cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1637
Views
0
Helpful
18
Replies

No internet connection in client side after replacing 3750 with 3850 switch

pnawaskhan
Level 1
Level 1

Recently we brought a Cisco 3850 switch to replace our 3750 core switch which is having additional Cisco 2960 switches connected through Fiber cable.

I did all the configuration from my Cisco 3850 switch as my Cisco 3750 switch. The internet is connected through cyberoam 200ing firewall with 3750 switch. all the client SVI will get internet thorough their own gateway IP's.

     when i replace with Cisco 3850 the clients are not connecting to internet. But 3850 is connected to internet. but the client is are not connecting to the internet. If i give the gateways in the client to firewall interface ip then it is connecting to internet. Any help highly appreciated.

We have two vlans

1.Vlan 172 - 172.16.2.0 255.255.252.0 and gateway 172.16.2.1

2.vlan 173 - 192.168.100.0 255.255.255.0 and gateway 192.168.100.1

Firewall interface IP is 172.16.2.252

Switch ip is 172.16.2.1

Thanks in advances. Please find the attached file for config detail.

 

18 Replies 18

Jaderson Pessoa
VIP Alumni
VIP Alumni

@pnawaskhan  hello,

 

Let me do some questions;

 

Which device is doing your routing?  3850 or FIREWALL?

 

If your 3850, check it;

 

NAT CONFIGURATION for vlan 2

DEFAULT ROUTE directing to firewall

ROUTE BACK from your firewall to your 3850

 

if your FIREWALL, check it;

RULE on lan configuration on your firewall allowing 192.168.100.0 255.255.255.0

NAT Outbound in to this network 192.168.100.0 255.255.255.0

 

If possible,

 

Post current configuration here.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Please check the config details below. I do not need to do anything on firewall. Because i am just replacing the switch with same config. With cisco 3750 my network is working well now. I need to increace and replace the ports and so to replace with cisco 3850 switch.

Thanks for your reply. please check my other reply to get the config details

Hello,

 

post the full configuration of the switch. Do you have ip routing enabled and a default route pointing to firewall ?

Sorry to everyone. The below is config detail of my 3750 switch

Central-SW#show configuration
Using 5650 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Central-SW
!
boot-start-marker
boot-end-marker
!
enable password uytre
!
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip routing
!
!
--More--  !
--More--  !
--More--  crypto pki trustpoint TP-self-signed-3288000640
--More--   enrollment selfsigned
--More--   subject-name cn=IOS-Self-Signed-Certificate-3288000640
--More--   revocation-check none
--More--   rsakeypair TP-self-signed-3288000640
--More--  !
--More--  !
--More--  crypto pki certificate chain TP-self-signed-3288000640
--More--   certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer
--More--  !
--More--  !
--More--  !
--More--  !
--More--  spanning-tree mode pvst
--More--  spanning-tree extend system-id
--More--  spanning-tree vlan 1 priority 24576
--More--  !
--More--  vlan internal allocation policy ascending
--More--  !
--More--  ip ftp username nawaskhan
--More--  ip ftp password qanitha_2013
--More--  !
--More--  !
--More--  !
--More--  interface GigabitEthernet1/0/1
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/2
--More--   description Connected_to_Cyberoam
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/3
--More--   description DHCP_SERVER
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/4
--More--   description Connected_TO_Switch_3COM
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/5
--More--   description {Connected_to_Users}
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/6
--More--   description {Connected_to_Users}
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/7
--More--   description {Connected_to_Users}
--More--   switchport access vlan 173
--More--   switchport mode access
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/22
--More--   switchport access vlan 172
--More--   switchport mode access
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/23
--More--   switchport access vlan 172
--More--   switchport mode access
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/24
--More--   switchport access vlan 172
--More--   switchport mode access
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/25
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/26
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/27
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/0/28
--More--   switchport access vlan 172
--More--   switchport trunk encapsulation dot1q
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface Vlan1
--More--   no ip address
--More--   ip policy route-map User
--More--  !
--More--  interface Vlan100
--More--   no ip address
--More--  !
--More--  interface Vlan101
--More--   no ip address
--More--   ip helper-address 192.168.100.25
--More--   ip policy route-map Server
--More--  !
--More--  interface Vlan172
--More--   ip address 172.16.2.1 255.255.252.0
--More--  !
--More--  interface Vlan173
--More--   ip address 192.168.100.1 255.255.255.0
--More--  !
--More--  interface Vlan216
--More--   ip address 192.168.216.1 255.255.255.0
--More--  !
--More--  interface Vlan400
--More--   ip address 1.1.1.1 255.255.255.0
--More--  !
--More--  interface Vlan500
--More--   ip address 3.1.1.1 255.255.255.0
--More--  !
--More--  interface Vlan501
--More--   ip address 4.1.1.1 255.255.255.0
--More--  !
--More--  ip classless
--More--  ip route 0.0.0.0 0.0.0.0 Vlan501
--More--  ip route 0.0.0.0 0.0.0.0 Vlan500
--More--  ip route 0.0.0.0 0.0.0.0 200.1.1.2
--More--  ip route 0.0.0.0 0.0.0.0 172.16.2.252
--More--  ip route 172.16.10.0 255.255.255.0 172.16.2.252
--More--  ip route 192.168.2.0 255.255.255.0 1.1.1.2
--More--  ip route 192.168.100.0 255.255.255.0 172.16.2.252
--More--  ip route 192.168.216.0 255.255.255.0 172.16.2.252
--More--  ip http server
--More--  ip http secure-server
--More--  !
--More--  !
--More--  ip sla enable reaction-alerts
--More--  route-map Server permit 10
--More--   match ip address 101
--More--   set ip next-hop 3.1.1.2
--More--  !
--More--  route-map User permit 20
--More--   match ip address 102
--More--   set ip next-hop 4.1.1.2
--More--  !
--More--  !
--More--  !
--More--  !
--More--  line con 0
--More--  line vty 0 4
--More--   password c1sc0
--More--   login
--More--  line vty 5 15
--More--   login
--More--  !
--More--  end
--More--  
Central-SW#
Central-SW#
Central-SW#
Central-SW#
Central-SW#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
100 First1 active
101 Second active
172 Users active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24
173 Mutkamil_SERVER active Gi1/0/7, Gi1/0/14
216 ERP_SERVER active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
--More--  1 enet 100001 1500 - - - - - 0 0
--More--  100 enet 100100 1500 - - - - - 0 0
--More--  101 enet 100101 1500 - - - - - 0 0
--More--  172 enet 100172 1500 - - - - - 0 0
--More--  173 enet 100173 1500 - - - - - 0 0
--More--  216 enet 100216 1500 - - - - - 0 0
--More--  1002 fddi 101002 1500 - - - - - 0 0
--More--  1003 tr 101003 1500 - - - - - 0 0
--More--  1004 fdnet 101004 1500 - - - ieee - 0 0
--More--  1005 trnet 101005 1500 - - - ibm - 0 0
--More--  
--More--  Remote SPAN VLANs
--More--  ------------------------------------------------------------------------------
--More--  

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Central-SW#
Central-SW#
Central-SW#
Central-SW#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.2.252 to network 0.0.0.0

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.10.0/24 [1/0] via 172.16.2.252
C 172.16.0.0/22 is directly connected, Vlan172
S 192.168.216.0/24 [1/0] via 172.16.2.252
C 192.168.100.0/24 is directly connected, Vlan173
S* 0.0.0.0/0 [1/0] via 172.16.2.252
Central-SW#end
Translating "end"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
Central-SW#exit

This is my 3850 switch config

Central-SW#show configurstion       uration
Using 11751 out of 2097152 bytes
!
! Last configuration change at 11:32:20 UTC Sun Mar 24 2019
! NVRAM config last updated at 11:32:31 UTC Sun Mar 24 2019
!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Central-SW
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$wV4R$SyFLa5Bp8EUPOXJvoNv7U1
--More--  !
--More--  no aaa new-model
--More--  switch 1 provision ws-c3850-48t
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  crypto pki trustpoint TP-self-signed-3800458157
--More--   enrollment selfsigned
--More--   subject-name cn=IOS-Self-Signed-Certificate-3800458157
--More--   revocation-check none
--More--   rsakeypair TP-self-signed-3800458157
--More--  !
--More--  !
--More--  crypto pki certificate chain TP-self-signed-3800458157
--More--   certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
--More--  !
--More--  license boot level lanbasek9
--More--  diagnostic bootup level minimal
--More--  spanning-tree mode rapid-pvst
--More--  spanning-tree extend system-id
--More--  !
--More--  !
--More--  username cisco privilege 15 one-time password 0 FOC2218L0TK
--More--  !
--More--  redundancy
--More--   mode sso
--More--  !
--More--  !
--More--  !
--More--  class-map match-any system-cpp-police-topology-control
--More--   description Topology control
--More--  class-map match-any system-cpp-police-sw-forward
--More--   description Sw forwarding, SGT Cache Full, LOGGING
--More--  class-map match-any system-cpp-default
--More--   description DHCP snooping, show forward and rest of traffic
--More--  class-map match-any system-cpp-police-sys-data
--More--   description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
--More--  class-map match-any system-cpp-police-punt-webauth
--More--   description Punt Webauth
--More--  class-map match-any system-cpp-police-forus
--More--   description Forus Address resolution and Forus traffic
--More--  class-map match-any system-cpp-police-multicast-end-station
--More--   description MCAST END STATION
--More--  class-map match-any system-cpp-police-multicast
--More--   description Transit Traffic and MCAST Data
--More--  class-map match-any system-cpp-police-l2-control
--More--   description L2 control
--More--  class-map match-any system-cpp-police-dot1x-auth
--More--   description DOT1X Auth
--More--  class-map match-any system-cpp-police-data
--More--   description ICMP_GEN and BROADCAST
--More--  class-map match-any system-cpp-police-control-low-priority
--More--   description ICMP redirect and general punt
--More--  class-map match-any system-cpp-police-wireless-priority1
--More--   description Wireless priority 1
--More--  class-map match-any system-cpp-police-wireless-priority2
--More--   description Wireless priority 2
--More--  class-map match-any system-cpp-police-wireless-priority3-4-5
--More--   description Wireless priority 3,4 and 5
--More--  class-map match-any non-client-nrt-class
--More--  class-map match-any system-cpp-police-routing-control
--More--   description Routing control
--More--  class-map match-any system-cpp-police-protocol-snooping
--More--   description Protocol snooping
--More--  !
--More--  policy-map port_child_policy
--More--   class non-client-nrt-class
--More--   bandwidth remaining ratio 10
--More--  policy-map system-cpp-policy
--More--   class system-cpp-police-data
--More--   police rate 200 pps
--More--   class system-cpp-police-sys-data
--More--   police rate 100 pps
--More--   class system-cpp-police-sw-forward
--More--   police rate 1000 pps
--More--   class system-cpp-police-multicast
--More--   police rate 500 pps
--More--   class system-cpp-police-multicast-end-station
--More--   police rate 2000 pps
--More--   class system-cpp-police-punt-webauth
--More--   class system-cpp-police-l2-control
--More--   class system-cpp-police-routing-control
--More--   police rate 1800 pps
--More--   class system-cpp-police-control-low-priority
--More--   class system-cpp-police-wireless-priority1
--More--   class system-cpp-police-wireless-priority2
--More--   class system-cpp-police-wireless-priority3-4-5
--More--   class system-cpp-police-topology-control
--More--   class system-cpp-police-dot1x-auth
--More--   class system-cpp-police-protocol-snooping
--More--   class system-cpp-police-forus
--More--   class system-cpp-default
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  !
--More--  interface GigabitEthernet0/0
--More--   vrf forwarding Mgmt-vrf
--More--   no ip address
--More--   negotiation auto
--More--  !
--More--  interface GigabitEthernet1/0/1
--More--   switchport access vlan 172
--More--   switchport mode trunk
--More--  !
--More--  interface GigabitEthernet1/0/2
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/3
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/4
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/5
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/6
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/7
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/8
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/9
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/10
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/11
--More--   switchport access vlan 173
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/12
--More--   switchport access vlan 173
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/13
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/14
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/15
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/16
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/17
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/18
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/19
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/20
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/21
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/22
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/23
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/24
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/25
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/26
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/27
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/28
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/29
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/30
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/31
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/32
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/33
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/34
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/35
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/36
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/37
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/38
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/39
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/40
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/41
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/42
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/43
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/44
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/45
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/46
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/47
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/0/48
--More--   switchport access vlan 172
--More--   switchport mode access
--More--  !
--More--  interface GigabitEthernet1/1/1
--More--   switchport access vlan 172
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/1/2
--More--   switchport access vlan 172
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/1/3
--More--   switchport access vlan 172
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface GigabitEthernet1/1/4
--More--   switchport access vlan 172
--More--   switchport trunk allowed vlan 172,173
--More--   switchport mode trunk
--More--   spanning-tree portfast
--More--  !
--More--  interface TenGigabitEthernet1/1/1
--More--  !
--More--  interface TenGigabitEthernet1/1/2
--More--  !
--More--  interface TenGigabitEthernet1/1/3
--More--  !
--More--  interface TenGigabitEthernet1/1/4
--More--  !
--More--  interface Vlan1
--More--   no ip address
--More--  !
--More--  interface Vlan100
--More--   no ip address
--More--  !
--More--  interface Vlan101
--More--   no ip address
--More--   ip helper-address 192.168.100.25
--More--  !
--More--  interface Vlan172
--More--   ip address 172.16.2.1 255.255.252.0
--More--  !
--More--  interface Vlan173
--More--   ip address 192.168.100.1 255.255.255.0
--More--  !
--More--  interface Vlan216
--More--   ip address 192.168.216.1 255.255.255.0
--More--  !
--More--  interface Vlan400
--More--   ip address 1.1.1.1 255.255.255.0
--More--  !
--More--  interface Vlan500
--More--   ip address 3.1.1.1 255.255.255.0
--More--  !
--More--  interface Vlan501
--More--   ip address 4.1.1.1 255.255.255.0
--More--  !
--More--  ip forward-protocol nd
--More--  ip http server
--More--  ip http authentication local
--More--  ip http secure-server
--More--  ip ftp username nawaskhan
--More--  ip ftp password welcome_123
--More--  ip route 0.0.0.0 0.0.0.0 172.16.2.252
--More--  ip route 0.0.0.0 0.0.0.0 Vlan501
--More--  ip route 0.0.0.0 0.0.0.0 Vlan500
--More--  ip route 0.0.0.0 0.0.0.0 200.1.1.2
--More--  ip route 172.16.10.0 255.255.255.0 172.16.2.252
--More--  ip route 192.168.2.0 255.255.255.0 1.1.1.2
--More--  ip route 192.168.100.0 255.255.255.0 172.16.2.252
--More--  ip route 192.168.216.0 255.255.255.0 172.16.2.252
--More--  !
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
--More--   permit tcp any any eq 22
--More--   permit tcp any any eq 465
--More--   permit tcp any any eq 143
--More--   permit tcp any any eq 993
--More--   permit tcp any any eq 995
--More--   permit tcp any any eq 1914
--More--   permit tcp any any eq ftp
--More--   permit tcp any any eq ftp-data
--More--   permit tcp any any eq smtp
--More--   permit tcp any any eq pop3
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
--More--   permit udp any any range 16384 32767
--More--   permit tcp any any range 50000 59999
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
--More--   permit tcp any any range 2300 2400
--More--   permit udp any any range 2300 2400
--More--   permit tcp any any range 6881 6999
--More--   permit tcp any any range 28800 29100
--More--   permit tcp any any eq 1214
--More--   permit udp any any eq 1214
--More--   permit tcp any any eq 3689
--More--   permit udp any any eq 3689
--More--   permit tcp any any eq 11999
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
--More--   permit tcp any any range 2000 2002
--More--   permit tcp any any range 5060 5061
--More--   permit udp any any range 5060 5061
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
--More--   permit tcp any any eq 443
--More--   permit tcp any any eq 1521
--More--   permit udp any any eq 1521
--More--   permit tcp any any eq 1526
--More--   permit udp any any eq 1526
--More--   permit tcp any any eq 1575
--More--   permit udp any any eq 1575
--More--   permit tcp any any eq 1630
--More--   permit udp any any eq 1630
--More--   permit tcp any any eq 1527
--More--   permit tcp any any eq 6200
--More--   permit tcp any any eq 3389
--More--   permit tcp any any eq 5985
--More--   permit tcp any any eq 8080
--More--  !
--More--  ip sla enable reaction-alerts
--More--  !
--More--  route-map server permit 10
--More--   match ip address 101
--More--  !
--More--  route-map server permit 20
--More--   match ip address 102
--More--  !
--More--  !
--More--  control-plane
--More--   service-policy input system-cpp-policy
--More--  !
--More--  !
--More--  no vstack
--More--  !
--More--  line con 0
--More--   exec-timeout 0 0
--More--   password c1sc0
--More--   login
--More--   stopbits 1
--More--  line aux 0
--More--   stopbits 1
--More--  line vty 0 4
--More--   password c1sc0
--More--   login
--More--  line vty 5 15
--More--   password c1sc0
--More--   login
--More--  !
--More--  ntp server 34.208.249.133
--More--  !
--More--  wsma agent exec
--More--  !
--More--  wsma agent config
--More--  !
--More--  wsma agent filesys
--More--  !
--More--  wsma agent notify
--More--  !
--More--  !
--More--  !
--More--  pnp profile pnp_cco_profile
--More--   transport https ipv4 52.203.231.173 port 443
--More--  ap dot11 airtime-fairness policy-name Default 0
--More--  ap group default-group
--More--  ap hyperlocation ble-beacon 0
--More--  ap hyperlocation ble-beacon 1
--More--  ap hyperlocation ble-beacon 2
--More--  ap hyperlocation ble-beacon 3
--More--  ap hyperlocation ble-beacon 4
--More--  end
--More--  
Central-SW#
Central-SW#
Central-SW#
Central-SW#show c vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
172 VLAN0172 active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24, Gi1/0/25, Gi1/0/26
Gi1/0/27, Gi1/0/28, Gi1/0/29
Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35
Gi1/0/36, Gi1/0/37, Gi1/0/38
Gi1/0/39, Gi1/0/40, Gi1/0/41
Gi1/0/42, Gi1/0/43, Gi1/0/44
Gi1/0/45, Gi1/0/46, Gi1/0/47
Gi1/0/48, Gi1/1/1, Gi1/1/2
Gi1/1/3, Gi1/1/4
173 VLAN0173 active Gi1/0/11, Gi1/0/12
1002 fddi-default act/unsup
--More--  1003 token-ring-default act/unsup
--More--  1004 fddinet-default act/unsup
--More--  1005 trnet-default act/unsup
--More--  
--More--  VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
--More--  ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
--More--  1 enet 100001 1500 - - - - - 0 0
--More--  172 enet 100172 1500 - - - - - 0 0
--More--  173 enet 100173 1500 - - - - - 0 0
--More--  1002 fddi 101002 1500 - - - - - 0 0
--More--  1003 tr 101003 1500 - - - - - 0 0
--More--  1004 fdnet 101004 1500 - - - ieee - 0 0
--More--  1005 trnet 101005 1500 - - - ibm - 0 0
--More--  
--More--  Remote SPAN VLANs
--More--  ------------------------------------------------------------------------------
--More--  

My network client have internet working well with cisco 3750 core switch. The problem is cisco 3850 switch. When i replace with 3850 switch the clients not having internet.All the client having gateway of the switch IP(172.16.2.1).

In the 3850 switch having internet in itself.But the clients are not connecting to internet

@pnawaskhan hello

 

When you input your 3850 your clients are able to ping own gateway?  you mentioned that is 172.16.2.1, right?  If yes, and the firewall, that you said that is 172.16.2.254.

 

Could you share to us the output from:

 

show ip route

 

Thanks

 

Jaderson Pessoa
*** Rate All Helpful Responses ***

Yes Sir. Actually if i put my firewall interface IP address 172.16.2.254 in to my clients system then the internet is working. My switch IP address (in this case both Cisco 3750 or Cisco 3850 )172.16.2.1 is the gateway for my all client through my DHCP 172.16.2.5 server.

       With cisco 3750 is working under this setup. But cisco 3850 is not able to give internet to client systems. From 3850 switch i could ping my firewall interface and 8.8.8.8 as well.

alright,

 

Could you run commands below and tell to us what the result?

 

sw_3850(config): vlan 172

sw_3850(config-vlan): exit

sw_3850(config): ip routing

 

show ip route

 

 

Regards,

 

 

Jaderson Pessoa
*** Rate All Helpful Responses ***

in which switch?

my 3750 is working fine and below is the output of them

Central-SW#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.2.252 to network 0.0.0.0

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.10.0/24 [1/0] via 172.16.2.252
C 172.16.0.0/22 is directly connected, Vlan172
S 192.168.216.0/24 [1/0] via 172.16.2.252
C 192.168.100.0/24 is directly connected, Vlan173
S* 0.0.0.0/0 [1/0] via 172.16.2.252

 

 

My cisco 3850 is not connected to network. Because i need a down time do to this

I know, but you have problem with 3850.

When you have a time to do it, please, do and tell what a result.


Regards,
Jaderson Pessoa
*** Rate All Helpful Responses ***

Central-SW#show ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 172.16.2.252 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 172.16.2.252
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
C 172.16.0.0/22 is directly connected, Vlan172
L 172.16.2.1/32 is directly connected, Vlan172
S 172.16.10.0/24 [1/0] via 172.16.2.252
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan173
L 192.168.100.1/32 is directly connected, Vlan173
S 192.168.216.0/24 [1/0] via 172.16.2.252

Central-SW#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan172 172.16.2.1 YES NVRAM up up
Vlan173 192.168.100.1 YES NVRAM up up
Vlan216 192.168.216.1 YES NVRAM up down
GigabitEthernet0/0 unassigned YES unset down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset down down
GigabitEthernet1/0/12 unassigned YES unset down down
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
--More--  GigabitEthernet1/0/17 unassigned YES unset down down
--More--  GigabitEthernet1/0/18 unassigned YES unset down down
--More--  GigabitEthernet1/0/19 unassigned YES unset up up
--More--  GigabitEthernet1/0/20 unassigned YES unset down down
--More--  GigabitEthernet1/0/21 unassigned YES unset down down
--More--  GigabitEthernet1/0/22 unassigned YES unset down down
--More--  GigabitEthernet1/0/23 unassigned YES unset down down
--More--  GigabitEthernet1/0/24 unassigned YES unset down down
--More--  GigabitEthernet1/0/25 unassigned YES unset up up
--More--  GigabitEthernet1/0/26 unassigned YES unset down down
--More--  GigabitEthernet1/0/27 unassigned YES unset down down
--More--  GigabitEthernet1/0/28 unassigned YES unset down down
--More--  GigabitEthernet1/0/29 unassigned YES unset down down
--More--  GigabitEthernet1/0/30 unassigned YES unset down down
--More--  GigabitEthernet1/0/31 unassigned YES unset down down
--More--  GigabitEthernet1/0/32 unassigned YES unset down down
--More--  GigabitEthernet1/0/33 unassigned YES unset down down
--More--  GigabitEthernet1/0/34 unassigned YES unset down down
--More--  GigabitEthernet1/0/35 unassigned YES unset down down
--More--  GigabitEthernet1/0/36 unassigned YES unset down down
--More--  GigabitEthernet1/0/37 unassigned YES unset down down
--More--  GigabitEthernet1/0/38 unassigned YES unset down down
--More--  GigabitEthernet1/0/39 unassigned YES unset down down
--More--  GigabitEthernet1/0/40 unassigned YES unset down down
--More--  GigabitEthernet1/0/41 unassigned YES unset down down
--More--  GigabitEthernet1/0/42 unassigned YES unset up up
--More--  GigabitEthernet1/0/43 unassigned YES unset down down
--More--  GigabitEthernet1/0/44 unassigned YES unset up up
--More--  GigabitEthernet1/0/45 unassigned YES unset down down
--More--  GigabitEthernet1/0/46 unassigned YES unset up up
--More--  GigabitEthernet1/0/47 unassigned YES unset down down
--More--  GigabitEthernet1/0/48 unassigned YES unset up up
--More--  GigabitEthernet1/1/1 unassigned YES unset down down
--More--  GigabitEthernet1/1/2 unassigned YES unset down down
--More--  GigabitEthernet1/1/3 unassigned YES unset down down
--More--  GigabitEthernet1/1/4 unassigned YES unset down down
--More--  Te1/1/1 unassigned YES unset down down
--More--  Te1/1/2 unassigned YES unset down down
--More--  Te1/1/3 unassigned YES unset down down
--More--  Te1/1/4 unassigned YES unset down down

Central-SW#show interfaces vlan 172
Vlan172 is up, line protocol is up
Hardware is Ethernet SVI, address is 003c.1098.7b5c (bia 003c.1098.7b5c)
Internet address is 172.16.2.1/22
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:13, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 16000 bits/sec, 25 packets/sec
5 minute output rate 11000 bits/sec, 10 packets/sec
10921 packets input, 1054486 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
4572 packets output, 662605 bytes, 0 underruns
0 output errors, 2 interface resets
0 unknown protocol drops
--More--   0 output buffer failures, 0 output buffers swapped out

Central-SW#show interfaces vlan 173
Vlan173 is up, line protocol is up
Hardware is Ethernet SVI, address is 003c.1098.7b4e (bia 003c.1098.7b4e)
Internet address is 192.168.100.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:08:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
134 packets input, 11872 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
2 packets output, 120 bytes, 0 underruns
0 output errors, 2 interface resets
0 unknown protocol drops
--More--   0 output buffer failures, 0 output buffers swapped out

Hello
If you only using 2 vlans (172,173) how come you have 4 additional  l3 svi (216,400,500,501) in your configuration?
Do you clients receive dhcp allocations?

Can your clients ping both vlans 172/3 GWs
Do you have the vlan database populated with the correct vlans?


Remove the following static routes:

no  ip route 0.0.0.0 0.0.0.0 Vlan501
no  ip route 0.0.0.0 0.0.0.0 Vlan500
no ip route 0.0.0.0 0.0.0.0 200.1.1.2
no ip route 192.168.100.0 255.255.255.0 172.16.2.252

Put trunk ports in trunk mode and access ports in access mode

Example:
interface GigabitEthernet1/1/x
no switchport access vlan 172
switchport trunk allowed vlan 172,173
switchport mode trunk
no spanning-tree portfast

interface GigabitEthernet1/0/x
switchport access vlan 172  - Fw vlan

switchport mode access
spanning-tree portfast

interface GigabitEthernet1/0/x
switchport access vlan 173  -  User vlan
switchport mode access
spanning-tree portfast



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco