Solved: Re: C2960XR-48FPS-I as a Core/Access SW - Page 2

alfo208 · ‎03-26-2019

Hello I am new with Cisco Configuration. we have 2 C2960XR-48FPS-I stack and we need to have Wifi, voip, server (DHCP) and internet and I need to have 8 different vlans for WAPS, Server, Access, Voice, etc, and all those vlans need to comunicate in between. I have a Firewall Sonicwall (10.23.200.1)<-----> C2960XR (Core/Access) <---------> (WAPs, Printers, Voip, POS, Server, Security(Cameras))

I did a configuration but I cannot ping or have connectivity between VLANS.

example: a device in vlan 99 cannot ping a device in Vlan 100 or a a device in vlan 100 cannot ping a device in Vlan 200

partial config:

!

switch 1 provision ws-c2960x-48fps-l
switch 2 provision ws-c2960x-48fps-l
ip routing
!

interface GigabitEthernet1/0/1
description *** Server DHCP - Ethernet connection ***
switchport access vlan 100
switchport mode access
spanning-tree portfast

!

interface GigabitEthernet1/0/48
description ******Master Internet VLAN to Firewall X0 Main*****
switchport access vlan 200
switchport mode access
speed 1000
duplex full

!

interface GigabitEthernet2/0/1
description *** WAN SW Management PHWANSW1 GE 3 ***
switchport access vlan 99
switchport mode access
!

!
interface Vlan99
description ***Management***
ip address 10.23.99.1 255.255.255.0

!

interface Vlan100
description ***Server***
ip address 10.23.100.1 255.255.255.0

!
interface Vlan200
description *** Internet ***
ip address 10.23.200.2 255.255.255.0

!

ip default-gateway 10.23.200.1

!

ip route 0.0.0.0 0.0.0.0 10.23.200.1

please help!!!

!

alfo208 · ‎03-27-2019

Thanks all for the inputs, I will do some tests and check the gateway on the device 10.23.99.250 (is a WANSW that I need to manage). But my main question is the sw C2960XR with that current config will fulfill my design needs to have Wifi, voip, server (DHCP) and internet and I need to have 8 different vlans for WAPS, Server, Access, Voice, etc, and all those vlans need to comunicate in between. I have a Firewall Sonicwall (10.23.200.1)<-----> C2960XR (Core/Access) <---------> (WAPs, Printers, Voip, POS, Server, Security(Cameras))

Richard Burts · ‎03-27-2019

Most of this discussion has focused on a particular issue with 2 vlans and 2 hosts on those vlans. You now ask a much more broad question. You have described your requirements in pretty general terms (need 8 vlans, need the vlans to communicate with each other). And in pretty general terms your 2960 switch stack should be able to satisfy the requirement for 8 vlans (so 8 subnets) and routing between those subnets. As you get further into details about what you need (do you need to restrict what wifi can access, etc) the 2960 may or may not be able to fulfill all of your requirements. One thing is clear: you mention Internet access for your devices. The 2960 should be able to provide the routing to get to the Internet. But Internet access will require address translation. And your 2960 does not support address translation. For that you will need your firewall.

HTH

Rick

HTH

Rick

alfo208 · ‎03-27-2019

Thank you, yes I have a firewall sonicwall will will do the translation, in my config I have a 2 port in the sw (stack) going into my fw Main and fw HA so in the SW I have a static route 0.0.0.0 0.0.0.0 10.23.200.1 which is the firewall.

Now I did a test a laptop vlan 231 to a laptop vlan 100 and works so it is routing between vlans, now I need to check if any vlan will route to 10.23.200.1 to go to the internet.

Richard Burts · ‎03-27-2019

Glad to know that you have done testing and verify that routing between vlans is working. Based on what you showed in the original post about assigning ports to vlan 200 (which would be the ports connecting to the firewall), and configuring interface vlan 200 with its IP address, and configuring the default route with the IP of the firewall as the next hop then I am confident that this will work for any vlan to route to the firewall and be able to access the Internet.

HTH

Rick

HTH

Rick

alfo208 · ‎03-27-2019

thank you so much for your help

Richard Burts · ‎03-27-2019

You are welcome. I am glad that our suggestions have been helpful. It has been a team effort and that is one of the advantages of this community, that you may have multiple people each offering their individual insights and their expertise. Thank you for marking this discussion as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

HTH

Rick

paul driver · ‎03-27-2019

Hello

Just like to ask-

Do you have full l2 connection thoughout your estate, are all the necessary vlans populated in the vtp database switch(s) and are these allowed to traverse any trunks they maybe.

Also Is your switch stack working as it should be, do you have full stack ring speed etc..

sh vlan brief
sh switch detail
sh switch stack-ring speed

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎03-27-2019

Hello

Strike that just realized the foucs has moved on from inter-vlan routing - so apologies to all

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul