02-23-2021 03:10 PM
I have 2 switches connected to a router that allows inter-vlan routing. Everything was working properly until one of the switches suddenly stopped working. It's the small business model (SG250-29P). I know this shouldn't be complicated, but it's driving me crazy. On this particular switch (xio-1-as03), all ports on this switch is on VLAN 7 and I can ping the VLAN 7 default router from this switch as shown:
xio-1-as03#ping 10.7.255.254 Pinging 10.7.255.254 with 18 bytes of data: 18 bytes from 10.7.255.254: icmp_seq=1. time=0 ms 18 bytes from 10.7.255.254: icmp_seq=2. time=10 ms 18 bytes from 10.7.255.254: icmp_seq=3. time=0 ms 18 bytes from 10.7.255.254: icmp_seq=4. time=0 ms ----10.7.255.254 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/2/10
The issue is, I can't get Internet or network access on anything connected to this switch, nor can I ping any devices from the main router to anything connected to the switch. Let's start with the running config from the main router below.
xio-1-br01#show running-config Building configuration... Current configuration : 4954 bytes ! ! Last configuration change at 13:50:48 CST Tue Feb 23 2021 by admin ! version 16.6 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname xio-1-br01 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model clock timezone CST -6 0 clock summer-time cdt recurring ! ip name-server 68.1.16.107 ip dhcp excluded-address 10.2.255.1 10.2.255.254 ip dhcp excluded-address 10.1.255.1 10.1.255.254 ip dhcp excluded-address 10.4.255.1 10.4.255.254 ip dhcp excluded-address 10.3.255.1 10.3.255.254 ip dhcp excluded-address 10.5.255.1 10.5.255.254 ip dhcp excluded-address 10.7.255.1 10.7.255.254 ! ip dhcp pool p2 import all network 10.2.0.0 255.255.0.0 default-router 10.2.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ip dhcp pool p1 import all network 10.1.0.0 255.255.0.0 default-router 10.1.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ip dhcp pool p3 import all network 10.3.0.0 255.255.0.0 default-router 10.3.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ip dhcp pool p4 import all network 10.4.0.0 255.255.0.0 default-router 10.4.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ip dhcp pool p5 import all network 10.5.0.0 255.255.0.0 default-router 10.5.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ip dhcp pool p7 network 10.7.0.0 255.255.0.0 default-router 10.7.255.254 dns-server 68.105.28.11 68.105.29.11 8.8.8.8 lease 3 ! ! ! ! ! ! ! ! ! ! subscriber templating ! ! multilink bundle-name authenticated ! ! ! crypto pki trustpoint TP-self-signed-3932058017 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3932058017 revocation-check none rsakeypair TP-self-signed-3932058017 ! ! crypto pki certificate chain TP-self-signed-3932058017 ! ! license udi pid C1111-8P sn FGL2204923K ! diagnostic bootup level minimal spanning-tree extend system-id ! ! username admin privilege 15 secret 5 $1$2Mti$HKF5Utj8mjYEjORSpdSZm1 ! redundancy mode none ! ! vlan internal allocation policy ascending ! ! ! ! ! ! interface Loopback0 ip address 10.240.9.1 255.255.255.0 ! interface GigabitEthernet0/0/0 ip address dhcp ip nat outside ip access-group 100 in negotiation auto no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/1 ip address 10.240.8.1 255.255.255.0 ip nat inside ip access-group 100 in ip access-group 100 out negotiation auto ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 ! interface GigabitEthernet0/1/4 switchport access vlan 5 ! interface GigabitEthernet0/1/5 switchport access vlan 6 ! interface GigabitEthernet0/1/6 switchport access vlan 7 ! interface GigabitEthernet0/1/7 switchport mode trunk ! interface Vlan1 ip address 10.1.255.254 255.255.0.0 ip nat inside ! interface Vlan2 ip address 10.2.255.254 255.255.0.0 ip nat inside ! interface Vlan3 ip address 10.3.255.254 255.255.0.0 ip nat inside ! interface Vlan4 ip address 10.4.255.254 255.255.0.0 ip nat inside ! interface Vlan5 ip address 10.5.255.254 255.255.0.0 ip nat inside ! interface Vlan6 ip address 192.168.1.254 255.255.255.0 ip nat inside ! interface Vlan7 ip address 10.7.255.254 255.255.0.0 ip nat inside ! ip nat inside source list 1 interface GigabitEthernet0/0/0 overload ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip dns server ip route 10.1.0.0 255.255.0.0 Vlan1 ip route 10.2.0.0 255.255.0.0 Vlan2 ip route 10.3.0.0 255.255.0.0 Vlan3 ip route 10.4.0.0 255.255.0.0 Vlan4 ip route 10.5.0.0 255.255.0.0 Vlan5 ip route 10.7.0.0 255.255.0.0 Vlan7 ip route 10.140.8.0 255.255.255.0 GigabitEthernet0/0/1 ip route 10.140.9.0 255.255.255.0 GigabitEthernet0/0/1 ip route 192.168.1.0 255.255.255.0 Vlan6 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp ! ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 1 permit 192.168.0.0 0.0.255.255 access-list 100 permit udp any any eq domain access-list 100 permit udp any eq domain any access-list 100 permit tcp any any eq domain access-list 100 permit tcp any eq domain any access-list 100 permit tcp any any eq www access-list 100 permit tcp any any eq telnet access-list 100 permit tcp any any eq smtp access-list 100 permit tcp any any eq pop3 access-list 100 permit tcp any any eq ftp access-list 100 permit tcp any any eq ftp-data access-list 100 permit icmp any any echo-reply access-list 100 permit ip any any ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 password admin logging synchronous login transport input none stopbits 1 line vty 0 exec-timeout 60 0 password admin logging synchronous login local line vty 1 5 exec-timeout 60 0 password admin login local ! wsma agent exec ! wsma agent config ! wsma agent filesys ! wsma agent notify ! ! end
I'm pretty sure there's no configuration issue with the main router (xio-1-br01) itself, as I've made no config changes to the router.
Below is the running config from the problem switch (xio-1-as03):
xio-1-as03#show running-config config-file-header xio-1-as03 v2.4.0.94 / RTESLA2.4_930_181_045 CLI v1.0 file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 ! ! unit-type-control-start unit-type unit 1 network gi uplink none unit-type-control-end ! vlan database vlan 7 exit voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ bonjour interface range vlan 1 hostname xio-1-as03 line console exec-timeout 30 exit line ssh exec-timeout 30 exit line telnet exec-timeout 30 exit no passwords complexity enable username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15 ip ssh server snmp-server server ip http timeout-policy 1800 ip telnet server ! interface vlan 7 ip address 10.130.9.1 255.255.255.0 ! interface GigabitEthernet1 switchport access vlan 7 ! interface GigabitEthernet2 switchport access vlan 7 ! interface GigabitEthernet3 switchport access vlan 7 ! interface GigabitEthernet4 switchport access vlan 7 ! interface GigabitEthernet5 switchport access vlan 7 ! interface GigabitEthernet6 switchport access vlan 7 ! interface GigabitEthernet7 switchport access vlan 7 ! interface GigabitEthernet8 switchport access vlan 7 ! interface GigabitEthernet9 switchport access vlan 7 ! interface GigabitEthernet10 switchport access vlan 7 ! interface GigabitEthernet11 switchport access vlan 7 ! interface GigabitEthernet12 switchport access vlan 7 ! interface GigabitEthernet13 switchport access vlan 7 ! interface GigabitEthernet14 switchport access vlan 7 ! interface GigabitEthernet15 switchport access vlan 7 ! interface GigabitEthernet16 switchport access vlan 7 ! interface GigabitEthernet17 switchport access vlan 7 ! interface GigabitEthernet18 switchport access vlan 7 ! interface GigabitEthernet19 switchport access vlan 7 ! interface GigabitEthernet20 switchport access vlan 7 ! interface GigabitEthernet21 switchport access vlan 7 ! interface GigabitEthernet22 switchport access vlan 7 ! interface GigabitEthernet23 switchport access vlan 7 ! interface GigabitEthernet24 switchport access vlan 7 ! interface GigabitEthernet25 switchport mode trunk switchport access vlan 7 ! exit xio-1-as03#23-Feb-2021 22:48:17 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi25.
The physical ports between the main switch and the problem switch are below.
Gi0/0/6 (on the router) is physically connected to Gi25 (on the problem switch). This issue has been driving me crazy for the past several days. If anyone can help me fix this issue, I'd greatly appreciate it.
VLAN 7 default router is 10.7.255.254 255.255.255.0
Solved! Go to Solution.
02-23-2021 05:15 PM
Good to hear that we have been of help, verify the communication between the Switch and the Router by enabling the trunk hose port, allowing the vlands that you want to have
Remember to rate this answer as this motivates you to continue helping in the community
02-23-2021 03:32 PM
Greetings and thanks for communicating to the cisco community the problem is that you have different IP addressing in the Vlan For the Router the IP address is 10.7.255.254 255.255.0.0 while in your switch it is interface vlan 7
ip address 10.130.9.1 255.255.255.0 from what you can see they are not in the same network segment between the router and the switch, remember to verify the trunk communication on the router and switch.
remember to rate the aid in the star and select As a solution
02-23-2021 03:58 PM
As per mesage you connected to G0/0/6 - we do not see any config (may be G0/1/6 or Gi0/1/7)
interface GigabitEthernet0/1/6
switchport access vlan 7
!
interface GigabitEthernet0/1/7
switchport mode trunk
!
On router you have different I range configured compare to switch.
interface Vlan7
ip address 10.7.255.254 255.255.0.0
ip nat inside
On switch you have vlan config - ( make sure your config should be 10.7.0.0/16 range)
interface vlan 7
ip address 10.130.9.1 255.255.255.0 < -----(change this config accordingly)
!
This information not at all matching :
VLAN 7 default router is 10.7.255.254 255.255.255.0
Add also static route towards Router - i do not see any route.
Connected port to router : (trunk is good option ) make sure you change same on router side what ever port connected.
interface GigabitEthernet25
switchport mode trunk
no switchport access vlan 7
02-23-2021 04:53 PM - edited 02-23-2021 05:05 PM
Hi all. Thanks for the quick reply. Looks like we're making good progress here. I can now ping to desktop computer that is connected to that one switch, but the issue is I can't ping out to another machine/device/node from that faulty switch (xio-1-as03) or even ping out to Google. The desktop computer that is connected to the faulty switch can access the Internet, so that's also a good thing so far. Here's the updated running config:
xio-1-as03#show running-config config-file-header xio-1-as03 v2.4.0.94 / RTESLA2.4_930_181_045 CLI v1.0 file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 ! ! unit-type-control-start unit-type unit 1 network gi uplink none unit-type-control-end ! vlan database vlan 2-5,7 exit voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ bonjour interface range vlan 1 hostname xio-1-as03 line console exec-timeout 30 exit line ssh exec-timeout 30 exit line telnet exec-timeout 30 exit no passwords complexity enable username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15 ip ssh server snmp-server server ip http timeout-policy 1800 ip telnet server ! interface vlan 1 ip address 10.1.255.252 255.255.0.0 no ip address dhcp ! interface vlan 2 ip address 10.2.255.252 255.255.0.0 ! interface vlan 3 ip address 10.3.255.252 255.255.0.0 ! interface vlan 4 ip address 10.4.255.252 255.255.0.0 ! interface vlan 5 ip address 10.5.255.252 255.255.0.0 ! interface vlan 7 ip address 10.7.255.252 255.255.0.0 ! interface GigabitEthernet1 switchport access vlan 7 ! interface GigabitEthernet2 switchport access vlan 7 ! interface GigabitEthernet3 switchport access vlan 7 ! interface GigabitEthernet4 switchport access vlan 7 ! interface GigabitEthernet5 switchport access vlan 7 ! interface GigabitEthernet6 switchport access vlan 7 ! interface GigabitEthernet7 switchport access vlan 7 ! interface GigabitEthernet8 switchport access vlan 7 ! interface GigabitEthernet9 switchport access vlan 7 ! interface GigabitEthernet10 switchport access vlan 7 ! interface GigabitEthernet11 switchport access vlan 7 ! interface GigabitEthernet12 switchport access vlan 7 ! interface GigabitEthernet13 switchport access vlan 7 ! interface GigabitEthernet14 switchport access vlan 7 ! interface GigabitEthernet15 switchport access vlan 7 ! interface GigabitEthernet16 switchport access vlan 7 ! interface GigabitEthernet17 switchport access vlan 7 ! interface GigabitEthernet18 switchport access vlan 7 ! interface GigabitEthernet19 switchport access vlan 7 ! interface GigabitEthernet20 switchport access vlan 7 ! interface GigabitEthernet21 switchport access vlan 7 ! interface GigabitEthernet22 switchport access vlan 7 ! interface GigabitEthernet23 switchport access vlan 7 ! interface GigabitEthernet24 switchport access vlan 7 ! interface GigabitEthernet25 ip address 10.130.8.1 255.255.255.0 switchport access vlan 7 ! exit
Here's the ping results:
xio-1-as03#ping 10.2.0.8 Pinging 10.2.0.8 with 18 bytes of data: PING: net-unreachable PING: net-unreachable PING: net-unreachable PING: net-unreachable ----10.2.0.8 PING Statistics---- 4 packets transmitted, 0 packets received, 100% packet loss xio-1-as03#ping google.com % Host not found in DNS database
I took a second look. I'm guessing I'm missing the default route. Making some changes. If anyone has a quick answer or additional feedback, please do so.
02-23-2021 05:15 PM
Good to hear that we have been of help, verify the communication between the Switch and the Router by enabling the trunk hose port, allowing the vlands that you want to have
Remember to rate this answer as this motivates you to continue helping in the community
02-23-2021 05:42 PM
Hi Jaoracuna. Many thanks again. Looks like I'm back in business now. The final issue was the missing default route. I've been messing around with the configurations on that one switch so many times, I completely left it in my rear-view. Pinging between devices/nodes in my entire network between switches are working now, including that one switch (xio-1-as03). I probably don't have everything perfectly setup between all my network devices, but at least everything appears to be working fine, so I'll leave it as is. Thanks everyone for your help. This time, I'm going to make sure I backup my running-configs on all my network gear.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide