Please put here results of:

James Burger · ‎12-01-2015

Hello All,

I am assisting my local charity organization with their network. My network skills are basic, so I need assistance with configuring a Cisco c2960 series switch for InterVLAN.

Requirements: Local Broadband Router LAN IP: 10.0.0.1/24

VLAN 10: LAN Devices 10.0.10.0/24 DHCP

VLAN 20: Wireless for the Employees 10.0.20.0/24 DHCP

VLAN 21: Free Access / Guest Wireless 10.0.21.0/24 DHCP Internet Only

VLAN 88: Management VLAN

I have my DHCP pools configured and issuing addresses on VLAN 20 (testing so far). I can ping the other VLAN gateways, but I can not ping my default gateway.

On VLAN 21: I have not configured an ACL.

On VLAN 88: I have never attempted to move the management from VLAN 1 to VLAN 88 in fear that my configuration will not be correct.

I would appreciate any assistance and feedback!

Below is a sample of my config:

ip routing
ip dhcp excluded-address 10.0.10.150 10.0.10.254
ip dhcp excluded-address 10.0.10.1 10.0.10.99
!
ip dhcp pool 20
network 10.0.20.0 255.255.255.0
default-router 10.0.20.1
dns-server 10.0.0.1
lease 7
!
ip dhcp pool 10
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 10.0.0.1
lease 7
!
ip dhcp pool 21
network 10.0.21.0 255.255.255.0
default-router 10.0.21.1
dns-server 8.8.8.8
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/13
description Wireless AP#
switchport mode trunk
!
interface GigabitEthernet1/0/14
description Wireless AP#
switchport mode trunk
!
interface GigabitEthernet1/0/24
description Router
!
interface Vlan1
ip address 10.0.0.250 255.255.255.0
!
interface Vlan10
ip address 10.0.10.1 255.255.255.0
!
interface Vlan20
ip address 10.0.20.1 255.255.255.0
!
interface Vlan21
ip address 10.0.21.1 255.255.255.0
!
interface Vlan88
ip address 10.0.88.254 255.255.255.0
!
ip default-gateway 10.0.0.1
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1

Richard Bradfield · ‎12-01-2015

check port gi1/0/24 is configured as a switchport, I think it is by default

did you ping the gateway from the switch?

can you see the gateway with a " sh ip arp" command? it might not respond to pings.

can you configure the local broadband router? it might only accept input from the 10.0.0.0/24 network

that's a few things to start with

Richard.

James Burger · ‎12-07-2015

Hi Richard,

I just am able to get over to their office.

Switch#
Switch#sh ip arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 10.0.0.1                0   6aee.96c7.fae5 ARPA   Vlan1
Internet 10.0.0.169              0   28d2.445a.2ae7 ARPA   Vlan1
Internet 10.0.0.189              0   7c7a.9106.9573 ARPA   Vlan1
Internet 10.0.0.250              -   3c0e.23eb.c440 ARPA   Vlan1
Internet 10.0.10.1               -   3c0e.23eb.c441 ARPA   Vlan10
Internet 10.0.20.1               -   3c0e.23eb.c442 ARPA   Vlan20
Internet 10.0.20.2             250   984b.e1e7.de0e ARPA   Vlan20
Internet 10.0.21.1               -   3c0e.23eb.c443 ARPA   Vlan21
Internet 10.0.88.254             -   3c0e.23eb.c446 ARPA   Vlan88
Switch#

Switch#ping 10.0.0.1 source vlan 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.250
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/14 ms
Switch#ping 10.0.0.1 source vlan 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.20.1
.....
Success rate is 0 percent (0/5)
Switch#

Richard Bradfield · ‎12-07-2015

James,

the fact you can ping 10.0.0.1 from vlan 1 and not vlan 20, indicates that 10.0.0.1 device needs routes setup to your internal vlans.

Alexey Prilutskiy · ‎12-02-2015

Please show me your sh ver output from the switch.

Cisco 2960 is a layer 2 switch, not layer 3. So it can't do intervlan routing. It can be used in "router-on-the-stick" scheme.

James Burger · ‎12-02-2015

Hi Alexey,

Thank you for taking time to assist me!

This is from my notes. I am not onsite daily to be able to run show version.

The model is a ws-c2960x-24ps-l and the

iOS version is c2960x-universalk9-m, ver. 15.0(2) ex4-fc1

Thank you again for the assistance!

Alexey Prilutskiy · ‎12-03-2015

Ok, you have Lan Base feature set. So, your switch can make intervlan routing. What ip address did you recieve during VLAN20 test?

James Burger · ‎12-03-2015

Hi Alexey,

I did receive 10.0.20.3 on my test laptop and was able to ping all of the VLAN Gateways (10.0.10.1, 10.0.20.1 and 10.0.21.1).

From 10.0.20.3, I was not able to ping 10.0.0.1 (or past it). When I ran a tracert, the packet died at 10.0.20.1, so that lead me to believe I had to routing out to 10.0.0.1 (eventhough I have defined it as my gateway of last resort). From the switch CLI, I can ping 10.0.0.1.

Question, since Port 24 is the port I have connected to their cable modem, do I need to create a sepeate VLAN, say for example, VLAN 2, and assign Port 24 as a trunk port that is native on Vlan2 (sorry...just thinking out loud)?

Ganesh Hariharan · ‎12-03-2015

Hello James,

Have you made SDM prefer template as lan bas routing before starting this l3 vlan routing configuration.

In order to 2960 to make inter vlan routing, make sure you have prefered sdm template from default to lan base routing.

(conft)#sdm prefer template lan base routing

(conft)#wr mem

(conft)# reload

and then do your configuration . Hopefully it shoudl work like charm.

-GI

Rate if it Helpss.

James Burger · ‎12-07-2015

Hello Ganesh,

I was not aware of creating this template. Would this create an issue now if I created the template after the fact? Should I erase the configuration and start over again, creating the SDM template first?

Thanks!

Ganesh Hariharan · ‎12-08-2015

Hello James, If it still not working and it is still not in production then try SDM template command as per my earlier post. Have a look in the below link for detailed explanation on how to enable SDM https://www.youtube.com/watch?v=psYQQT3iMDg Hope it Helps... -GI Rate if it Helpss

Alexey Prilutskiy · ‎12-03-2015

Please put here results of:

sh int vlan 1

sh ip route

ping 10.0.0.1 source vlan 1

James Burger · ‎12-07-2015

Hi Alexey,

Switch#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 3c0e.23eb.c440 (bia 3c0e.23eb.c440)
Internet address is 10.0.0.250/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 20000 bits/sec, 7 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
     1093851 packets input, 390350867 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     18287 packets output, 1466052 bytes, 0 underruns
     0 output errors, 2 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
Switch#

Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.0.0.1
      10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Vlan1
L        10.0.0.250/32 is directly connected, Vlan1
C        10.0.10.0/24 is directly connected, Vlan10
L        10.0.10.1/32 is directly connected, Vlan10
C        10.0.20.0/24 is directly connected, Vlan20
L        10.0.20.1/32 is directly connected, Vlan20
C        10.0.21.0/24 is directly connected, Vlan21
L        10.0.21.1/32 is directly connected, Vlan21
C        10.0.88.0/24 is directly connected, Vlan88
L        10.0.88.254/32 is directly connected, Vlan88
Switch#

Switch#
Switch#ping 10.0.0.1 source vlan 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.250
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/14 ms
Switch#

Switch#
Switch#ping 10.0.0.1 source vlan 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.20.1
.....
Success rate is 0 percent (0/5)
Switch#

Ganesh Hariharan · ‎12-02-2015

Hello,

Aggree with Alexey, 2960 series switches are L2 and can only be used at access layer for access vlan configiration.

It is always recommend to use this switch uplink connection with an L3 devices for inter vlan routing.

Hope it Helps..

-GI

Assistance with InterVLAN configuration with a cable modem