cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1418
Views
0
Helpful
4
Replies

Cisco 2960x Vlans cannot access internet

Nick8
Level 1
Level 1

Greetings

 

While i have some knowledge of ccna, ive spent afew days now unsuccessfully configuring this 2960x switch to let its 2nd vlan access the internet (via going through vlan 1 into the primary LAN)

 

I have two vlans:

vlan 1 (default) - 172.16.0.120/24  Gi0/1 , Gi0/2 

vlan 2 - 10.0.1.1/24       Gi0/3 ~ Gi0/24 (This vlan is configured for igmp and multicast)

 

Gi0/1 is connected to the primary unmanaged network switch. The default gateway firewall also connects to this same unmanaged switch. (at 172.16.0.70)

 

When I connect my PC to Gi0/2, it can access dhcp, internet etc. without issue

 

When i connect my PC to any port in vlan 2, i cannot even ping the default gateway, let alone access the internet

 

Ive tried the following routing methods already to no success:

ip default-network 172.16.0.0

ip route 172.16.0.0 255.255.0.0 10.0.1.1 

(and quite afew variations... but i've cleared the routing table now to get a fresh restart on this)

 

Am I misunderstanding something with these routings?

 

Thanks in advance!

 

 

 

 

 

 

4 Replies 4

Alan Ng'ethe
Level 3
Level 3

Perhaps you can be a little more specific on where you are putting in these commands? ip default-network et al..?

Nevertheless, what you are attempting to do is route between vlans, aka inter-vlan routing, on a layer 2 switch -a 2960x.

You have provided little information to go on, but what i gather is that the 10 series network needs to be routed to the default gateway at 172.16.0.70.

The way i see this working is by one of two ways; and both involve changes to some of the upstream devices you have mentioned in your post.

One; since you are familiar with ccna, you may have heard of the term router on a stick. You would trunk the switches together, passing both vlans, and tagging the vlans on to the gateway device's subinterfaces.

Two; One vlan per port (on the gateway device). Connect an extra cable to the gateway device on a free port. Put in default gateway configs on that port for the 10 series network. Plug in the other end of the cable on your 2960x, on a port assigned to vlan 2. 

But i suggest this based on the little information you have provided. Perhaps if you can give some more information the more knowledgeable members of the community will propose a simpler way of doing this.

 

 

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

andresfr
Cisco Employee
Cisco Employee

Hello Nic,

 

You will need to check and/or define if the 2960-X switch will act as a layer 2 only  device or as a layer 3 switch.

 

  • Option 1: the 2960-X will act as a layer 2 switch (ip routing is disabled)

In this case you will need to configure the default gateway using the IP address of the device that will be performing the routing between the VLANs. This will also require that the interface connecting to that device is configured as a trunk interface like the router-on-stick scenario (unless that default gateway is a layer 3 device with interfaces connecting to each of the VLANs on the switch, which is not efficient).

 

configure terminal

 ip default-gateway <gateway_ip_address>

 exit

 !

 interface GiX/Y/Z

  description **TO THE GATEWAY**

  switchport encapsulation dot1q

  switchport mode trunk

  end

!

  • Option 2: the 2960-X will act as a layer 3  switch.

You will need to enable IP routing and then configure the default route using the gateway IP address as the next hop.

 

configure terminal

 ip routing

 ip route 0.0.0.0 0.0.0.0 <gateway_ip_address>

 end

!

 

The gateway should be configured in such a way that it can route between VLANs.

 

Alternatively, after enabling ip routing on the switch, you can create layer 3 VLANs (VLAN SVIs) so the switch can perform the inter-VLAN routing itself.

 

configure terminal

 interface vlan 1

  ip address <ip_address> <network_mask>

  no shut

  exit

 interface vlan 2

  ip address <ip_address> <network_mask>

  no shut

  end

!

 

You need to consider what default gateway will you be configuring to the end hosts (either statically or via DHCP) because that will be the device that will be routing among VLANs.

 

Reference links:

Configuring a gateway of last resort using IP commands

https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

 

Configuring IP unicast routing - Catalyst 2960X

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/routing/configuration_guide/b_rt_152ex_2960-x_cg/b_rt_152ex_2960-x_cg_chapter_010.html

 

Router on a stick concept

http://www.ciscopress.com/articles/article.asp?p=2169749

 

Regards,

 

 

 

 

 

I will attempt router on a stick setup to see if it works 

 

I have a half working solution right now where devices on vlan 1 ports can access internet and ping vlan 2 devices, which is "good enough" for this specific case

Ok, don't forget to include VLAN 2 subnet in the NAT rules.

 

Please let me now if you found the provided information useful.

 

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: