Can you post the

cl800 · ‎10-16-2014

Hi all,

I don't have a lot of experience with Cisco IOS so apologies for simple questions or oversights.

I'm playing around with a C2960 running c2960-lanbasek9-mz.122-58.SE2 that supports routing. I added a couple of vlans (we'll call them vlan100, vlan200, etc...) in addition to vlan1 that is created by default. The vlan IP's assigned to vlan1 is 192.168.1.10, vlan100 is 192.168.10.1, vlan200 is 192.168.20.1)

ip routing is enabled.

When I put a host on vlan100, it can ping the ip address of vlan1 (192.168.1.10) but nothing else on that vlan. As my default gateway is on vlan1, hosts on vlan100 get no internet access.

Any pointers on where I should be looking?

Mandlenkosi Nkiwane · ‎10-16-2014

Can you post the configuration you have on your router?

Are you running a routing protocol?

Did you configure static routes?

If you could provide the above info, then people can be able to help.

Thanks,

Manny.

cl800 · ‎10-16-2014

Here the running config:

Current configuration : 6695 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname 2960-48
!
boot-start-marker
boot-end-marker
!

no aaa new-model
clock timezone PST -8 0
clock summer-time PDT recurring
system mtu routing 1500
ip routing
!
ip dhcp pool vlan300
network 192.168.30.0 255.255.255.0
!
ip dhcp pool vlan200
network 192.168.20.0 255.255.255.0
!
ip dhcp pool vlan100
network 192.168.10.0 255.255.255.0
dns-server 192.168.1.1
default-router 192.168.10.1
!
!
ip domain-name
ip name-server 192.168.1.1
!
!
crypto pki trustpoint TP-self-signed-4139531008
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4139531008
revocation-check none
rsakeypair TP-self-signed-4139531008
!
!
crypto pki certificate chain TP-self-signed-4139531008
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313339 35333130 3038301E 170D3933 30333031 30303030
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31333935
33313030 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CCFC 311BE7D2 97D686D2 AE592CB5 0E162942 4EACF063 83DB39EC 3C01039B
E829874E 8900CDF2 AACC461C EC945BBD 5FDAC71A BAF9B8B8 66F43569 A8A3150C
A34688A6 BCA92F86 6729878C 25B2582C FC0F5180 C47FA54C F509C207 DC3CAB27
FB901E3C F668C3B2 3A2661BC 13DEC101 95436713 41C16FCA 736129B3 354E73E4
B5770203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E323936 302D3438 2E626163 6B796172 64732E61 73757363
6F6D6D2E 636F6D30 1F060355 1D230418 30168014 7AC8F096 788E3315 464DE0B4
B559A99B 6E2FA0B1 301D0603 551D0E04 1604147A C8F09678 8E331546 4DE0B4B5
59A99B6E 2FA0B130 0D06092A 864886F7 0D010104 05000381 810093DF 73503D4D
50F3B475 B40C43FA 7D598492 C9152086 C3E0E3FD E367AF36 F7EAFFF2 37832E41
91B39AA7 97FE01E7 86555AA2 4A17E272 9907B20F DDFA69AF 0416E9B7 10D78946
7686BBC5 61ED809E DADB889C 90ACCD7E 7754FBB8 C0F67834 1BD2707F 2C9AA103
C7038FAB B606E917 3F8558AD B2DE44F7 F98ED536 9046593E 901A
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport mode access
!
interface FastEthernet0/8
switchport mode access
!
interface FastEthernet0/9
switchport mode access
!
interface FastEthernet0/10
switchport mode access
!
interface FastEthernet0/11
switchport mode access
!
interface FastEthernet0/12
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/28
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/29
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/30
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/31
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/32
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/33
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/34
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/35
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/36
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/37
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/38
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/39
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/40
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/41
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/42
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/43
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/44
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/45
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/46
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/47
switchport access vlan 300
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet0/1
switchport mode access
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.10 255.255.255.0
!
interface Vlan20
no ip address
!
interface Vlan100
ip address 192.168.10.1 255.255.255.0
!
interface Vlan200
ip address 192.168.20.1 255.255.255.0
!
interface Vlan300
ip address 192.168.30.1 255.255.255.0
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
logging esm config
!
line con 0
!
end

jc84_ · ‎10-16-2014

Hi There,

It could be that the VLAN is not 'UP'. If you do not have any devices connected to an interface in VLAN200 and VLAN1000 - then the VLAN interface will be down/down.

'show interface vlan100'

'show interface vlan200'

The output from these commands will tell you if the interface is UP. Just ensure you have a device in a port of each.

Please rate helpful posts and correct answers.

cl800 · ‎10-16-2014

Yes - thanks for the reply, I'm aware of this and I always make sure that the interface and protocol are up. I believe my ability to ping vlan1 ip interface address (192.168.1.10) from 192.168.10.2 would imply that the interface is up. I don't understand why I can ping this particular address in vlan1 but no other addresses there. It's as though there is something unique about vlan1's ip address 192.168.1.10.

jc84_ · ‎10-16-2014

Ok. So with a PC in VLAN 1 and configured with an address in the 192.168.1.x/24 range you can successfully ping the SVI in VLAN 100 of 192.168.10.1?

cl800 · ‎10-17-2014

Thanks - good point. In fact, I cannot ping from a PC in vlan1 to the SVI 192.168.10.1. I can only specifically ping from a PC in 192.168.10.x/24 to the SVI of vlan1.

houtan haddadlarijani · ‎10-19-2014

It seems hosts in vlan 100 and vlan 200 receive their ip addresses via DHCP server that are defined by you.

In your running configuration for vlan100 and vlan 200 DHCP servers you have not defined default-router. Therefore hosts in these vlans can't access outside their subnet.

Defining default-gateway on your host or in your dhcp server configuration as SVI ip address on their respective VLANs will solve your problem

Mandlenkosi Nkiwane · ‎10-19-2014

I will have to concur with Houtan, if vlan 200 and 300 are getting their DHCP information from the router, then you need to define the default-router on the configuration of the DHCP pool:

ip dhcp pool vlan300
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
!
ip dhcp pool vlan200
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1

Hope this helps...

Manny.

Mandlenkosi Nkiwane · ‎10-16-2014

the easiest way to fix this is using a routing protocol by doing the following:

Configure a routing protocol e.g OSPF, EIGRP e.t.c

For example:

router ospf 1

network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

network 192.168.20.0 0.0.0.255 area 0

network 192.168.30.0 0.0.0.255 area 0

or simply by static routes to each network...

e.g

ip route 192.168.30.0 255.255.255.0 Vlan 300

Thanks,

Manny.

Fabio N. · ‎10-16-2014

Did you configure route to 192.168.10.0 and 192.168.20.0 on VLAN 1 devices?

jc84_ · ‎10-16-2014

<moved>

Cisco 2960 inter-vlan routing - unable to ping hosts