Solved: can not connect internet.

_young_ · ‎05-15-2020

H ,Please Somebody help me. I get a networking problem. My cisco switch which is 2960x , can not connect internet. First thing. My network is

Fortigate 100E <----> Fortiswitch(448D-poe) <----> cisco 2960x.

FG and FS are working fine but 2960x can not connect internet.

One of FS port(port 45) is trunk port and connect to 2960x(port 48).

Trunk port are 3 vlan (native: vlan10 data, allowed vlan: vlan 20 voice,vlan 30 Wireless)

FS is working fine. But 2960x does not working. I mean can not connect internet.

2960x config

-----------------------------------

Switch#sh config
Using 2898 out of 524288 bytes
!
! Last configuration change at 23:54:12 UTC Thu May 14 2020
! NVRAM config last updated at 23:54:15 UTC Thu May 14 2020
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-48fps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
interface Port-channel1
description #### UPLINK ####
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
|

|

interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 1 mode on
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description #### DATA VLAN ####
ip address 172.168.10.254 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

-------------------------------------------

Switch#
Switch#
Switch#sh ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan10 172.168.10.254 YES NVRAM up up
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down

|

GigabitEthernet1/0/44 unassigned YES unset down down
GigabitEthernet1/0/45 unassigned YES unset down down
GigabitEthernet1/0/46 unassigned YES unset down down
GigabitEthernet1/0/47 unassigned YES unset down down
GigabitEthernet1/0/48 unassigned YES unset up up
GigabitEthernet1/0/49 unassigned YES unset down down
GigabitEthernet1/0/50 unassigned YES unset down down
GigabitEthernet1/0/51 unassigned YES unset down down
GigabitEthernet1/0/52 unassigned YES unset down down
Port-channel1 unassigned YES unset up up
Switch#

----------------- -------------------------------

sh int trunk

Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 10

Port Vlans allowed on trunk
Po1 10,20,30

Port Vlans allowed and active in management domain
Po1 10,20,30

Port Vlans in spanning tree forwarding state and not pruned
Po1 10,20,30
Switch#

--------------------------------------------------

Switch#show interface po1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is dceb.9430.2b30 (bia dceb.9430.2b30)
Description: #### UPLINK ####
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi1/0/48
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:53:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
711 packets input, 137024 bytes, 0 no buffer
Received 695 broadcasts (661 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 661 multicast, 0 pause input
0 input packets with dribble condition detected
13697 packets output, 1025018 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Switch#

=====================================================

FT interface

config switch interface
edit "port1"
set native-vlan 20
set allowed-vlans 4093
set untagged-vlans 4093
set dhcp-snooping trusted
set sflow-counter-interval 30
set snmp-index 1
next
edit "port2"
set native-vlan 10
set allowed-vlans 20,30,4093
set untagged-vlans 4093
set dhcp-snooping trusted
set sflow-counter-interval 30
set snmp-index 2
next
edit "port3"
set native-vlan 10
set allowed-vlans 20,30,4093
set untagged-vlans 4093
set sflow-counter-interval 30
set snmp-index 3
next

...

edit "IntoOut"
set native-vlan 10
set allowed-vlans 10,20,30
set loop-guard enabled
set sflow-counter-interval 30
set snmp-index 57
next

---------------------------------

I don't know why can not connect internet through 2960x.

Please help me, You can save my day.

Thank you.

_young_ · ‎05-16-2020

another thing

Switch#show ip route
Default gateway is not set

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

i

View solution in original post

Francesco Molino · ‎05-15-2020

Hi

You have 3 vlans trunked on your Cisco 2960x. Are all vlans not working or only vlan 10?

Vlan 20 and Vlan 30 have their gateway of the Fortiswitch or Fortigate I believe?

You have a SVI (L3 vlan interface) for vlan 10. Is this SVI the default gateway for your data devices? If so, you're missing a default route towards your Fortiswitch or Fortigate like:

ip route 0.0.0.0 0.0.0.0 172.168.10.x

x corresponds to IP of your fortigate/fortiswitch device in the same vlan 10. Do you have vlan 10 Layer 3 interface configured on your Fortigate or Fortiswitch?

If not and if your Cisco 2960x is your default gateway for your data endpoints, then you need to either create a L3 interface in vlan 10 on your upstream device (FG or FS) or create an interco vlan to route the traffic from your data vlan towards internet.

Before giving a configuration example for that purpose, I'll wait to know more about your upstream config.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

_young_ · ‎05-16-2020

Thank you for your email.
All vlans are not working in cisco 2960x. I mean can not connect internet.
In FS, I can connect internet,and all Vlan is working fine.
Data(Vlan 10) Ip 172.168.10.254
Voice(Vlan 20) ip 10.1.10.254
Wireless(Vlan 30 )ip 192.168.99.254

I can not make default route.
ip route 0.0.0.0 0.0.0.0 172.168.10.254
It said

Switch(config)#ip route 0.0.0.0 0.0.0.0 172.168.10.254
%Invalid next hop address (it's this router)

FG(port 6 : ip 169.254.1.1) --> FS(port45) --> Cisco(Port48)
i tried another default route
ip route 0.0.0.0 0.0.0.0 169.254.1.1
It does not working either.

and I put my public ip. xxx.xxx.xxx.xxx
it does ntot working too.

I don't know what do i miss it?
Please save me.

Georg Pauwen · ‎05-15-2020

Hello,

is the switch itself unable to e.g. ping 8.8.8.8, or are the clients connected to the Cisco not able to reach the Internet ?

You need at the very least a default gateway for the switch:

ip default-gateway x.x.x.x

where x.x.x.x is likely the Vlan 10 IP address of the Fortigate (172.168.10.x/24)...

_young_ · ‎05-16-2020

another thing

Switch#show ip route
Default gateway is not set

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

i

_young_ · ‎05-16-2020

I put default gateway

Switch#show ip route
Default gateway is 172.168.10.254

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

But it did not still work.
Please Save me.

config fiel
----------------------------------------------------
Switch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#
Switch#show conf
Using 3009 out of 524288 bytes
!
! Last configuration change at 16:24:47 UTC Fri May 15 2020
! NVRAM config last updated at 16:25:05 UTC Fri May 15 2020
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-48fps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Port-channel1
description #### UPLINK ####
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
|
|
|
.....
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 1 mode on
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description #### DATA VLAN ####
ip address 172.168.10.254 255.255.255.0
!
ip default-gateway 172.168.10.254
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 12.234.85.217
ip route 0.0.0.0 0.0.0.0 172.168.10.1
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Switch#