Solved: Re: C2960S-48FPS-L VLAN L3 Routing Issue (I think)

bpence · ‎12-29-2023

Good morning,

I am having issues with this C2960S switch. I have everything configured, as far as I can tell, correctly; however I have no routing from my VLAN 2 to the internet. This tells me there is something simple that I am missing. From within the switch, I can ping the router and I can ping all the devices attached on VLAN 1 and 2. I CANNOT, however, ping FROM VLAN 2 to the router, or any devices on the VLAN 1 network (except the VLAN 1 internal address). All the devices attached to VLAN 1 are able to ping all the devices on VLAN 2, but not vice versa. Also, my workstation is set to use the VLAN 1 internal address as the gateway and it can connect to the internet just fine.

I have attached all the outputs that I think you would ask for, but I really need your help to figure this out. Any help is appreciated greatly!

- Brian

bpence · ‎12-29-2023

Ok everyone, thanks for the help. I ended up installing a different router as the primary router (GW: 192.168.1.1), connected the google wifi router into it (yes, I know, double-NAT issues, but I can tolerate that), and added a wireless bridge to get my signal back to the new router (bypassing the google router). I then did the following:

1. Added VLAN 100 and set it's IP to 192.168.1.73.

2. ip route 0.0.0.0 0.0.0.0 192.168.1.1

3. ip default-gateway 192.168.1.1

4. added static routes for the new router of 192.168.2.0/24 to 192.168.1.73

5. added my other VLANs and added static routes in the same way in the new router for those.

Voila! So it was the router static routes that was the issue. I have all VLANs routing between each other and to the internet now. Thanks for the help. I had myself convinced that it was something I could do on the switch, alone, but those static routes in the router were something I had forgotten completely about. I haven't messed with this kind of switching/routing in around 23 years so I have forgotten a bit, it seems. I appreciate everyone pitching in and getting me where it all works!

Happy New Year and Best Wishes!

- Brian

View solution in original post

MHM Cisco World · ‎12-29-2023

Between C2960S and router use VLAN different than vlan of host'

This vlan called transit vlan' let make it vlan 100

Config vlan svi ip

And then use it for defualt router in sw

MHM

bpence · ‎12-29-2023

Why is that necessary? I am not arguing, just not sure I understand why there needs to be a separate transit VLAN. The devices on VLAN 1 have the VLAN 1 IP as the gateway and they route to the router just fine, and can ping everything on VLAN 2 just fine. Just that VLAN 2 can't get past the VLAN 1 IP.

MHM Cisco World · ‎12-29-2023

Vlan 2 host what is GW IP it use?

MHM

bpence · ‎12-29-2023

192.168.2.1. but when I do "ping 192.168.86.1 so vlan 2" on the switch, it fails. so it's even just internal to the switch, not just the hosts on vlan 2.

MHM Cisco World · ‎12-29-2023

Host vlan 1 use router as GW?

If yes then two steps to solve issue

1- change gw of host in vlan 1 to be vlan1 svi of sw

And

Config static route to vlan2 in router for retrun back traffic

MHM

bpence · ‎12-29-2023

1. My hosts on VLAN 1 use the VLAN 1 SVI as the gateway, currently, and they work fine and see the internet fine. They can ping VLAN 2 hosts fine.

2. I can't configure static routes in the router, but it shouldn't matter should it? vlan2 can't ping anything on vlan 1 except the vlan 1 SVI.

MHM Cisco World · ‎12-29-2023

Traceroute from host in vlan2

Share results here

MHM

bpence · ‎12-29-2023

traceroute -n 192.168.86.1
traceroute to 192.168.86.1 (192.168.86.1), 30 hops max, 60 byte packets
1 192.168.2.1 4.017 ms 4.193 ms 4.562 ms
2 * * *
3 * * *
...

30 * * *

PING 192.168.86.73 (192.168.86.73) 56(84) bytes of data.
64 bytes from 192.168.86.73: icmp_seq=1 ttl=255 time=2.23 ms
64 bytes from 192.168.86.73: icmp_seq=2 ttl=255 time=2.19 ms
64 bytes from 192.168.86.73: icmp_seq=3 ttl=255 time=1.64 ms
64 bytes from 192.168.86.73: icmp_seq=4 ttl=255 time=2.53 ms
^C
--- 192.168.86.73 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.644/2.149/2.531/0.319 ms

MHM Cisco World · ‎12-29-2023

traceroute to 192.168.86.1 <- dont use . 1 since it IP of router and it dont have returned back route toward SW for vlan2 use and other IP in vlan1 for traceroute and share results

MHM

bpence · ‎12-29-2023

traceroute to 192.168.86.247 (192.168.86.247), 30 hops max, 60 byte packets
1 192.168.2.1 0.560 ms 1.713 ms 1.910 ms
2 * * *

Same result.

Ruben Cocheno · ‎12-29-2023

@bpence

Login on your Google router and add a static route for 192.168.2.0/24 pointing to 192.168.86.73 (your SW on VLAN1). If you can't change it on the router and you need VLAN1 hosts to talk to VLAN 2, you must change the gateway of HOSTs in VLAN 1 to 192.168.86.73 (your SW on VLAN1).

and all should work

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

bpence · ‎12-29-2023

Unfortunately, the google nest wifi routers don't support static routes at all. Is there no way to do this without adding that?

MHM Cisco World · ‎12-29-2023

If that the case and SW dont have capability to config NAT then only solutions here is make all hosts in vlan1

This not need return static route in router for vlan2

MHM

bpence · ‎12-29-2023

Ok, how can I configure nat on vlans on the switch? I believe it has that capability.