Solved: 2960S will reply to pings but can only ping gateway

none888 · ‎06-02-2020

Hi,

I have a 2960S switch that will reply to pings but on the local network it can only ping its gateway. It cannot ping any devices connected to its local interfaces. When I attempt to ping, it will successfully update its APR table with the appropriate MAC address. The gateway is on interface G1/0/24 though an additional switch. Devices on that switch can also ping this switch but again, this switch cannot ping them. Here is config:

Building configuration...

Current configuration : 4939 bytes
!
! NVRAM config last updated at 12:46:51 EST Tue Jun 2 2020 by admin
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Sphynx
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Ug68$KZN3zGKWu.v9VefsOyfPS/
!
username admin secret 5 $1$iF/O$gPbNg0o39MOzO6YzjmQEn/
!
!
no aaa new-model
clock timezone EST -4
switch 1 provision ws-c2960s-24ts-l
ip routing
!
!
ip domain-name *****.com
ip name-server 192.168.2.1
!
!
crypto pki trustpoint TP-self-signed-3527243008
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3527243008
revocation-check none
rsakeypair TP-self-signed-3527243008
!
!
crypto pki certificate chain TP-self-signed-3527243008
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353237 32343330 3038301E 170D3933 30333031 30303032
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35323732
34333030 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C3CF 114F9640 A8CCED4D D3BDBF89 D42FDE93 D3265459 A99791B0 54D10584
8912B1D6 832A25BA 81A75D24 49E15300 67634340 45723EA1 936022BA 583CF65F
EAEF46AB 89F4BF85 E8FA7E1C DB7B49E7 DBDC704F 341065F5 036B1890 8696FABA
C018A875 63A6B355 ED94C0B7 A8DCBA48 BBD6687D 6583BBEB E4FE9A05 765C7B35
6C0D0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 16537068 796E782E 6A757374 696E7765 6E64742E 636F6D30
1F060355 1D230418 30168014 277FBD1D 0EAF0485 C633ECA6 7CAD7D8D BEFB667F
301D0603 551D0E04 16041427 7FBD1D0E AF0485C6 33ECA67C AD7D8DBE FB667F30
0D06092A 864886F7 0D010104 05000381 810077F5 6A21F429 4AE93622 BCE5AFB4
BE7FD323 FE7022FA 713FF168 233675A4 518098FB 2C14E872 08820F9E 0C1E58FE
BF297C01 D3876067 8CD5B819 531EE5F4 2E78B74C C715E03A 97CFF1B2 E18BD76B
622255B3 9E261F04 BEAEAAAA 813BDF83 24D3499E 41A03387 39FB812F B1CEF28C
6953E293 E0E0C2AF 133A5D3F 624E6F78 A0E3
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 192.168.2.2 255.255.255.0
!
ip default-gateway 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server
ip http secure-server
!
line con 0
line vty 0 4
password 7 061600354D5A06
login local
line vty 5 15
password 7 071F2E584F1D16
login local
!
ntp clock-period 22518024
ntp server 129.128.12.20
end

balaji.bandi · ‎06-02-2020

I do not see any issue on your config high level.

what end device ? is that windows? by default windows have built-in FW, so check that and disable ( try again)

also post arp table to looking along ( show arp)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎06-02-2020

I do not see any issue on your config high level.

what end device ? is that windows? by default windows have built-in FW, so check that and disable ( try again)

also post arp table to looking along ( show arp)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L · ‎06-02-2020

I agree with B.B; it must be Firewall on PCs. check and disable for testing;

also , i don;t think u need ip route 0.0.0.0 0.0.0.0 192.168.2.1 if u have ip default-gateway 192.168.2.1

check routing table before and after , show ip route

Regards, ML
**Please Rate All Helpful Responses **

none888 · ‎06-03-2020

Thanks, you are both correct it was indeed a Windows firewall.

As per the 'ip route 0.0.0.0 0.0.0.0 192.168.2.1', I tried removing it and was unable to ping anything on the Internet. I tried removing 'ip default-gateway 192.168.2.1' and that seems to have no impact on my ability to reach the Internet. Thanks for mentioning because I had been wondering about the difference between those two statements.

It would appear that because I am running the switch as a layer 3 device that I need the 'ip route' statement rather than the 'ip default-gateway' statement.

Thanks :)

balaji.bandi · ‎06-03-2020

Thanks for letting us know it was the windows FW issue.

another thing about the routing config :

If the Switch act as only Layer 2 below command is more than enough., “IP Default-Gateway” is usually used on switches that are not L3 switches/routers or on “hosts.

ip default-gateway 192.168.2.1

If you looking more IP routing, below command give the ability to send all traffic to Gateway, “IP Route 0.0.0.0” is usually used on devices that are L3 eg Layer 3 switches/routers.

ip route 0.0.0.0 0.0.0.0 192.168.2.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help