08-10-2021 07:50 PM
Hello,
I am new to Layer 3 routing. I have a Cisco 3750-24TS-S i was told to get for Layer 3 practice for CCNA. I've got the interfaces up and connected to my ASA. I can ping 8.8.8.8 from both the ASA and switch. I can ping my computer from the switch. I can also ping 8.8.8.8 from the switch and source vlan 105 (the PC vlan) without a problem. However, the PC itself cannot ping 8.8.8.8 or get to the internet. Which doesn't make sense to me that the switch can, and I can by sourcing tRouting, Routing Protocols, Catalyst Switchhe PC Vlan as well. I've pasted in the ASA and Switch configs. There is no router in use here, just a switch with SVI and ASA 5508
Switch-1#sh run Building configuration... Current configuration : 4504 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch-1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$Mxbb$lyj4/KdXzL1Nz55KS5jY51 ! ! ! no aaa new-model switch 1 provision ws-c3750-24ts system mtu routing 1500 ip domain-name homenetwork ! ip dhcp pool 105 network 192.168.105.0 255.255.255.0 dns-server 208.67.222.222 208.67.220.220 default-router 192.168.105.1 ! ! ! password encryption aes ! crypto pki trustpoint TP-self-signed-3625605376 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3625605376 revocation-check none rsakeypair TP-self-signed-3625605376 ! ! crypto pki certificate chain TP-self-signed-3625605376 certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33363235 36303533 3736301E 170D3933 30333031 30303031 33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323536 30353337 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100F024 E7E045D0 2EE2ECDF D7631535 73ECB7CC C487DFD1 4E2C496E 186B185B 5966B8AB 237F6F57 2395146B F2340AEB E487E6EE F72CC11A B2DD4401 29E3604A 6E450F4F 411C05B3 FDF0DA94 028B3FE1 2F8A087A 6125A715 6D872CBD EE32F69B E45A2916 84F94066 C87E5AFC 4403E9B2 628CBF23 797EBD90 A492E2CA B2F8294A 2F8F0203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603 551D1104 18301682 14537769 7463682D 312E686F 6D656E65 74776F72 6B301F06 03551D23 04183016 8014B3EB 311B1057 F014CBB4 C29EEEC2 18610094 285D301D 0603551D 0E041604 14B3EB31 1B1057F0 14CBB4C2 9EEEC218 61009428 5D300D06 092A8648 86F70D01 01040500 03818100 1DBF59B3 4207AC2D E23A9700 3F19A24B 80CB71E4 5756B16F C72596FA 53EFAD81 4094364E 5A0D5231 E1DCC70A 8AC1D392 8601AB5C 60BD0379 8BB8A1FF BC47D2DE F61E527D 0C71616C AE75F50F 8AC04DA7 1235A244 A78BB1E4 61483428 70DE23F7 14E4EFD4 74B41C37 696B134B 281D4972 6393DE06 030B8EFC 4162A8B8 B71121BC quit ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ip ssh time-out 90 ip ssh version 2 ! ! interface FastEthernet1/0/1 description ASA Inside switchport access vlan 50 switchport mode access ! interface FastEthernet1/0/2 description ASA Management switchport access vlan 110 switchport mode access ! interface FastEthernet1/0/3 description Pc switchport access vlan 105 switchport mode access ! interface FastEthernet1/0/4 ! interface FastEthernet1/0/5 ! interface FastEthernet1/0/6 ! interface FastEthernet1/0/7 ! interface FastEthernet1/0/8 ! interface FastEthernet1/0/9 ! interface FastEthernet1/0/10 ! interface FastEthernet1/0/11 ! interface FastEthernet1/0/12 description Server switchport trunk encapsulation dot1q switchport trunk native vlan 110 switchport mode trunk ! interface FastEthernet1/0/13 ! interface FastEthernet1/0/14 ! interface FastEthernet1/0/15 ! interface FastEthernet1/0/16 ! interface FastEthernet1/0/17 ! interface FastEthernet1/0/18 ! interface FastEthernet1/0/19 ! interface FastEthernet1/0/20 ! interface FastEthernet1/0/21 ! interface FastEthernet1/0/22 ! interface FastEthernet1/0/23 description Access Point 1 switchport trunk encapsulation dot1q switchport trunk native vlan 110 switchport mode trunk ! interface FastEthernet1/0/24 description Uplink to Router GE0/0 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface Vlan1 no ip address ! interface Vlan50 ip address 192.168.50.2 255.255.255.0 ! interface Vlan105 ip address 192.168.105.1 255.255.255.0 ! interface Vlan106 description IoT ip address 192.168.106.1 255.255.255.0 ! interface Vlan110 description Management ip address 192.168.110.1 255.255.255.128 ! interface Vlan115 description Guest-Wifi ip address 172.115.1.1 255.255.255.128 ! interface Vlan150 description Server ip address 192.168.150.1 255.255.255.0 ! ip default-gateway 192.168.50.1 ip classless ip http server ip http secure-server ! ! vstack alias exec sis show interface status alias exec intb show ip interface brief ! line con 0 line vty 0 4 login line vty 5 15 login !
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores) : ASA Version 9.9(2)61 ! hostname ASA-1 domain-name homenetwork enable password $sha512$5000$cMt5yP8wA7V8rdsiNvnCQQ==$fY3ylnPNKK1argsxMGePyw== pbkdf2 names ! interface GigabitEthernet1/1 description Outside nameif outside security-level 0 ip address dhcp ! interface GigabitEthernet1/2 description Inside nameif Inside security-level 100 ip address 192.168.50.1 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only nameif management security-level 50 ip address 192.168.110.50 255.255.255.128 ! ftp mode passive dns server-group DefaultDNS domain-name homenetwork object network obj-192.168.150.50 host 192.168.150.50 pager lines 24 mtu outside 1500 mtu Inside 1500 mtu management 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 icmp permit any echo-reply outside icmp permit any Inside icmp permit any echo-reply Inside icmp permit any management asdm image disk0:/asdm-751-112.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 ! object network obj-192.168.150.50 nat (outside,Inside) static 192.168.150.11 ! nat (Inside,outside) after-auto source dynamic any interface route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 route management 0.0.0.0 0.0.0.0 192.168.110.1 1 route Inside 192.0.0.0 255.0.0.0 192.168.50.2 1 route Inside 192.168.105.0 255.255.255.0 192.168.50.2 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 192.168.105.0 255.255.255.0 management no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh stricthostkeycheck ssh 192.168.105.0 255.255.255.0 Inside ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept dynamic-access-policy-record DfltAccessPolicy username homenetwork password $sha512$5000$qPaDG0HHLuAde37EDb5IjA==$HhqfZY7SRnnT5y0+9LXd2A== pbkdf2 privilege 15 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection !
Solved! Go to Solution.
08-10-2021 11:53 PM - edited 08-10-2021 11:54 PM
Hello @NetworkTyler ,
first of all you need to enabled IP routing on the switch with
ip routing
then you need a default static route pointing to the ASA address as next-hop
ip route 0.0.0.0 0.0.0.0 192.168.50.1
The following command is used only when IP routing is disabled:
ip default-gateway 192.168.50.1
Then on the ASA you may need some changes too. But first fix the switch configuration.
Hope to help
Giuseppe
08-10-2021 11:53 PM - edited 08-10-2021 11:54 PM
Hello @NetworkTyler ,
first of all you need to enabled IP routing on the switch with
ip routing
then you need a default static route pointing to the ASA address as next-hop
ip route 0.0.0.0 0.0.0.0 192.168.50.1
The following command is used only when IP routing is disabled:
ip default-gateway 192.168.50.1
Then on the ASA you may need some changes too. But first fix the switch configuration.
Hope to help
Giuseppe
08-11-2021 06:42 AM
That definitely fixed it! Thank you for the help. it's always something simple.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide