The last few days I've been exploring options in getting rid of some old routers accross a wan connections.  I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch.  I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect.  I'll post the config and a few commands so you can see what the basic setup is.  I imagine there is a very simple solution I am overlooking.

I have a 10.3.x.x network which is what this switch is in (IP 10.3.3.110)

To test no switchport I used FE0/15 and gave it 10.7.1.1, then plugged in a cat 2960 into that port.

I have a laptop plugged into the 2960 switch which has a ip of 10.7.1.2, and gateway of 10.7.1.1.

The laptop can ping all devices on the lan and even devices across the WAN connected on FE0/5. (10.1.1.1 and 10.2.2.1)

I however cannot ping the default gateway 10.3.3.254 (ASA)

PC (10.7.1.2) <--> cat 2960 <--> (10.7.1.1 no switchport) Cat 3560 <-- X --> ASA (10.3.3.254) <--> Internet

3560 config

!

ip routing

!

interface FastEthernet0/1 (ASA here, ASA goes to the ISP)

!

interface FastEthernet0/13  (routing port created to make a 10.7.x.x lan for this test)

no switchport

ip address 10.7.1.1 255.255.0.0

!

interface Vlan1

ip address 10.3.3.110 255.255.0.0

!

router eigrp 1

network 10.3.3.110 0.0.0.0

redistribute connected

!

ip route 0.0.0.0 0.0.0.0 10.3.3.254

!

There are a few other things going on in the switch but nothing which should effect this.  That is the basic config more or less.  Below is the routes via eigrp, 10.3.3.254 (ASA) is the default.

#show ip route

Gateway of last resort is 10.3.3.254 to network 0.0.0.0

     10.0.0.0/16 is subnetted, 4 subnets

D       10.2.0.0 [90/28928] via 10.3.3.1, 06:00:16, Vlan1

C       10.3.0.0 is directly connected, Vlan1

D       10.1.0.0 [90/28672] via 10.3.3.1, 06:00:16, Vlan1

C       10.7.0.0 is directly connected, FastEthernet0/13

     192.168.1.0/30 is subnetted, 2 subnets

D       192.168.1.8 [90/3072] via 10.3.3.1, 06:00:16, Vlan1

D       192.168.1.4 [90/3328] via 10.3.3.1, 06:00:16, Vlan1

S*   0.0.0.0/0 [1/0] via 10.3.3.254

#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.3.3.10               0   000e.0c31.f806  ARPA   Vlan1

Internet  10.3.3.3                0   0050.569b.1bc9  ARPA   Vlan1

Internet  10.3.3.1                0   0013.19d3.5340  ARPA   Vlan1

Internet  10.7.1.1                -   001f.9eb3.fc41  ARPA   FastEthernet0/13

Internet  10.7.1.2                0   0025.645c.69cd  ARPA   FastEthernet0/13

Internet  10.3.3.4                0   0050.569b.0b2d  ARPA   Vlan1

Internet  10.3.3.20               7   0022.1912.0c2f  ARPA   Vlan1

Internet  10.3.3.21               0   001c.2359.0b5d  ARPA   Vlan1

Internet  10.3.3.41               0   0014.3887.ef8f  ARPA   Vlan1

Internet  10.3.3.39              24   000e.7f3b.6887  ARPA   Vlan1

Internet  10.3.11.61              0   0021.70f8.dbae  ARPA   Vlan1

Internet  10.3.3.110              -   001f.9eb3.fc40  ARPA   Vlan1

Internet  10.3.3.254              0   0013.c482.5665  ARPA   Vlan1

Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).

I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254.  Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254).

Thoughts?