Please let us know the

Newstead Technologies Pte Ltd · ‎11-06-2016

Hi All,

Can you help me to resolve my issue. I have Cisco 2960X that act as a Core switch so it will do the routing. I already configure my switch and creating 2 VLAN, 1st VLAN (192.168.84.0/24) going outside and 2nd VLAN (192.168.80.0/24) is going to my LAN. I also configured to DHCP server for my LAN network. Using console to switch I can ping all the VLAN and I can also ping 8.8.8.8 so I have internet access on my 2960. But when I connect thru LAN network, the switch give me an IP thru DHCP but I don't have access to internet. Now, I'm stuck on it on what to do I don't know where I went wrong and what is the missing configuration. Can you help me to resolve this?. Your help is really appreciate so much. Below is my configuration of my switch.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.11.04 19:27:19 =~=~=~=~=~=~=~=~=~=~=~=

Switch#en
Switch#sh run
Building configuration...

Current configuration : 4739 bytes
!
! Last configuration change at 08:47:33 UTC Fri Nov 4 2016
! NVRAM config last updated at 10:18:10 UTC Fri Nov 4 2016
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
ip routing
!
ip dhcp pool VLAN80
network 192.168.80.0 255.255.255.0
default-router 192.168.80.1
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-730670592
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-730670592
revocation-check none
rsakeypair TP-self-signed-730670592
!
!
crypto pki certificate chain TP-self-signed-730670592
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333036 37303539 32301E17 0D313631 31303430 37303132
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3733 30363730
35393230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A55AE230 889996E4 2B1FB7CD 5F742E83 6D6205AA 964567EE D9AFDA00 5B64BFD6
BCDE125A 0799D9B3 EB0EFEF7 54A3EAE1 C954B7C5 4250931F 08CF7DBF D912C207
6431F881 BB6B4A2C 4F85FB95 3AC82806 34440B64 ECD497D0 7F2DA5D9 D4F8FEA9
E3ECFC9C DDE32586 BD0F9C22 7802B0E8 A46D94F2 28426E57 FE106437 42333FD1
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801491 1DC50CB7 40196615 EC264D9B 150AEE33 22834F30 1D060355
1D0E0416 0414911D C50CB740 196615EC 264D9B15 0AEE3322 834F300D 06092A86
4886F70D 01010505 00038181 006540C5 7B216247 6B18ACB2 623DBB4A EBEB68E8
643EEC1E 3761248A 3EBCC1BB C98DF012 9D5448BE 0A49E5DF 232F5EE6 87BBECF4
435C6AE8 D71747A7 320391B7 2BF63816 18B34105 263C6AB5 53C5DA3B FA33E103
73B6CA13 2976A215 F9555EA0 9E9FE7B9 C75A1BAF 2EE7361F D5EF7605 686F6518
8301B196 72DBF8E3 E0231042 C5
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 80
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan80
ip address 192.168.80.1 255.255.255.0
!
interface Vlan99
ip address 192.168.84.2 255.255.255.0
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.84.1
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Switch#sh ver
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E3, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 26-Aug-15 07:12 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(2r)E2, RELEASE SOFTWARE (fc1)

Switch uptime is 4 hours, 15 minutes
System returned to ROM by power-on
System restarted at 06:59:52 UTC Fri Nov 4 2016
System image file is "flash:/c2960x-universalk9-mz.152-2.E3/c2960x-universalk9-mz.152-2.E3.bin"
Last reload reason: Reload command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960X-24TS-L (APM86XXX) processor (revision K0) with 524288K bytes of memory.
Processor board ID FCW2023A2US
Last reset from power-on
3 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:56:2B:8D:26:00
Motherboard assembly number : 73-15973-02
Power supply part number : 341-0529-02
Motherboard serial number : FOC20233R06
Power supply serial number : LIT20180EH6
Model revision number : K0
Motherboard revision number : C0
Model number : WS-C2960X-24TS-L
Daughterboard assembly number : 73-14200-03
Daughterboard serial number : FOC20232NCM
System serial number : FCW2023A2US
Top Assembly Part Number : 800-41470-01
Top Assembly Revision Number : F0
Version ID : V03
CLEI Code Number : CMMMU00ARB
Daughterboard revision number : A0
Hardware Board Revision Number : 0x12

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C2960X-24TS-L 15.2(2)E3 C2960X-UNIVERSALK9-M

Configuration register is 0xF

Switch#

Richard Burts · ‎11-06-2016

The most obvious issue here is that there is no NAT configured for your 192.168.80.0 network. You have not told us what you are connected to on your 192.168.84.1 network. But pretty clearly it is doing NAT for the 192.168.84.0 network but not NAT for 192.168.80.0 network. Unless things have changed since the last time I checked the 2960 does not support doing NAT. So either you need to see if the device at 192.168.84.1 will do NAT for your 192.168.80.0 network or you need a different core switch or you need some device between the 2960 and the 192.168.84.1 that can do NAT.

HTH

Rick

HTH

Rick

Newstead Technologies Pte Ltd · ‎11-06-2016

Hi Richard I have my Firewall ASA 5506-X with ip address of 192.168.84.1.

Thanks.

Richard Burts · ‎11-06-2016

Thanks for the additional information which is helpful. If 192.168.84.1 is an ASA5506 then I am guessing that it is configured to do address translation for the 192.168.84.0 network. You just need to configure the ASA to also do address translation for the 192.168.80.0 network. You have not told us whether the ASA has a route for the 192.168.80.0 network. If it does then it should be enough to add the address translation. If it does not already have a route for the 192.168.80.0 network then you need to add this also. HTH

HTH

Rick

Newstead Technologies Pte Ltd · ‎11-06-2016

Okay I think I haven't yet add the translation to 192.168.80.0 network. I will try it and hope it's the answer. Thank you so much.

Richard Burts · ‎11-08-2016

Please let us know the results after you add the translation.

HTH

Rick

HTH

Rick

alina_scott · ‎01-18-2019

The 2960-X uses 802.1X for port-based network access control.

Thank you so much.

Cisco 2960X IP routing