Solved: Can ping device from switch but cannot ping from switch to device?

Si the Wi-Fi guy · ‎03-14-2025

Hi there,

I am not sure what is going wrong and I am losing my mind.

Factory reset a Catalyst 3560-C for building a small network.
Attempting to upgrade the switch's code version by TFTPing the code to the switch but I am having a nightmare getting communication between the switch and PC I am running TFTP server on.
I am able to ping from the attached device (MacBook via ethernet adaptor) to the switch without issue however when I attempt to ping from the switch to the MacBook, I get no response.

I have configured the MacBook to have IP address 10.0.0.2 255.255.255.0 and use 10.0.0.1 as router address.
I have configured VLAN 500 on switch with IP address 10.0.0.1 255.255.0 and use 10.0.0.2 as default gateway and put the VLAN on int gi0/1.
Switch is connected to MacBook via gi0/1.

More complications - I am unable to manipulate the FW settings on the MacBook. What I would like is if people could validate that the switch config looks sensible and that the issue is likely in the MacBook's Firewall.

Cheers.

This is the switch's config:
Current configuration : 2784 bytes
!
! Last configuration change at 00:01:08 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1576767360
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1576767360
revocation-check none
rsakeypair TP-self-signed-1576767360
!
!
crypto pki certificate chain TP-self-signed-1576767360
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353736 37363733 3630301E 170D3036 30313032 30303031
31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35373637
36373336 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009E19 ED852F8E 621EB8E7 73195084 5C7E9B69 49E287AC DF854B88 EAF6333F
85AB4AE4 2468148F 81058530 A27172DF 787F1641 0649AB28 A5D583D7 CEB2B9A9
6368CAD9 12026444 15730E97 E2C8FDE6 6150486D B0660CCC 79E1AEBC 5F087BDA
94E4FBD2 6AC3519A 35976368 082648B7 98D5385A 88B8DE84 9A1FE382 DE759F39
0D7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 145CADF4 DF47F8F8 61992D85 B1274F5D 07A83206 F5301D06
03551D0E 04160414 5CADF4DF 47F8F861 992D85B1 274F5D07 A83206F5 300D0609
2A864886 F70D0101 05050003 8181004C 398404EC A5D7ECCD D0B87C05 11AACE4A
6A7EA336 2BF4F70B 9A8645C7 60ABA754 92F277AE 394AF631 6551667C 14D48F74
1F40630B 35524C2E 073E45CE 83A48A8C CE66BC79 446F3C60 C8CF55E3 FBA1080C
0B5C407E 8F93A241 D56A858D 31E88158 6F403F2B 445E3E0D 0949B85B BF9139CE
62A65F2B FEE39894 2B43F070 5FFC0B
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
switchport access vlan 500
switchport trunk encapsulation dot1q
switchport mode access
ip arp inspection trust
ip dhcp snooping trust
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan500
ip address 10.0.0.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.2
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip scp server enable
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end

Si the Wi-Fi guy · ‎03-15-2025

Solved it lads. Neither the simplified config or removing switchport trunk encapsulation dot1q resolved the issue or changed it's behaviour in any way.

Tried an alternative device with a Firewall I can manage and hey presto, works great. Classic device firewall issues for the win. Was just doubting the config in a moment of madness.

Thanks for the suggestions.

View solution in original post

Georg Pauwen · ‎03-14-2025

Hello,

try the simplified config below:

Current configuration : 2784 bytes
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
no ip route-cache
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip scp server enable
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end

M02@rt37 · ‎03-14-2025

Hello @Si the Wi-Fi guy

On gig0/1 you have switchport mode access, which means the interface is an access port (only carries a single VLAN).

So, do no switchport trunk encapsulation dot1q under int gig0/1.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Si the Wi-Fi guy · ‎03-15-2025

Solved it lads. Neither the simplified config or removing switchport trunk encapsulation dot1q resolved the issue or changed it's behaviour in any way.

Tried an alternative device with a Firewall I can manage and hey presto, works great. Classic device firewall issues for the win. Was just doubting the config in a moment of madness.

Thanks for the suggestions.