Solved: SVI routing on 2960x not routing to other gateway via static route

m1tchsc0tt0 · ‎12-10-2023

I am having a hard time figuring out what I am missing here. But essentially I have a cisco 2960x switch with the SDM profile for routing enabled and IProuting enabled in the config. I have 2 Vlans (vlan 2 network computers are on 192.168.2.x 255.255.255.0) and vlan 10 (trunk link to router 192.168.1.x 255.255.255.0) Each vlan has a SVI 192.168.1.4 for vlan 10 and 192.168.2.1 for vlan 2. From the PC on vlan 2 I can reach both SVIs but cannot ping the other gateway / router on vlan 10 192.168.1.1. I have a static route set for the next hop gateway. if i do a ping 192.168.1.1 source vlan 2 from the switch it still can't ping the gateway 192.168.1.1 so I don't think its the PC. My config posted below. Also the other default gateway does show up in the arp table also posted below. I feel like I am missing something simple, any help appreciated thanks.

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 0 9cc9.eb3f.c71a ARPA Vlan10
Internet 192.168.1.2 2 0008.320f.6e7d ARPA Vlan10
Internet 192.168.1.4 - 00eb.d574.cc42 ARPA Vlan10
Internet 192.168.1.5 19 d0c2.82dd.cc4f ARPA Vlan10
Internet 192.168.1.36 30 4024.b2ff.0a53 ARPA Vlan10
Internet 192.168.1.73 21 a434.d9ed.226d ARPA Vlan10
Internet 192.168.1.83 2 8c49.6212.9e6a ARPA Vlan10
Internet 192.168.1.100 35 3860.77d5.e29b ARPA Vlan10
Internet 192.168.1.114 1 b8f0.0983.766c ARPA Vlan10
Internet 192.168.1.166 23 020f.05b2.30a1 ARPA Vlan10
Internet 192.168.1.196 1 2c3f.0bda.7ad2 ARPA Vlan10
Internet 192.168.2.1 - 00eb.d574.cc41 ARPA Vlan2

Current configuration : 2292 bytes
!
! Last configuration change at 20:45:50 UTC Sun Dec 10 2023
! NVRAM config last updated at 19:55:51 UTC Thu Dec 7 2023
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging console emergencies

!
no aaa new-model
switch 1 provision ws-c2960x-24pd-l
ip routing
!
!
vtp mode transparent
!
!
!
!
!
cluster enable
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
name 192.168.2.0
!
vlan 10
name 192.168.1.0
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 2
switchport mode access
!
!
interface GigabitEthernet1/0/23
switchport trunk native vlan 10
switchport trunk allowed vlan 10
switchport mode trunk
!
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan10
ip address 192.168.1.4 255.255.255.0
!
ip http server
ip http secure-server
!
ip route profile
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
line con 0
line vty 0 4

login
line vty 5 15

!
end

MHM Cisco World · ‎12-12-2023

To clear your confuse

When I used unidirectional static route? When I use NAT

When I used two unidirectional static route? When I dont use NAT

Your SW not support NAT so you need two unidirectional static route

MHM

View solution in original post

MHM Cisco World · ‎12-10-2023

You need

Ip routing

Command to make SW use static route

MHM

MHM Cisco World · ‎12-10-2023

I missing see ip routing

Points to check

1- are trunk is UP and allow vlan 10

2-are vlan 10 UP/UP

3- why you use trunk' trunk meaning router need to use subinterface or vlan SVI (some router have vlan)' if you config otherwise it not work since router need to see tag frame and send tag frame (because of using trunk in SW)

Instead use access port vlan 10 between SW and router

MHM

M02@rt37 · ‎12-10-2023

Hello @m1tchsc0tt0

I see you enter

ip routing

command on Switch. That's perfect.

Please share router configuration.

On Router side you should have a sub interface facing the trunk swiche' interface.

As example, considering router interface is Gi0/0:

int gig 0/0

no shutdown 

int gig0/0.10

encapsulation dot1q 10

ip address 192.168.1.1 255.255.255.0

no shutdown

Also on Router, you will need a static route towards vlan 2 :

ip route 192.168.2.0 255.255.255.0 192.168.1.1

Thanks a lot.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Richard Burts · ‎12-11-2023

There are several aspects of the original post that are puzzling. It describes a device connected in vlan 2. But the arp table shown in the post sees only the switch interface in vlan 2 and no other devices. So where is the device in vlan 2 and how is it connected?

Looking at the configuration of the switch port connecting to the router as a trunk I see this "switchport trunk allowed vlan 10" Why is vlan 2 not allowed on the trunk?

The original post describes 2 vlans, identifying vlan 2 as a vlan where network computers are connected and vlan 10 as the connection to the router. The arp table shows no other connected devices in vlan 2. So where are those network computers? And there are many devices in the arp table in vlan 10. Are those devices connected on the router? Or are they access ports in the switch vlan?

HTH

Rick

balaji.bandi · ‎12-11-2023

You have posted only Switch config, but not posted the Router config here - what model router and IOS code running,

how is your configuration on the router where this switch connected - i take this as Router on Stick configuration.

check below guide can help you (still issue - post router config also)

https://www.ciscopress.com/articles/article.asp?p=3089357&seqNum=5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

m1tchsc0tt0 · ‎12-11-2023

Arp table below with computer on vlan 2. The rest of the devices on vlan 10 are connected to another switch attached to the router / gateway. The gateway/router is just a consumer router/gateway with IP address of 192.168.1.1 (not vlan capable). I made the change and changed the trunk port where the gateway/router is attached to just an access port on vlan 10. No change VLAN 2 is still not capable of pinging 192.168.1.1. VLAN 10 still fine able to ping all addresses with no issues.

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 0 9cc9.eb3f.c71a ARPA Vlan10
Internet 192.168.1.2 1 0008.320f.6e7d ARPA Vlan10
Internet 192.168.1.4 - 00eb.d574.cc42 ARPA Vlan10
Internet 192.168.1.5 30 d0c2.82dd.cc4f ARPA Vlan10
Internet 192.168.1.36 6 4024.b2ff.0a53 ARPA Vlan10
Internet 192.168.1.72 36 b0ee.7b6e.0ca9 ARPA Vlan10
Internet 192.168.1.73 28 a434.d9ed.226d ARPA Vlan10
Internet 192.168.1.83 7 8c49.6212.9e6a ARPA Vlan10
Internet 192.168.1.114 3 b8f0.0983.766c ARPA Vlan10
Internet 192.168.1.166 5 020f.05b2.30a1 ARPA Vlan10
Internet 192.168.1.196 0 2c3f.0bda.7ad2 ARPA Vlan10
Internet 192.168.2.1 - 00eb.d574.cc41 ARPA Vlan2
Internet 192.168.2.5 0 507b.9dd3.be44 ARPA Vlan2

# ping 192.168.1.1 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
Success rate is 0 percent (0/5)

MHM Cisco World · ‎12-11-2023

interface GigabitEthernet1/0/23
switchport trunk native vlan 10
switchport trunk allowed vlan 10 
switchport mode trunk

but you dont inform us what is the config of next-hop?

MHM

m1tchsc0tt0 · ‎12-12-2023

the next hop is 192.168.1.1.

MHM Cisco World · ‎12-12-2023

dont matter it IP
is it config as subinterface or as VLAN SVI ? or as router port ?

balaji.bandi · ‎12-12-2023

# ping 192.168.1.1 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
Success rate is 0 percent (0/5)

As i was thinking that Gateway 192.168.1.1 not aware how to reach back 192.168.2.1 (so make static Route Entry back to switch)

Since the VLAN 20 Only locally available on the Router (192.168.1.1)

make a Router entry route 192.168.2.0/24 towards 192.168.1.4

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

m1tchsc0tt0 · ‎12-12-2023

VLAN 2 is only on the switch 192.168.1.4 (the cisco 2960x switch). The router/gateway (192.168.1.1) the consumer device has no vlans on it it is attached to the interface g1/0/23 in access mode vlan 10 to the cisco 2960x. I am trying to get the cisco 2960x to route vlan 2 traffic to the vlan 10 gateway/router 192.168.1.1.

balaji.bandi · ‎12-12-2023

 iam trying to get the cisco 2960x to route vlan 2 traffic to the vlan 10 gateway/router 192.168.1.1.

we understand this, Switch will send VLAN 2 Traffic to 192.168.1.1 ( the device holding 192.168.1.1 should know how to reach back to 192.168.2.0/24 network) - so that where you are stuck now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎12-12-2023

Igp is bidirectional

I.e.both router know LAN behind each router

In static route it unidirectional

I.e.SW have defualt route toward SW

The route also need another static route toward SW for any vlan in SW

In not necessary router to have vlan it need only next-hop any IP of SW

MHM

m1tchsc0tt0 · ‎12-12-2023

That was my thought was to do unidirectional routing via static routes. having IP Route 0.0.0.0 0.0.0.0 192.168.1.1 on the 2960x switch I would think would get me the ability to ping 192.168.1.1 from VLAN 2 on the 2960 switch correct? But that doesn't seem to be currently working. I understand I would not be able to get to VLAN 2 from anything attached to the 192.168.1.1 router unless I add another route back to the switch there.