Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1121
Views
0
Helpful
6
Replies

Cisco 2911 SM-ES2-24-P switch module not connecting to router

Go to solution
Clay Plaga
Level 3
Level 3

‎01-25-2021 03:44 AM

I have a Cisco 2911 router with a SM-ES2-24-P switch module installed. I have access to the switch module and the router for configuration. This is a test network.

This is the problem:

Router can ping 8.8.8.8

From the router, I can ping the switch module vlan IP's

From the router I can ping the vlan gateway IP's

From the switch I can not ping 8.8.8.8

From the switch module I can ping the router outside interface IP (internet facing)

From a workstation connected to the switch module, I can not ping 8.8.8.8 or connect to the internet

 

Is there a special command for the 2911 I need to use to connect through the switch module into the router to the internet?

Any assistance will be appreciated. Thank you.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-25-2021 05:17 AM - edited ‎01-25-2021 05:19 AM

Hello @Clay Plaga ,

in order to be able to ping 8.8.8.8 you need NAT Network address Translation.

 

The private RFC 1918 addresses can be translated by the router but it needs an appropriate configuration to be able to.

 

>> From the switch module I can ping the router outside interface IP (internet facing)

this works because the router is able to answer back to the switch module so you have no communication issues with the switch module you need NAT.

 

ip nat inside   on interfac to the switch module

 

ip nat outside on internet facing interface

! the following is just an example each subnet of 10/8 172.16-31.x.y and 192.168.w.z are private IP addresses

 

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

 

ip nat source inside list 101 interface <name> overload

 

 

 

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-25-2021 05:17 AM - edited ‎01-25-2021 05:19 AM

Hello @Clay Plaga ,

in order to be able to ping 8.8.8.8 you need NAT Network address Translation.

 

The private RFC 1918 addresses can be translated by the router but it needs an appropriate configuration to be able to.

 

>> From the switch module I can ping the router outside interface IP (internet facing)

this works because the router is able to answer back to the switch module so you have no communication issues with the switch module you need NAT.

 

ip nat inside   on interfac to the switch module

 

ip nat outside on internet facing interface

! the following is just an example each subnet of 10/8 172.16-31.x.y and 192.168.w.z are private IP addresses

 

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

 

ip nat source inside list 101 interface <name> overload

 

 

 

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Clay Plaga
Level 3
Level 3
In response to Giuseppe Larosa

‎01-25-2021 06:25 AM

Thank you for the help. Yes, I do have a NAT configuration. Let me explain. I am a beginner, studying for CCNA. A friend of mine has multiple Cisco certifications, and he configures and troubleshoots firewalls, switches and routers all day at his job. That's all he does. He configured the NAT for me. The NAT is working, the vlans on the switch module are working, and the inter vlan routing is working on the router. He spent 2 hours troubleshooting the 2911 on Saturday, and he's not sure what the problem is. I will be in front of the network in 2 hours. Are there any suggestions you can make to troubleshoot? I will make contact when I'm at the office.

Thank you again.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Clay Plaga

‎01-25-2021 06:45 AM

Hello @Clay Plaga ,

thanks  for your kind remarks.

The IP subnet used between the router and the switch module needs to have ip nat inside and also that subnet has to be included in the access-list used for NAT  in addition to subnets associated to SVIs  (VLAN interfaces OSI L3) defined on the switch module.

You may need also some static routes to reach those IP subnets on the router/switch module link.

 

Hope to help

Giuseppe

 

 

 

0 Helpful

Go to solution
Clay Plaga
Level 3
Level 3
In response to Giuseppe Larosa

‎01-25-2021 11:44 AM

This is the running config for the  2911 router and the switch module:

 

Router:

[Resuming connection 1 to 172.16.1.1 ... ]

new_switch5_sd#
new_switch5_sd#
New-Router#show run
Building configuration...

Current configuration : 2563 bytes
!
! Last configuration change at 18:48:39 UTC Mon Jan 25 2021 by clay
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname New-Router
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/1
!
no aaa new-model
!
!
!
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2911/K9 sn FJC1910A1VA
hw-module sm 1
!
!
!
username clay password 0 clay
!
redundancy
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ***Inside-Interfae***
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.5
description INSIDE INTERFACE
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description ***Connected-to-LinkSys***
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface GigabitEthernet1/0
ip address 172.16.1.1 255.255.255.0
!
interface GigabitEthernet1/1
description Internal switch interface connected to Service Module
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 101 permit ip 192.168.6.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.13.0 0.0.0.255 any
access-list 101 permit ip 172.16.10.0 0.0.0.3 any
access-list 101 permit ip 192.168.80.0 0.0.0.255 any
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

New-Router#

 

This is the 

 

Switch:

 

new_switch5_sd#
new_switch5_sd#
new_switch5_sd#show run
Building configuration...

Current configuration : 5957 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname new_switch5_sd
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Ct05$EOtswY8i0HaZWt63.tWrU.
!
username clay password 7 14141E0A15
!
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
no ip domain-lookup
!
!
crypto pki trustpoint TP-self-signed-1965366656
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1965366656
revocation-check none
rsakeypair TP-self-signed-1965366656
!
!
crypto pki certificate chain TP-self-signed-1965366656
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393635 33363636 3536301E 170D3933 30333031 30303031
30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39363533
36363635 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D650 6202A5F1 7FC8D195 42902F5D CF6553E9 D5834975 0E1BA7B2 2118BF58
D72F2A57 FE59271D FB1002A7 29F6CDCE F678C004 AFA8480D 0A7017B2 5A724449
E7DDBB67 5677E1E2 ADE1A73F 40B31160 9541313F 74DDFFEE 1B7E588D 3B4475B6
34924AD8 63279762 F4672C35 276E6FF3 2787EBAF 0DFB694E E2A97B0F 39500C07
F2130203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F6E6577 5F737769 74636835 5F73642E 301F0603 551D2304
18301680 14C86BC8 84B565A8 B6629EAC A7EB5E0F 02D97FB9 B7301D06 03551D0E
04160414 C86BC884 B565A8B6 629EACA7 EB5E0F02 D97FB9B7 300D0609 2A864886
F70D0101 04050003 8181001B DEC049C1 988DEA19 D5BA7CFA EC128B41 6D6AEBA1
606FEBE1 01686393 B3B5179F 44046CA8 613AA147 55E00B10 EFD838A8 03A90754
77CF915B C8846047 316D8112 BE0F8504 1DE05F0B E06678B2 725F78B4 4D9E57E6
B4817ABC F0CDC4B5 CF3D0DE9 4C967DD2 359B7E4B 9D49F0A0 3D1AAC05 BD43C0B8
38A4B3FE 6C286743 3EFCC9
quit
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/2
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
description access port wifi vlan 20 ONLY NEEDS 1 WLAN/VLAN ON PORT
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/12
description access port wifi vlan 20 ONLY NEEDS 1 WLAN/VLAN ON PORT
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
description interface for vlan 13
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
description 5 subnet interfaces
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 70
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 80
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
description trunk port to 2911 rtr int gi0/0
switchport mode trunk
!
interface FastEthernet0/22
switchport mode access
!
interface FastEthernet0/23
description trunk port to 2504 WLC 192.168.5.4
switchport trunk native vlan 5
switchport trunk allowed vlan 5,20,30
switchport mode trunk
!
interface FastEthernet0/24
description trunk port to 2504 WLC 192.168.5.4
switchport trunk native vlan 5
switchport trunk allowed vlan 5,20,30
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan5
ip address 192.168.5.2 255.255.255.0
no ip route-cache
!
interface Vlan13
description vlan interface for vlan 13
ip address 192.168.13.2 255.255.255.0
no ip route-cache
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
no ip route-cache
!
interface Vlan30
ip address 192.168.30.2 255.255.255.0
no ip route-cache
!
interface Vlan80
ip address 192.168.80.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.5.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
exec-timeout 0 0
logging synchronous
login local
speed 115200
flowcontrol software
line vty 0 4
login
line vty 5 15
login
!
end

new_switch5_sd#

 

Thank you very much.

 

 

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Clay Plaga

‎01-26-2021 05:24 AM

Hello @Clay Plaga ,

on the switch module I think you need to enable ip routing

 

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.5.1

 

note: when ip routing is enabled the ip default-gateway command is useless you need a static default route like above one

 

on the router side:

ip route 192.168.13.0.255.255.255.0 192.168.5.2

ip route 192.168.20.0 255.255.255.0 192.168.5.2

ip route 192.168.30.0 255.255.255.0 192.168.5.2

 

ACL 101 has to include entries for the subnets 192.168.x.0/24 with x= 5,13, 20, 30

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Clay Plaga
Level 3
Level 3
In response to Giuseppe Larosa

‎01-27-2021 04:44 AM

Thank you for your help. For some strange reason, on Tuesday everything started working. I didn't do anything on the switch or the router at all. I hope it keeps working.

Thanks again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card