Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2168
Views
6
Helpful
22
Replies

C2960S-48FPS-L VLAN L3 Routing Issue (I think)

Go to solution
bpence
Level 1
Level 1

‎12-29-2023 09:49 AM

Good morning,

I am having issues with this C2960S switch.  I have everything configured, as far as I can tell, correctly; however I have no routing from my VLAN 2 to the internet.  This tells me there is something simple that I am missing.  From within the switch, I can ping the router and I can ping all the devices attached on VLAN 1 and 2.  I CANNOT, however, ping FROM VLAN 2 to the router, or any devices on the VLAN 1 network (except the VLAN 1 internal address).  All the devices attached to VLAN 1 are able to ping all the devices on VLAN 2, but not vice versa.  Also, my workstation is set to use the VLAN 1 internal address as the gateway and it can connect to the internet just fine.

I have attached all the outputs that I think you would ask for, but I really need your help to figure this out.  Any help is appreciated greatly!

- Brian

Labels:
Preview file
2 KB
Preview file
5 KB
Preview file
2 KB
Preview file
2 KB
Preview file
3 KB
Preview file
1 KB
Preview file
2 KB
Preview file
7 KB
Preview file
19 KB
0 Helpful
22 Replies 22

Go to solution
MHM Cisco World
VIP
VIP
In response to bpence

‎12-29-2023 11:11 AM

I will check this sw if it have NAT capability or not. 

Now can I see show arp in SW

0 Helpful

Go to solution
bpence
Level 1
Level 1
In response to MHM Cisco World

‎12-29-2023 11:28 AM

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.1 - 40a6.e813.fb41 ARPA Vlan2
Internet 192.168.2.2 59 44a8.4224.7816 ARPA Vlan2
Internet 192.168.2.3 0 44a8.4224.7817 ARPA Vlan2
Internet 192.168.2.4 0 44a8.4224.7818 ARPA Vlan2
Internet 192.168.2.5 0 44a8.4224.76f2 ARPA Vlan2
Internet 192.168.2.6 0 44a8.4224.76f3 ARPA Vlan2
Internet 192.168.2.7 0 44a8.4224.76f4 ARPA Vlan2
Internet 192.168.2.8 0 44a8.4224.7815 ARPA Vlan2
Internet 192.168.2.9 0 44a8.4224.76f1 ARPA Vlan2
Internet 192.168.2.10 0 Incomplete ARPA
Internet 192.168.2.75 12 4ccc.6ad8.3825 ARPA Vlan2
Internet 192.168.3.2 0 5ce9.1ee8.b889 ARPA Vlan1
Internet 192.168.3.253 0 5e8c.ee2a.0d59 ARPA Vlan1
Internet 192.168.3.254 0 0ae3.f560.cecb ARPA Vlan1
Internet 192.168.86.1 0 f81a.2b1a.0af3 ARPA Vlan1
Internet 192.168.86.22 0 343e.a47e.8c09 ARPA Vlan1
Internet 192.168.86.23 0 e02e.0b92.fc3e ARPA Vlan1
Internet 192.168.86.24 149 605b.b42a.d9d1 ARPA Vlan1
Internet 192.168.86.28 3 201f.3b9d.102d ARPA Vlan1
Internet 192.168.86.29 77 1aaf.0ec3.d508 ARPA Vlan1
Internet 192.168.86.30 142 f216.51ad.8c5d ARPA Vlan1
Internet 192.168.86.33 28 2c33.5842.944c ARPA Vlan1
Internet 192.168.86.34 77 0264.af83.814a ARPA Vlan1
Internet 192.168.86.36 1 5ca6.e6b7.e9a2 ARPA Vlan1
Internet 192.168.86.37 0 5ca6.e6d3.e6b0 ARPA Vlan1
Internet 192.168.86.38 0 b4b0.2431.4aeb ARPA Vlan1
Internet 192.168.86.39 1 5ca6.e6b7.e7b2 ARPA Vlan1
Internet 192.168.86.40 1 b4b0.244b.5082 ARPA Vlan1
Internet 192.168.86.43 94 9445.603a.41c4 ARPA Vlan1
Internet 192.168.86.44 28 e43e.d78e.9e74 ARPA Vlan1
Internet 192.168.86.45 3 b4b0.244c.d32a ARPA Vlan1
Internet 192.168.86.46 3 b4b0.244c.de29 ARPA Vlan1
Internet 192.168.86.47 2 b4b0.241d.88e3 ARPA Vlan1
Internet 192.168.86.49 0 0c8b.7d8a.7952 ARPA Vlan1
Internet 192.168.86.50 1 ac0b.fbf1.f392 ARPA Vlan1
Internet 192.168.86.51 125 ccf4.110f.2770 ARPA Vlan1
Internet 192.168.86.52 0 4c31.2d2a.4cfc ARPA Vlan1
Internet 192.168.86.53 2 b4b0.244c.dea0 ARPA Vlan1
Internet 192.168.86.54 0 f851.28a5.3857 ARPA Vlan1
Internet 192.168.86.63 98 102c.6b78.10ee ARPA Vlan1
Internet 192.168.86.65 28 b49d.fdb2.f0ae ARPA Vlan1
Internet 192.168.86.67 2 d86c.636f.b4d0 ARPA Vlan1
Internet 192.168.86.69 140 bc9e.bb69.6558 ARPA Vlan1
Internet 192.168.86.70 98 14c1.4eaf.a729 ARPA Vlan1
Internet 192.168.86.73 - 40a6.e813.fb40 ARPA Vlan1
Internet 192.168.86.74 104 0838.e6da.3c76 ARPA Vlan1
Internet 192.168.86.80 0 681d.ef36.3d19 ARPA Vlan1
Internet 192.168.86.247 4 f02f.7418.3bf3 ARPA Vlan1
Internet 192.168.86.250 98 1422.3b25.6058 ARPA Vlan1

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bpence

‎12-29-2023 11:50 AM

I believe that there are at least 2 significant issues and they both point toward the same conclusion.

- The router does not know about network 192.168.2.0. For that network to work the router needs a route to it but you can not configure that route on the router. So vlan 2 is fundamentally not usable in this environment.

- For vlan 2 devices to access the Internet there needs to be Network Address Translation for those addresses. The 2960 does not do NAT and it looks like the router can not be configured to do this for vlan 2.  So vlan 2 is fundamentally not usable in this environment.

HTH

Rick

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎12-29-2023 11:49 AM

@bpence 

That is a Layer 2 device with some short capability for Layer3, but NAT is not possible.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Go to solution
M02@rt37
VIP
VIP

‎12-29-2023 12:04 PM

Hello @bpence 

On you png file (thanks), workstation gateway is SVI 1 on L2 Switch. Instead, configure the Gw 192.168.86.1 hosted by the Router.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
bpence
Level 1
Level 1

‎12-29-2023 02:19 PM

Ok everyone, thanks for the help.  I ended up installing a different router as the primary router (GW: 192.168.1.1), connected the google wifi router into it (yes, I know, double-NAT issues, but I can tolerate that), and added a wireless bridge to get my signal back to the new router (bypassing the google router).  I then did the following:

1. Added VLAN 100 and set it's IP to 192.168.1.73.  

2. ip route 0.0.0.0 0.0.0.0 192.168.1.1

3. ip default-gateway 192.168.1.1

4. added static routes for the new router of 192.168.2.0/24 to 192.168.1.73

5. added my other VLANs and added static routes in the same way in the new router for those.

Voila!  So it was the router static routes that was the issue.  I have all VLANs routing between each other and to the internet now.  Thanks for the help.  I had myself convinced that it was something I could do on the switch, alone, but those static routes in the router were something I had forgotten completely about.  I haven't messed with this kind of switching/routing in around 23 years so I have forgotten a bit, it seems.  I appreciate everyone pitching in and getting me where it all works!

Happy New Year and Best Wishes!

- Brian

Go to solution
MHM Cisco World
VIP
VIP
In response to bpence

‎12-29-2023 02:22 PM

glad Issue solved 
happy new Year to you and your family 
MHM

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bpence

‎12-30-2023 08:21 AM

Thanks for the update. Glad to know that with different equipment that vlans are working and do have Internet access. One small point: you do need the static default route and if routing is enabled and you have configured a static default route then you do not need  ip default-gateway. With routing enabled the ip default-gateway is ignored. Having it in the config is not a problem but I suggest that you remove  ip default-gateway.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card