

Thank You. I do have a device on port 7 (vlan 10) for the 10.0.0.10/24  and I am typing on it. I also have another Windows 10 Pro PC on gi0/4 at 192.168.11.12 (vlan 20). I try pinging from the switch and the loopback on the switch to either address and nada. I can ping from 10.0.0.10 to the switch at 10.0.0.37.

I cannot ping from the switch back to 10.0.0.10.

I cannot ping from the switch to 192.168.11.12

I cannot ping from 192.168.11.12 to the switch at 192.168.11.1

The other addresses on vlan 20 are turned off as they represent the Dell server and I know if I get the .12 to work they will also.

I powered up the Dell and waited until ESXI and the VMs booted and I can ping all of them from the switch on vlan 20, but not the .12 on the inside PC. Hmmmm! That's a new one.

I can ping from 192.168.11.12 to the dell server, esxi and VMs.

I have the firewall correctly configured for all operations, but I turned the VMs, and the two PCs on vlan 10 and 20 off and get the exact same issues.

So finally I powered and configured the old 2950G-24-EI up wit the same basioc config and it works, but at a 100 Mb. I personally am convinced the 2960G-8TC-L is falsely advertised as a inter vlan switch.

 

Thanks for the update. This is a lot to think about. As a starting point I am interested that you are active on the PC in port 7. But that does not show up in the arp table. Can you post the output of ipconfig (or equivalent command if not a Windows PC) so that we can understand the address, mask, gateway, etc for that PC?

 

[edit] can you post the output ipconfig all so that we can see if perhaps there is more than one active address?

HTH

Rick


Den-Switch#sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.10 0 1c87.2c55.dc28 ARPA Vlan10
Internet 10.0.0.1 6 3c9a.77f3.9c55 ARPA Vlan10
Internet 10.0.0.37 - 108c.cf3c.da41 ARPA Vlan10
Internet 192.168.11.60 41 18fb.7b9c.0e71 ARPA Vlan20
Internet 192.168.11.1 - 108c.cf3c.da42 ARPA Vlan20
Den-Switch#

I also remembered to change the font to Courier so the info is easier to read.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 1C-87-2C-55-DC-28
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:5cb:c300:3450::b7cc(Preferred)
Lease Obtained. . . . . . . . . . : Monday, March 23, 2020 07:32:30
Lease Expires . . . . . . . . . . : Monday, March 30, 2020 07:32:28
IPv6 Address. . . . . . . . . . . : 2601:5cb:c300:3450:c07d:8130:5aa6:dce8(Preferred)
Temporary IPv6 Address. . . . . . : 2601:5cb:c300:3450:905f:b6f0:d4fc:80e8(Preferred)
Link-local IPv6 Address . . . . . : fe80::c07d:8130:5aa6:dce8%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::3e9a:77ff:fef3:9c55%13
10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 370968364
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-80-CC-51-1C-87-2C-55-DC-28
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

 

Other than IPv6 there are no other addresses.

Thanks for the additional outputs. I note that your PC was not in the first arp table that you posted but is in the current table. Also that the PC at 192.168.11.12 was in the first arp table but not in the current arp table. If it is not in the arp table that would explain why the switch can not ping it and it can not ping the switch.

 

I am not clear that when your PC at 10.0.0.10 is in the arp table is it able to ping the gateway at 10.0.0.1? Is it able to ping 8.8.8.8?

HTH

Rick

Leo Laohoo
Hall of Fame
Hall of Fame

@RobertHatcher69747 wrote:

The encap function does not work on this switch.


2960-series family of switches only support 802.1q and this is why the "encapsulation" option is not accepted.

I agree, but you would think an ENTERPRISE switch would not shortcut in that area. In the meanwhile I ordered another Cisco switch SG350-10P. My requirements for my Den are to keep the fan noise down. The fanless market is limited, but research shows this switch will work. I would love to get the 2960CX-8 series, but none of the used and refurbished are cheap enough for my budget. I thank all who answered this.

Review Cisco Networking for a $25 gift card