cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
813
Views
10
Helpful
15
Replies
ashararitesh
Beginner

Default routing not working

Hello all,

 

Default routing not working in WS-C2960X-24TS-L, as below configuration.

 

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C2960X-24TS-L 15.2(7)E0a C2960X-UNIVERSALK9-M


Configuration register is 0xF

Switch#show run
Building configuration...

Current configuration : 1867 bytes
!
! Last configuration change at 09:40:13 UTC Mon Mar 21 2005
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.0.20.36 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
ip default-gateway 10.0.20.251
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.0.20.251
!
!
!
!
line con 0
line vty 5 15
!
!
end

Switch#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 266/269/273 ms
Switch#

 

Note : Inter vlan routing successfully but vlan 100 internet not working

 

15 REPLIES 15
ashararitesh
Beginner

Switch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.0.20.251 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.0.20.251
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.20.0/24 is directly connected, Vlan20
L 10.0.20.36/32 is directly connected, Vlan20
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.1/32 is directly connected, Vlan100
Switch#

Georg Pauwen
VIP Expert

Hello,

 

I assume the device with IP address 10.0.20.251 is doing the NAT for your network ? Can you post the configuration of that device ?

it's sonicwall firewall, its interface ip address 10.0.20.251.

i can ping 4.2.2.2 from switch

its configured to NAT 192.168.100.0/24? No

 

I have 2960x switch and i give default route.

 

Thanks

Seb Rupik
VIP Advisor

Hi there,

What device is 10.0.20.251 ? Does it know how to reach 192.168.100.0/24 ? Is it configured to NAT 192.168.100.0/24?

 

cheers,

Seb.

Its sonicwall firewall, its interface ip address 10.0.20.251.

 

i can ping 4.2.2.2 from switch

ts sonicwall firewall, its interface ip address 10.0.20.251.

i can ping 4.2.2.2 from switch

s it configured to NAT 192.168.100.0/24? No

 

I have 2960x switch and i give default route.

 
Everyone's tags (0)

Hello,

 

as pointed out by Seb, the SonicWall needs to have a NAT entry for 192.168.100.0/24 and a route back to the L3 switch.

 

Check the NAT Policy Settings and the Route Policy Settings on your firewall...

Thanks for your reply,

 

When i tracert from my PC packet reach at gateway.

 

192.168.100.1 than its show unreachable.

 

 

What is the source IP of this ping, is it on the 10.0.20.0/24 subnet ?

 

If so the request will probably traveling to the sonicwall, which itself doesn't have a router for 192.168.100.0/24 .

 

 

I have 2960x & want to l3 switch.

can i configured NAT??

 

 

NAT is typically supported on routers and firewalls....and a few L3 switches, but not a 2960X!

Thanks
NAT configured in firewall for 10.0.20.251.
When i give default route in switch means unknown traffic reach at 10.0.20.251 its correct?
But my question is default routing not working

I'd imagine NAT is configured for the entire 10.0.20.0/24 subnet not just a single IP.

 

As @paul driver mentions traffic arriving on the 2960X destined to non-connected subnet will be forwarded towards the sonicwall. For the sonicwall to send a response it needs to know that 192.168.100.0/24 is reachable via 10.0.20.36 .

 

For a device in VLAN100 to be routed beyond the sonicwall, then the sonicwall needs to permit NAT for the 192.168.100.0/24 subnet.

 

cheers,

Seb.

paul driver
VIP Mentor

Hello

it won't work for two reasons:

1) your default route is pointing to vlan 20 so any attempt to reach a not connected prefix will be routed to vlan 20 not vlan 100

 

2) when you have pointed the default route towards vlan 100 then you will need a router/fw that is assigned that next hop ip address and is connected to vlan100 to be able to perform network translation for vlan 20 and 100 users



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future