Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2284
Views
0
Helpful
5
Replies

2960 Switches routing vlan's

d.vinnedge
Level 1
Level 1

‎02-21-2013 09:32 AM - edited ‎03-07-2019 11:51 AM

I'll preface this by stating I'm very much a cisco beginner.  I know the basics and that's about it so here goes...

I'm in a situation where the network just doesn't seem right.  Certain tasks are unusually slow - like copying large amounts of data from one machine to another - especially if they're on different Vlans.  There is a core gigabit switch which is a pair of 3750's stacked together.  We then have five 2960's which basically uplink (trunk) into the core 3750's.  Seems like it should be a pretty simple setup.

Does the proper routing of VLAN's require a layer 3 switch?  I've been poking around the web trying to figure these switches out and what might be wrong here and it seems like the 2960's are basically layer 2 switches.  I've also seen that you need to have a minimum ios of 12.2(55) in order to do simple VLAN routing on these 2960's.  Is that the case?  All the 2960's here are ios 12.2(25) or 12.2(35).  We have 4 Vlans here.  Two are data on different subnets, one is for voice and one is for the servers heartbeat and monitoring.

To my limited knowledge and skill in this area, there doesn't seem to be any IP routing going on.  We have six remote offices all VPN tunnelled in to the home office via ASA5505's to a ASA5510.  If I'm in the core switch, I can ping all devices at the remote offices.  If I'm in any of the 2960's I cannot ping any device in any other office.  I can ping the Core though.  Any user connected to those 2960's therefore cannot access resources in other offices.

If every port is configured to be on a certain Vlan, are the 2960's actually routing properly with the ios they're using?  I can't even enable ip routing on the 2960's - it doesn't appear to be an option.  I've read that you have to do some kind of SDM PREFER command to enable IP routing but that doesn't seem to be an option given the ios the 2960's are on?

Nobody here knows much of these cisco switches and from what I've gathered different consulting compaines over the years have had their fingers in this mess and the owners don't want to pay to have yet another consulting group come in and possibly mess it up even further.  My gut is telling me these 2960's need to have their ios's upgraded.  That right now it's just a lot of bridging going on and packets just meander around the network until they hit their destination.

Any direction or at least confirmation that these 2960's with the ios they have won't handle multiple Vlan's well would be helpful.  It'll at least get me pointed in a direction to try to clean this place up.

Thank you!

Labels:
0 Helpful
5 Replies 5

m.glosson
Level 1
Level 1

‎02-21-2013 09:55 AM

The 2960s don't do VLAN routing as far as I know, no matter what verison of code you put on them. And without a layer-3 switch you can't route between VLANs, unless you use the old router-on-a-stick technique (which you shouldn't)!

The 2960s do let you confusingly configure IP on more than one SVI (switch virtual interface). But it will not route between them. The best set up is this:

  1. Configure an IP address on each VLAN on the 3750 stack.
  2. Enable ip routing on the 3750 stack.
  3. Configure everybody's default route to point at the appropriate VLAN IP address on the 3750 stack.
  4. Put only one IP address on each 2960 (but not the same one!)
  5. Configure a default route (ip route 0.0.0.0 0.0.0.0 x.x.x.x) on the 3750 stack pointing to the ASA5510
  6. Configure a default gateway (ip default-gateway x.x.x.x) on the 2960s pointing to the 3750 stack

Matt

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to m.glosson

‎02-21-2013 03:31 PM

The 2960s don't do VLAN routing as far as I know,
Yes and no.

2960 will not do dynamic routing, however, if you load 12.2(55)SE2 (and later), 2960 will support limited static routes.


http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/scg_2960.html

0 Helpful

ALIAOF_
Level 6
Level 6

‎02-21-2013 09:58 AM

You don't need routing on the 2960's.  Routing really needs to be enabled on your core which in your case are the 3550's.  And it is a simple command to enable routing on 3750's

conf t

!

ip routing

Check and see if the routing is enabled on the 3750's.  You can run the command "show ip route" and "show runn | i routing".

2960's will need to have the default gateway defined on those switches with the "ip default-gateway x.x.x.x" command.

You will have to post configs and network topology for further review.

0 Helpful

d.vinnedge
Level 1
Level 1

‎02-21-2013 12:56 PM

Routing is enabled on the Core.  The 3750 has a default route to the 5510.  It looks like all the 2950's have the same ip-default gateway which is the address of the Core.  All the 2950's have unique IP's which are all on the same subnet (Vlan).

Don't know if it makes a difference but each 2950 has the IP address under a Vlan interface.. ie:

interface Vlan103

   ip address x.x.x.x 255.255.255.0

If these 2960's really aren't doing anything regarding these Vlan's do I even need to have Vlan info them?  Anything like:

interface FastEthernet0/1

   switchport access vlan xxx

   switchport mode access

   switchport voice vlan xxy

Is something like this doing anything if the 2960's don't really route and specifically don't route Vlan traffic?

As per m.glosson's post:  All those things are done.  My question would be:  What is the appropriate Vlan address on the core that I would point the 2960's to?  If they're set on each 2960 to Vlan 103 then they should point to the Vlan 103 IP address on the core?  If so, they already are....

0 Helpful

paul driver
VIP
VIP
In response to d.vinnedge

‎02-21-2013 01:08 PM

Hello

That is correct - see below the basic setup between L3 and L2 switches for intervlan routing

Basic L3 core switch config:

ip cef

ip routing

spanning- tree mode rapid-pvst

spanning-tree vlan 1-4092 root primary

( configure SVi for all vlans - intervlan-routing)

int vlan 1 ( default native vlan)

ip address 172.16.1.1 255.255.255.0

ip route-cache

no shut

int vlan 2

ip address x.x.x.x y.y.y.y.y

ip route-cache

no shut

int vlan 3

ip address x.x.x.x y.y.y.y.y

ip route-cache

no shut

vtp mode server

vtp domain TST

vlan 2 name xxxx

exit

vlan 3 name xxxx

exit

int gigx/x

Description Link to access switch

switchport trunk encap dot1.q

switchport mode trunk

no shut

int fax/x

Description WAN link

ip address x.x.x.x y.y.y.y.y

switchport mode access

no shut

ip route 0.0.0.0 0.0.0.0 x.x.x.x ( default route to wan or Firewall next-hop)

Basic access-switch config -

no ip routing

spanning- tree mode rapid-pvst

spanning- tree portfast default

spanning-tree portfast bpduguard default

int vlan 1

Description Default management vlan)

ip address 172.16.1.2 255255.255.0

ip route-cache

no shut

int gigx/x

Description Link to core switch

switchport trunk encap dot1.q

switchport mode trunk

no shut

int range fa0/1 -12

no shut

switchport mode access

switchport access vlan 2

int range fa0/13 -24

no shut

switchport mode access

switchport access vlan 3

vtp mode client

vtp domain TST

ip default-gateway 172.16.1.1

( ip address of core svi - in this case its vlan 1)

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card