CISCO 2960 switch 2 VLAN one vlan not working properly

gonzalojborjasf · ‎12-02-2021

Hi guys, Im learning to work with cisco switch, this is my scenario:

vlan 10 computers

IP: 192.168.1.10 255.255.255.0

Gateway 192.168.1.1

router is 192.168.1.1

can access internet and devices and pinging normal.

getting IP from DCHP on router.

Vlan 20 cameras

IP 192.168.188.30

cameras are IP static, but I can't ping any device in the same vlan or other camera with static ip.

from console I can ping any device in vlan 10, or gateway and 8.8.8.8 can I get some guidance how to configure to learn

this is for setup a NVR with PoE cameras and computer in different vlan.

NVR IP 192.168.1.6

cameras IP: 192.168.188.2-24

Richard Burts · ‎12-02-2021

I do not fully understand your description of the issue. I could ask a series of technical questions to try to understand the issue. But I will start with a request that you post the complete current running config of the switch ( disguise any sensitive information such as Public IPs or passwords, etc).

HTH

Rick

gonzalojborjasf · ‎12-03-2021

what you want me to sent? to look for it.

my issue is vlan 20 (cameras) with static IP or any device connected to that vlan can ping any device in the same vlan, I need to be able to see vlan 10, also be able to reach internet, and reach NVR ip (192.168.188.1 and 192.168.1.6 as well

also for any reason i dont know it take long to resolve the ip from dhcp from router in vlan 10

balaji.bandi · ‎12-03-2021

Vlan 20 cameras

IP 192.168.188.30

do you have VLAN 20 created and have VLAN 20 Interface on the switch, and have ip routing enabled on the switch ?

how is your network Looks like ?

what switch is this ? is the VLAN 10 and VLAN 20 configured on the same switch ?

what is the Gateway for the Cameras ? since they belong to different subnet

you looking to Cameras to connect internet ? then on router you need to add VLAN 20 IP address in NAT. ?

Note : above questions based on the information posted

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

gonzalojborjasf · ‎12-03-2021

Thanks for your quick response, and yes, VLAN 20 camera was created and has interfaces added from Gi1/0/3-39, how enable IP routing? also cameras just have IP and subnet but no gateway, and NVR is connected in VLAN 10

setting for he NVR is this:

IP 192.168.1.106

S 255.255.255.0

GW: 192.168.1.1

internal NIC IP 192.168.188.1

both VLAN are in the same switch 2960 PoE

router is a Netgear

I didnt make any change in router yet .

all cameras were connected before thru NVR directly know I want to add a Switch and connect the camera thru the cisco 2960 switch.

Also the plan is to have 2 switches with the same vlan 10 and vlan 20 with the same configuration.

Georg Pauwen · ‎12-03-2021

Hello,

what type/model is the Netgear router ? In any case you need to set up NAT on the Netgear.

Post the running configuration (sh run) of the switch as well...

gonzalojborjasf · ‎12-05-2021

SWPIG02#sh run
Building configuration...

Current configuration : 4774 bytes
!
! Last configuration change at 03:28:12 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SWPIG02
!
boot-start-marker
boot-end-marker

no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1545340544
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1545340544
revocation-check none
rsakeypair TP-self-signed-1545340544
!
!
crypto pki certificate chain TP-self-signed-1545340544
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353435 33343035 3434301E 170D3933 30333031 30303032
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343533
34303534 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD95 45CF3638 7821BFC3 160039FE 5F30DECC 802331C1 7E862C5B AA9ED801
5EB779C1 FE285337 7E489508 FA7E714F B1C2E9B9 8524703E 34B07603 4D73B48C
060A32EE 3BEBAC2D 42D0E2A0 0FAF80E4 AA02A8C2 099198DB D4A4632A 8735D3AE
21E6009A 93B328EA 4DB58E79 D9FDA30F D39E1320 B114E43E D5A3C737 70C43D45
C7DD0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08535750 49473032 2E301F06 03551D23 04183016 80148D92
BA03E6DF 4B0841FF 26A9CDAD C451547D D64C301D 0603551D 0E041604 148D92BA
03E6DF4B 0841FF26 A9CDADC4 51547DD6 4C300D06 092A8648 86F70D01 01040500
03818100 BA0D0E88 3AAEE007 39252725 CDD51C3B 3D826C08 DE417E3E 81686020
18F83A05 C7F964E7 6F020502 461D0251 454C3B82 2E823DE1 FE7AC771 020CF3C4
2B383B7B 53B16A80 653CB237 305C2427 BF67DA38 700CD6A9 BA9C518A 946952F5
28BFA54A 383F2E4F 0BE0A1F1 7F0593A9 8B807C48 B0A74BD4 DC6004AB E1B6A6CF B7B2E890
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 10.0.0.200 255.255.255.0
!
interface Vlan10
ip address 192.168.1.40 255.255.255.0
ip helper-address 192.168.1.1
!
interface Vlan20
ip address 192.168.188.31 255.255.255.0
!
ip default-gateway 192.168.188.1
ip http server
ip http secure-server
!
!
!
!
line con 0
exec-timeout 0 0
password sweetpig32
line vty 0 4
exec-timeout 0 0
login
line vty 5 15
login

gonzalojborjasf · ‎12-05-2021

Router is a Netgear AC3200 model 8000

Georg Pauwen · ‎12-05-2021

Hello,

the Netgear cannot handle more than 1 subnet, so your IP Cameras won't be able to connect to the Internet no matter what.

Post the running configuration of the 2960 switch...can you configure:

2960#conf t

2960(config)#ip routing

?

gonzalojborjasf · ‎12-05-2021

cameras are working but just want to separate from the nvr connecting thru the switch

attached is the config run

Building configuration...

Current configuration : 4774 bytes
!
! Last configuration change at 03:28:12 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SWPIG02
!
boot-start-marker
boot-end-marker
!

!

switch 1 provision ws-c2960s-24ps-l
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1545340544
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1545340544
revocation-check none
rsakeypair TP-self-signed-1545340544
!
!
crypto pki certificate chain TP-self-signed-1545340544
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353435 33343035 3434301E 170D3933 30333031 30303032
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343533
34303534 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD95 45CF3638 7821BFC3 160039FE 5F30DECC 802331C1 7E862C5B AA9ED801
5EB779C1 FE285337 7E489508 FA7E714F B1C2E9B9 8524703E 34B07603 4D73B48C
060A32EE 3BEBAC2D 42D0E2A0 0FAF80E4 AA02A8C2 099198DB D4A4632A 8735D3AE
21E6009A 93B328EA 4DB58E79 D9FDA30F D39E1320 B114E43E D5A3C737 70C43D45
C7DD0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08535750 49473032 2E301F06 03551D23 04183016 80148D92
BA03E6DF 4B0841FF 26A9CDAD C451547D D64C301D 0603551D 0E041604 148D92BA
03E6DF4B 0841FF26 A9CDADC4 51547DD6 4C300D06 092A8648 86F70D01 01040500
03818100 BA0D0E88 3AAEE007 39252725 CDD51C3B 3D826C08 DE417E3E 81686020
18F83A05 C7F964E7 6F020502 461D0251 454C3B82 2E823DE1 FE7AC771 020CF3C4
2B383B7B 53B16A80 653CB237 305C2427 BF67DA38 700CD6A9 BA9C518A 946952F5
28BFA54A 383F2E4F 0BE0A1F1 7F0593A9 8B807C48 B0A74BD4 DC6004AB E1B6A6CF B7B2E890
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 10.0.0.200 255.255.255.0
!
interface Vlan10
ip address 192.168.1.40 255.255.255.0
ip helper-address 192.168.1.1
!
interface Vlan20
ip address 192.168.188.31 255.255.255.0
!
ip default-gateway 192.168.188.1
ip http server
ip http secure-server
!
!
!
!
line con 0
exec-timeout 0 0
password sweetpig32
line vty 0 4
exec-timeout 0 0
login
line vty 5 15
login

gonzalojborjasf · ‎12-08-2021

I post the run configuration already

gonzalojborjasf · ‎12-08-2021

Well actually I typed correctly and did not work, I have been reading and apparently Catalyst 2960s don't support that option of IP ROUTING or the firmware version perhaps, can you clarify that. I still have the issue

gonzalojborjasf · ‎12-05-2021

here is the sh run config

Georg Pauwen · ‎12-05-2021

Hello,

make the changes marked in bold. Your cameras won't have access to the Internet, but at least you can access them from the other Vlans:

SWPIG02#sh run
Building configuration...

Current configuration : 4774 bytes
!
! Last configuration change at 03:28:12 UTC Mon Jan 2 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SWPIG02
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$dtQW$7UK7ZBsi7YWLwQEJhoWKI/
!
username admin privilege 15 secret 5 $1$sq39$SEx366nsxfQ.1mZFj4jLo.
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
--> ip routing
!
crypto pki trustpoint TP-self-signed-1545340544
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1545340544
revocation-check none
rsakeypair TP-self-signed-1545340544
!
crypto pki certificate chain TP-self-signed-1545340544
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353435 33343035 3434301E 170D3933 30333031 30303032
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343533
34303534 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD95 45CF3638 7821BFC3 160039FE 5F30DECC 802331C1 7E862C5B AA9ED801
5EB779C1 FE285337 7E489508 FA7E714F B1C2E9B9 8524703E 34B07603 4D73B48C
060A32EE 3BEBAC2D 42D0E2A0 0FAF80E4 AA02A8C2 099198DB D4A4632A 8735D3AE
21E6009A 93B328EA 4DB58E79 D9FDA30F D39E1320 B114E43E D5A3C737 70C43D45
C7DD0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08535750 49473032 2E301F06 03551D23 04183016 80148D92
BA03E6DF 4B0841FF 26A9CDAD C451547D D64C301D 0603551D 0E041604 148D92BA
03E6DF4B 0841FF26 A9CDADC4 51547DD6 4C300D06 092A8648 86F70D01 01040500
03818100 BA0D0E88 3AAEE007 39252725 CDD51C3B 3D826C08 DE417E3E 81686020
18F83A05 C7F964E7 6F020502 461D0251 454C3B82 2E823DE1 FE7AC771 020CF3C4
2B383B7B 53B16A80 653CB237 305C2427 BF67DA38 700CD6A9 BA9C518A 946952F5
28BFA54A 383F2E4F 0BE0A1F1 7F0593A9 8B807C48 B0A74BD4 DC6004AB E1B6A6CF B7B2E890
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 10.0.0.200 255.255.255.0
!
interface Vlan10
ip address 192.168.1.40 255.255.255.0
ip helper-address 192.168.1.1
!
interface Vlan20
ip address 192.168.188.31 255.255.255.0
!
--> ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
line con 0
exec-timeout 0 0
password sweetpig32
line vty 0 4
exec-timeout 0 0
login
line vty 5 15
login

Richard Burts · ‎12-05-2021

@Georg Pauwen makes 2 good suggestions.

I agree that the change to add

ip routing

to the config is essential.

His second suggestion addresses the fact that the original switch config used

ip default-gateway

to define how to access remote subnets. When you enable ip routing then default-gateway is ignored. So you need a different way to configure access to remote subnets. The original config used 192.168.188.1 as the gateway. The suggestion from Georg uses 1923168.1.1 as the gateway. I am not clear about your environment and therefore am not clear which of these would be the best choice.

HTH

Rick