core switch config help with client default gateway

keith.magyar1 · ‎11-14-2016

I have clients on an edge switch that cannot seem to be able to use a default gateway of 10.3.92.254. The current state is one that we are migrating from which has everthing in vlan1. Those clients use 172.16.0.2. Can anyone tell me what am I missing?

Two congifs copied below;

Edge Switch Config - ws-2960-24pc-s

!
hostname S-DAYACCNT
!
boot-start-marker

!
!
ip domain-name globe-motors.com
ip name-server 172.16.200.14
ip name-server 172.16.200.46
!

!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp run
!
ip ssh authentication-retries 5
!
interface FastEthernet0/1
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/2
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/3
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/4
description ADMIN FAX
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/6
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/7
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/8
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/9
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/10
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/11
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/12
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/13
description 3RD FLOOR CONF ROOM DATA PORT
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/14
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/15
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/16
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/17
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/18
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/19
description ACCT FAX ATA
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/20
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/21
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/22
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/23
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface FastEthernet0/24
description Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,2,11,75,119
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,2,11,75,119
switchport mode trunk
!
interface Vlan1
ip address 172.16.0.29 255.255.0.0
no ip route-cache
!
interface Vlan119
description US-DAY-GEN
ip address 10.3.92.29 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.0.2
ip http server
ip http authentication local
ip http secure-server
logging trap debugging
logging 172.16.200.124
snmp-server community monitor RO
snmp-server community CactiMonitoring RO
snmp-server location Dayton,OH
!
control-plane
!
!

!
ntp clock-period 36029817
ntp server 172.16.200.14
end

S-DAYACCNT#

Core Switch Config WS-C3750X-48P-S

!
hostname USDAYCORE
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$sat3$INN4OF0IT/nbLHXHcuqOY/
!
username core privilege 15 secret 5 $1$
username misadmin privilege 15 password 7
!
!
no aaa new-model
clock timezone EST -5
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
!
!
ip domain-name globe-motors.com
ip name-server 172.16.200.14
ip name-server 172.16.200.46
ip device tracking
!
!

spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
port-channel load-balance src-dst-ip
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 5
lldp run
!
class-map match-all VOIP
!
!
policy-map Voice
!
!
!
interface Port-channel1
description Barracuda LAG
!
interface Port-channel2
description DAYIAP2_DRAFT01
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,21,75
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1
description DAYIAP3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
spanning-tree portfast disable
!
interface GigabitEthernet1/0/2
description MIS Desktop PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description MIS Desktop PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/5
description WIFI AP DAYIAP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/6
description AT&T MPLS NETWORK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/7
description Darren Taylor_202
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,75,119
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/8
description DAYIAP5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
spanning-tree portfast disable
!
interface GigabitEthernet1/0/9
description DAYBACKUP_BARRACUDA
channel-group 1 mode active
!
interface GigabitEthernet1/0/10
description DAYBACKUP_BARRACUDA
channel-group 1 mode active
!
interface GigabitEthernet1/0/11
description test
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/12
description DAYIAP2_DRAFT1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
spanning-tree portfast disable
!
interface GigabitEthernet1/0/13
description DAYIAP4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
spanning-tree portfast disable
!
interface GigabitEthernet1/0/14
description MIS Client PC
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
description S-Day1Flr1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/17
description Guest_Wifi VLAN 75
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,11,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/18
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
description S-DayTestLab
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,25,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/22
description Darren Taylor on 119
switchport access vlan 119
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
duplex full
!
interface GigabitEthernet1/0/24
description Connection to 2800 Router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
description Meraki LAN2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,6,10,11,18,20,25,30,75,119,122
switchport mode trunk
!
interface GigabitEthernet1/0/30
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/31
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/32
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/33
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/34
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
description GuestTest
switchport access vlan 75
switchport mode access
!
interface GigabitEthernet1/0/37
description WIFI AP DAYIAP6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/38
description OWNCLOUD
switchport trunk allowed vlan 1,11
!
interface GigabitEthernet1/0/39
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/40
description S-DAYACCT
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/41
description S-DayLab2Flr
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/42
description Uplink to S-Day3Flr
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
!
interface GigabitEthernet1/0/43
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,119
switchport mode trunk
!
interface GigabitEthernet1/0/44
description DAYIAP1_AIRHND1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,21,75,119
switchport mode trunk
spanning-tree portfast disable
!
interface GigabitEthernet1/0/45
description PRIMARY IPLEX
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet1/0/46
description BACKUP IPLEX
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet1/0/47
description SKYCUBE_CBTS_SIP
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet1/0/48
description SANNetwork Trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,11,25,119,200
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
description Data Network
ip address 172.16.0.2 255.255.0.0
!
interface Vlan2
description Voice Network
ip address 192.168.16.1 255.255.255.0
!
interface Vlan5
description 3CX_Phone
ip address 192.168.5.1 255.255.255.0
!
interface Vlan11
description US-DAY-SRV
ip address 10.3.1.254 255.255.255.0
!
interface Vlan19
description Foundry
no ip address
!
interface Vlan20
description TestEnv
ip address 172.20.0.1 255.255.0.0
ip access-group DenyVLAN out
!
interface Vlan21
description US-DAY-GST
no ip address
!
interface Vlan25
description SANNetwork
ip address 172.25.0.1 255.255.0.0
!
interface Vlan75
description Guest Wireless
ip address 192.168.75.1 255.255.255.0
ip access-group RestrictGuestWireless in
!
interface Vlan119
description US-DAY-GEN
ip address 10.3.92.254 255.255.255.0
!
interface Vlan200
description EMC_SAN_NETWORK
ip address 172.200.0.1 255.255.0.0
!
!
router eigrp 2275
network 172.16.0.0
eigrp stub connected summary
!
ip default-gateway 172.16.0.2
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.11
ip route 10.10.18.0 255.255.255.0 172.16.0.3
ip route 10.10.19.0 255.255.255.0 172.16.0.3
ip route 10.10.21.0 255.255.255.0 172.16.0.3
ip route 10.10.22.0 255.255.255.0 172.16.0.3
ip route 10.140.1.0 255.255.255.0 10.3.1.1
ip route 10.140.92.0 255.255.255.0 10.3.1.1
ip route 72.75.211.132 255.255.255.255 10.10.1.1
ip route 172.19.0.0 255.255.0.0 172.16.0.3
ip route 172.22.0.0 255.255.0.0 172.16.0.6
ip route 172.23.0.0 255.255.0.0 172.23.0.1
ip route 172.23.253.0 255.255.255.0 172.16.0.6
ip route 172.25.1.0 255.255.255.0 172.16.0.3
ip route 172.31.0.0 255.255.0.0 172.16.0.6
ip route 172.32.0.0 255.255.0.0 172.16.0.10
ip route 172.200.0.0 255.255.0.0 172.16.0.6
ip route 192.168.4.0 255.255.255.0 172.16.0.3
ip route 192.168.18.0 255.255.255.0 192.168.16.5
ip route 192.168.19.0 255.255.255.0 192.168.16.3
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended RestrictGuestWireless
permit ip 192.168.75.0 0.0.0.255 host 172.16.0.2
permit ip 192.168.75.0 0.0.0.255 host 172.16.0.9
permit ip 192.168.75.0 0.0.0.255 host 172.16.0.15
permit ip host 172.16.6.14 192.168.75.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 172.18.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 172.19.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 172.23.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 172.21.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 172.200.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 10.10.18.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 10.10.19.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 10.10.20.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 10.10.21.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 10.10.22.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 10.10.0.0 0.0.255.255
deny ip 192.168.75.0 0.0.0.255 192.168.16.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 192.168.18.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 192.168.19.0 0.0.0.255
deny ip 192.168.75.0 0.0.0.255 192.168.17.0 0.0.0.255
permit ip any any
permit ip 192.168.75.0 0.0.0.255 host 192.168.75.2
permit ip host 192.168.75.0 0.0.0.246 172.16.0.9
permit ip host 192.168.75.0 0.0.0.253 192.168.75.2
!
ip sla enable reaction-alerts
logging 172.16.6.14
snmp-server community private RO
snmp-server community monitor RO
snmp-server location dayton,oh
snmp-server contact tech@globe-motors.com
snmp ifmib ifindex persist
!
!
line con 0
line vty 0 4
session-timeout 120
exec-timeout 120 0
login local
transport input telnet ssh
line vty 5 15
session-timeout 120
exec-timeout 120 0
login local
transport input telnet ssh
!
ntp clock-period 36027188
ntp server 172.16.200.46
end

USDAYCORE#

Any help is appreciated.

Reza Sharifi · ‎11-14-2016

Try deleting

ip default-gateway 172.16.0.2

first and than add

ip default-gateway 10.3.92.254

and than test.

HTH

keith.magyar1 · ‎11-14-2016

If I do that, does that mean I need to add

ip default-gateway 10.3.1.254 as well for servers that are on vlan11?

Reza Sharifi · ‎11-14-2016

No, all you need is one gateway. Looking at the switch config you have the following configured which means you want to switch from vlan 1 to vlan 119. If this is the case than you need to change the gateway on that switch to be in 10.3.92.254 which is the SVI on the core switch. Is that what you are trying to do?

interface Vlan1
ip address 172.16.0.29 255.255.0.0
no ip route-cache
!
interface Vlan119
description US-DAY-GEN
ip address 10.3.92.29 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.0.2

keith.magyar1 · ‎11-14-2016

Yes, this is what I want to do. But what gateway would I give something in VLAN11 which is 10.3.1.0/24? I have a Meraki MX100 with vlan11 clients using the gateway at the MX appliance 10.3.1.1. Shouldnt I have a gateway to use at my core switch? To lighten the traffic on the MX by keeping local LAN requests concentrated at the core?

pwwiddicombe · ‎11-15-2016

Remember, the default gateway on the switch is to reach the switch as a device, not to assist clients.

I do see you haven't added the new network to EIGRP 2275, so those clients on the new 10.3.92.x network won't get far; unless upstream you have static routes (which you probably DON'T want to do).

Clients are getting the proper gateway assigned, that matches their IP address subnet; or do clients have static IP addresses? I don't see helper-addresses defined.

paul driver · ‎11-15-2016

Hello

The core switch will provide the inter-vlan routing, And I can see you have the L3 svi for vlan 1, 11, 119 among others, so as long as the vlan database is propagated to the access switches and allowed across the trunks and the access ports are assigned to the correct access vlan all should be good.

sh vlan brief
sh int trunk

You only require one management L3 address on the access switches and ip routing should disabled and the hosts should have correct addressing relative to L3 svi of the core switch as their D/G

No ip routing ( access switches)

Lastly on the core switch you will need to add the L3 addressing into the eigrp for advertising the lan subnets, Here I would be more specific with that advertisement and not use classful network statements but instead more specific ones.

router eigrp 2275
no auto summary
network 172.16.0.2 0.0.0.0
network 192.168.16.1 0.0.0.0
network 192.168.5.1 0.0.0.0
network 10.3.1.254 0.0.0.0
network 172.25.0.1 0.0.0.0
network 192.168.75.1 0.0.0.0
network 10.3.92.254 0.0.0.0
network 172.200.0.1 0.0.0.0
no network 172.16.0.0

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul