Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8807
Views
0
Helpful
2
Replies

3850 ip routing command and Firewall

Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-24-2017 01:27 AM - edited ‎03-08-2019 09:29 AM

I was setting up a 3850 switch connected with firewall.

here is the setup swtich

vlan 100

vlan 200

vlan 500

interface 100

ip address 192.168.100.254 255.255.255.0

no shut

interface 200

ip address 192.168.200.254 255.255.255.0

no shut

interface vlan 500

ip address 192.168.50.254 255.255.255.0

no shut

interfacec gig 1/0/5

description LINK TO FIREWALL INTERFACE

swtich mode access

swtich access vlan 500

ip route 0.0.0.0 0.0.0.0 192.168.1.253

-----------------------------------------------------

Firewall

on firewall interface gig 1/0/2

nameif inside

secuirty level 100

ip add 192.168.50.253 255.255.255.0

no shut

route inside 192.168.0.0 255.255.0.0 192.168.50.254

--------------------------------------------------------------------------

ok from the above setup from firewall i can ping the swtich SVI but at the same time on vlan 100 i have around 5 host connected and i can not ping from firewall to these addresses for example 192.168.100.1, 192.168.100.2 but i can ping 192.168.100.254 the SVI of switch. please also note i gave a command to swtich

after spending few hours. i issused a command on swtich ip routing on 3850 swtich and everything start working. could some one please explain what could be the casue of this issue. i could not understand this. why ip rouitng fix the issue. wasnt this network a layer 2 only.....

please do not forget to rate.
Labels:
0 Helpful
2 Replies 2

Julio E. Moisa
VIP Alumni
VIP Alumni

‎02-24-2017 08:55 AM

Hi

the IP routing command is used to enable the routing on the switch on a switch layer 3, by default it is disabled.

if you are going to use static or dynamic routing that command line must be enabled before.

based on your config, you are using static route to reach a destination, so ip routing command line must be enabled globally on the switch to allow the communication between the subnets of each devices. It will not affect your layer 2 capabilities.

Remember if the switch is working as layer 2 the subnets will not be able to communicate with others, a layer 3 device is required to complete that. 

This link is related: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_58_se/configuration/guide/2960scg/swipstatrout.html

please rate the comment if it was useful.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-26-2017 08:44 AM

Hi,

Agree with Julio, Ip routing feature is by default disabled and in order make the routing functionality working on device or inter vlan routing to ping different vlans via the same device.

IP routing command need to be enabled vlans which require communication can easily do via the centre device.

Hope it Helps..

-GI

0 Helpful
Customers Also Viewed These Support Documents