Default routing not working - Page 2

ashararitesh · ‎01-09-2020

Hello all,

Default routing not working in WS-C2960X-24TS-L, as below configuration.

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C2960X-24TS-L 15.2(7)E0a C2960X-UNIVERSALK9-M

Configuration register is 0xF

Switch#show run
Building configuration...

Current configuration : 1867 bytes
!
! Last configuration change at 09:40:13 UTC Mon Mar 21 2005
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.0.20.36 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
ip default-gateway 10.0.20.251
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.0.20.251
!
!
!
!
line con 0
line vty 5 15
!
!
end

Switch#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 266/269/273 ms
Switch#

Note : Inter vlan routing successfully but vlan 100 internet not working

mlund · ‎01-10-2020

Hi

As noted by the others, it is your sonic firewall that is not correctly configured.

When pc sends traceroute to 4.2.2.2, it sends 3 packets with ttl=1, that means the swithch have to drop the packets and sends a icmp ttl expired back to the pc. The pc then sends 3 packets with ttl=2. The switch looks in the routingtable and forwards the packet towards the sonic firewall, it also decrement the ttl value from 2 to 1. The packets arrive to the sonic that realize that the ttl is to expire, so it will look in its routingtable to see where 192.168.100.0 net is, so it can send the icmp ttl expire.

It probably finds that there is no such routingentry and will therefore send the packet too its default, wich is upstream to the provider.

The same scenario if you ping 4.2.2.2 from pc. It sends packet to switch, the switch sends to sonic, sonic sends to provider, when answer comes back there is no routingentry for 192.168.100.0.

The above is for routing part.

On top of that you also need to have nat configured for 192.168.100.0.

/Mikael