Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
5
Helpful
2
Replies

Layer 3 Routing Issue

Go to solution
NetworkTyler
Level 1
Level 1

‎08-10-2021 07:50 PM

Hello,

I am new to Layer 3 routing. I have a Cisco 3750-24TS-S i was told to get for Layer 3 practice for CCNA. I've got the interfaces up and connected to my ASA. I can ping 8.8.8.8 from both the ASA and switch. I can ping my computer from the switch. I can also ping 8.8.8.8 from the switch and source vlan 105 (the PC vlan) without a problem. However, the PC itself cannot ping 8.8.8.8 or get to the internet. Which doesn't make sense to me that the switch can, and I can by sourcing tRouting, Routing Protocols, Catalyst Switchhe PC Vlan as well. I've pasted in the ASA and Switch configs. There is no router in use here, just a switch with SVI and ASA 5508

 

Switch-1#sh run
Building configuration...

Current configuration : 4504 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Mxbb$lyj4/KdXzL1Nz55KS5jY51
!
!
!
no aaa new-model
switch 1 provision ws-c3750-24ts
system mtu routing 1500
ip domain-name homenetwork
!
ip dhcp pool 105
   network 192.168.105.0 255.255.255.0
   dns-server 208.67.222.222 208.67.220.220
   default-router 192.168.105.1
!
!
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-3625605376
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3625605376
 revocation-check none
 rsakeypair TP-self-signed-3625605376
!
!
crypto pki certificate chain TP-self-signed-3625605376
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363235 36303533 3736301E 170D3933 30333031 30303031
  33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323536
  30353337 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100F024 E7E045D0 2EE2ECDF D7631535 73ECB7CC C487DFD1 4E2C496E 186B185B
  5966B8AB 237F6F57 2395146B F2340AEB E487E6EE F72CC11A B2DD4401 29E3604A
  6E450F4F 411C05B3 FDF0DA94 028B3FE1 2F8A087A 6125A715 6D872CBD EE32F69B
  E45A2916 84F94066 C87E5AFC 4403E9B2 628CBF23 797EBD90 A492E2CA B2F8294A
  2F8F0203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
  551D1104 18301682 14537769 7463682D 312E686F 6D656E65 74776F72 6B301F06
  03551D23 04183016 8014B3EB 311B1057 F014CBB4 C29EEEC2 18610094 285D301D
  0603551D 0E041604 14B3EB31 1B1057F0 14CBB4C2 9EEEC218 61009428 5D300D06
  092A8648 86F70D01 01040500 03818100 1DBF59B3 4207AC2D E23A9700 3F19A24B
  80CB71E4 5756B16F C72596FA 53EFAD81 4094364E 5A0D5231 E1DCC70A 8AC1D392
  8601AB5C 60BD0379 8BB8A1FF BC47D2DE F61E527D 0C71616C AE75F50F 8AC04DA7
  1235A244 A78BB1E4 61483428 70DE23F7 14E4EFD4 74B41C37 696B134B 281D4972
  6393DE06 030B8EFC 4162A8B8 B71121BC
  quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 90
ip ssh version 2
!
!
interface FastEthernet1/0/1
 description ASA Inside
 switchport access vlan 50
 switchport mode access
!
interface FastEthernet1/0/2
 description ASA Management
 switchport access vlan 110
 switchport mode access
!
interface FastEthernet1/0/3
 description Pc
 switchport access vlan 105
 switchport mode access
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
 description Server
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 110
 switchport mode trunk
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
 description Access Point 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 110
 switchport mode trunk
!
interface FastEthernet1/0/24
 description Uplink to Router GE0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
 no ip address
!
interface Vlan50
 ip address 192.168.50.2 255.255.255.0
!
interface Vlan105
 ip address 192.168.105.1 255.255.255.0
!
interface Vlan106
 description IoT
 ip address 192.168.106.1 255.255.255.0
!
interface Vlan110
 description Management
 ip address 192.168.110.1 255.255.255.128
!
interface Vlan115
 description Guest-Wifi
 ip address 172.115.1.1 255.255.255.128
!
interface Vlan150
 description Server
 ip address 192.168.150.1 255.255.255.0
!
ip default-gateway 192.168.50.1
ip classless
ip http server
ip http secure-server
!
!
vstack
alias exec sis show interface status
alias exec intb show ip interface brief
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
: Hardware:   ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
:
ASA Version 9.9(2)61
!
hostname ASA-1
domain-name homenetwork
enable password $sha512$5000$cMt5yP8wA7V8rdsiNvnCQQ==$fY3ylnPNKK1argsxMGePyw== pbkdf2
names

!
interface GigabitEthernet1/1
 description Outside
 nameif outside
 security-level 0
 ip address dhcp
!
interface GigabitEthernet1/2
 description Inside
 nameif Inside
 security-level 100
 ip address 192.168.50.1 255.255.255.0
!
interface GigabitEthernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 nameif management
 security-level 50
 ip address 192.168.110.50 255.255.255.128
!
ftp mode passive
dns server-group DefaultDNS
 domain-name homenetwork
object network obj-192.168.150.50
 host 192.168.150.50
pager lines 24
mtu outside 1500
mtu Inside 1500
mtu management 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any Inside
icmp permit any echo-reply Inside
icmp permit any management
asdm image disk0:/asdm-751-112.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network obj-192.168.150.50
 nat (outside,Inside) static 192.168.150.11
!
nat (Inside,outside) after-auto source dynamic any interface
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
route management 0.0.0.0 0.0.0.0 192.168.110.1 1
route Inside 192.0.0.0 255.0.0.0 192.168.50.2 1
route Inside 192.168.105.0 255.255.255.0 192.168.50.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.105.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.105.0 255.255.255.0 Inside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username homenetwork password $sha512$5000$qPaDG0HHLuAde37EDb5IjA==$HhqfZY7SRnnT5y0+9LXd2A== pbkdf2 privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect dns preset_dns_map
  inspect icmp
policy-map type inspect dns migrated_dns_map_2
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
!
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-10-2021 11:53 PM - edited ‎08-10-2021 11:54 PM

Hello @NetworkTyler ,

first of all you need to enabled IP routing on the switch with

 

ip routing

 

then you need a default static route pointing to the ASA address as next-hop

 

ip route 0.0.0.0 0.0.0.0 192.168.50.1

 

The following command is used only when IP routing is disabled:

 

ip default-gateway 192.168.50.1

 

Then on the ASA you may need some changes too. But first fix the switch configuration.

 

Hope to help

Giuseppe

 

View solution in original post

2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-10-2021 11:53 PM - edited ‎08-10-2021 11:54 PM

Hello @NetworkTyler ,

first of all you need to enabled IP routing on the switch with

 

ip routing

 

then you need a default static route pointing to the ASA address as next-hop

 

ip route 0.0.0.0 0.0.0.0 192.168.50.1

 

The following command is used only when IP routing is disabled:

 

ip default-gateway 192.168.50.1

 

Then on the ASA you may need some changes too. But first fix the switch configuration.

 

Hope to help

Giuseppe

 

Go to solution
NetworkTyler
Level 1
Level 1
In response to Giuseppe Larosa

‎08-11-2021 06:42 AM

That definitely fixed it! Thank you for the help. it's always something simple.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card