Solved: Router on a Stick SG250-29P Switch Issues

sxiong1111 · ‎02-23-2021

I have 2 switches connected to a router that allows inter-vlan routing. Everything was working properly until one of the switches suddenly stopped working. It's the small business model (SG250-29P). I know this shouldn't be complicated, but it's driving me crazy. On this particular switch (xio-1-as03), all ports on this switch is on VLAN 7 and I can ping the VLAN 7 default router from this switch as shown:

xio-1-as03#ping 10.7.255.254
Pinging 10.7.255.254 with 18 bytes of data:

18 bytes from 10.7.255.254: icmp_seq=1. time=0 ms
18 bytes from 10.7.255.254: icmp_seq=2. time=10 ms
18 bytes from 10.7.255.254: icmp_seq=3. time=0 ms
18 bytes from 10.7.255.254: icmp_seq=4. time=0 ms

----10.7.255.254 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/2/10

The issue is, I can't get Internet or network access on anything connected to this switch, nor can I ping any devices from the main router to anything connected to the switch. Let's start with the running config from the main router below.

xio-1-br01#show running-config
Building configuration...


Current configuration : 4954 bytes
!
! Last configuration change at 13:50:48 CST Tue Feb 23 2021 by admin
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname xio-1-br01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CST -6 0
clock summer-time cdt recurring
!
ip name-server 68.1.16.107
ip dhcp excluded-address 10.2.255.1 10.2.255.254
ip dhcp excluded-address 10.1.255.1 10.1.255.254
ip dhcp excluded-address 10.4.255.1 10.4.255.254
ip dhcp excluded-address 10.3.255.1 10.3.255.254
ip dhcp excluded-address 10.5.255.1 10.5.255.254
ip dhcp excluded-address 10.7.255.1 10.7.255.254
!
ip dhcp pool p2
 import all
 network 10.2.0.0 255.255.0.0
 default-router 10.2.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
ip dhcp pool p1
 import all
 network 10.1.0.0 255.255.0.0
 default-router 10.1.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
ip dhcp pool p3
 import all
 network 10.3.0.0 255.255.0.0
 default-router 10.3.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
ip dhcp pool p4
 import all
 network 10.4.0.0 255.255.0.0
 default-router 10.4.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
ip dhcp pool p5
 import all
 network 10.5.0.0 255.255.0.0
 default-router 10.5.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
ip dhcp pool p7
 network 10.7.0.0 255.255.0.0
 default-router 10.7.255.254
 dns-server 68.105.28.11 68.105.29.11 8.8.8.8
 lease 3
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3932058017
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3932058017
 revocation-check none
 rsakeypair TP-self-signed-3932058017
!
!
crypto pki certificate chain TP-self-signed-3932058017
!
!
license udi pid C1111-8P sn FGL2204923K
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
username admin privilege 15 secret 5 $1$2Mti$HKF5Utj8mjYEjORSpdSZm1
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback0
 ip address 10.240.9.1 255.255.255.0
!
interface GigabitEthernet0/0/0
 ip address dhcp
 ip nat outside
 ip access-group 100 in
 negotiation auto
 no cdp enable
 ip virtual-reassembly
!
interface GigabitEthernet0/0/1
 ip address 10.240.8.1 255.255.255.0
 ip nat inside
 ip access-group 100 in
 ip access-group 100 out
 negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
 switchport access vlan 5
!
interface GigabitEthernet0/1/5
 switchport access vlan 6
!
interface GigabitEthernet0/1/6
 switchport access vlan 7
!
interface GigabitEthernet0/1/7
 switchport mode trunk
!
interface Vlan1
 ip address 10.1.255.254 255.255.0.0
 ip nat inside
!
interface Vlan2
 ip address 10.2.255.254 255.255.0.0
 ip nat inside
!
interface Vlan3
 ip address 10.3.255.254 255.255.0.0
 ip nat inside
!
interface Vlan4
 ip address 10.4.255.254 255.255.0.0
 ip nat inside
!
interface Vlan5
 ip address 10.5.255.254 255.255.0.0
 ip nat inside
!
interface Vlan6
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
!
interface Vlan7
 ip address 10.7.255.254 255.255.0.0
 ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip route 10.1.0.0 255.255.0.0 Vlan1
ip route 10.2.0.0 255.255.0.0 Vlan2
ip route 10.3.0.0 255.255.0.0 Vlan3
ip route 10.4.0.0 255.255.0.0 Vlan4
ip route 10.5.0.0 255.255.0.0 Vlan5
ip route 10.7.0.0 255.255.0.0 Vlan7
ip route 10.140.8.0 255.255.255.0 GigabitEthernet0/0/1
ip route 10.140.9.0 255.255.255.0 GigabitEthernet0/0/1
ip route 192.168.1.0 255.255.255.0 Vlan6
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 permit udp any any eq domain
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any any eq domain
access-list 100 permit tcp any eq domain any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit icmp any any echo-reply
access-list 100 permit ip any any
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 password admin
 logging synchronous
 login
 transport input none
 stopbits 1
line vty 0
 exec-timeout 60 0
 password admin
 logging synchronous
 login local
line vty 1 5
 exec-timeout 60 0
 password admin
 login local
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

I'm pretty sure there's no configuration issue with the main router (xio-1-br01) itself, as I've made no config changes to the router.

Below is the running config from the problem switch (xio-1-as03):

xio-1-as03#show running-config
config-file-header
xio-1-as03
v2.4.0.94 / RTESLA2.4_930_181_045
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 7
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname xio-1-as03
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
ip ssh server
snmp-server server
ip http timeout-policy 1800
ip telnet server
!
interface vlan 7
 ip address 10.130.9.1 255.255.255.0
!
interface GigabitEthernet1
 switchport access vlan 7
!
interface GigabitEthernet2
 switchport access vlan 7
!
interface GigabitEthernet3
 switchport access vlan 7
!
interface GigabitEthernet4
 switchport access vlan 7
!
interface GigabitEthernet5
 switchport access vlan 7
!
interface GigabitEthernet6
 switchport access vlan 7
!
interface GigabitEthernet7
 switchport access vlan 7
!
interface GigabitEthernet8
 switchport access vlan 7
!
interface GigabitEthernet9
 switchport access vlan 7
!
interface GigabitEthernet10
 switchport access vlan 7
!
interface GigabitEthernet11
 switchport access vlan 7
!
interface GigabitEthernet12
 switchport access vlan 7
!
interface GigabitEthernet13
 switchport access vlan 7
!
interface GigabitEthernet14
 switchport access vlan 7
!
interface GigabitEthernet15
 switchport access vlan 7
!
interface GigabitEthernet16
 switchport access vlan 7
!
interface GigabitEthernet17
 switchport access vlan 7
!
interface GigabitEthernet18
 switchport access vlan 7
!
interface GigabitEthernet19
 switchport access vlan 7
!
interface GigabitEthernet20
 switchport access vlan 7
!
interface GigabitEthernet21
 switchport access vlan 7
!
interface GigabitEthernet22
 switchport access vlan 7
!
interface GigabitEthernet23
 switchport access vlan 7
!
interface GigabitEthernet24
 switchport access vlan 7
!
interface GigabitEthernet25
 switchport mode trunk
 switchport access vlan 7
!
exit
xio-1-as03#23-Feb-2021 22:48:17 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi25.

The physical ports between the main switch and the problem switch are below.

Gi0/0/6 (on the router) is physically connected to Gi25 (on the problem switch). This issue has been driving me crazy for the past several days. If anyone can help me fix this issue, I'd greatly appreciate it.

VLAN 7 default router is 10.7.255.254 255.255.255.0

Javier Acuña · ‎02-23-2021

Good to hear that we have been of help, verify the communication between the Switch and the Router by enabling the trunk hose port, allowing the vlands that you want to have

Remember to rate this answer as this motivates you to continue helping in the community

View solution in original post

Javier Acuña · ‎02-23-2021

Greetings and thanks for communicating to the cisco community the problem is that you have different IP addressing in the Vlan For the Router the IP address is 10.7.255.254 255.255.0.0 while in your switch it is interface vlan 7
ip address 10.130.9.1 255.255.255.0 from what you can see they are not in the same network segment between the router and the switch, remember to verify the trunk communication on the router and switch.

remember to rate the aid in the star and select As a solution

balaji.bandi · ‎02-23-2021

As per mesage you connected to G0/0/6 - we do not see any config (may be G0/1/6 or Gi0/1/7)

interface GigabitEthernet0/1/6
switchport access vlan 7
!
interface GigabitEthernet0/1/7
switchport mode trunk
!
On router you have different I range configured compare to switch.
interface Vlan7
ip address 10.7.255.254 255.255.0.0
ip nat inside

On switch you have vlan config - ( make sure your config should be 10.7.0.0/16 range)

interface vlan 7
ip address 10.130.9.1 255.255.255.0 < -----(change this config accordingly)
!

This information not at all matching :

VLAN 7 default router is 10.7.255.254 255.255.255.0

Add also static route towards Router - i do not see any route.

Connected port to router : (trunk is good option ) make sure you change same on router side what ever port connected.

interface GigabitEthernet25
switchport mode trunk
no switchport access vlan 7

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sxiong1111 · ‎02-23-2021

Hi all. Thanks for the quick reply. Looks like we're making good progress here. I can now ping to desktop computer that is connected to that one switch, but the issue is I can't ping out to another machine/device/node from that faulty switch (xio-1-as03) or even ping out to Google. The desktop computer that is connected to the faulty switch can access the Internet, so that's also a good thing so far. Here's the updated running config:

xio-1-as03#show running-config
config-file-header
xio-1-as03
v2.4.0.94 / RTESLA2.4_930_181_045
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 2-5,7
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname xio-1-as03
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
ip ssh server
snmp-server server
ip http timeout-policy 1800
ip telnet server
!
interface vlan 1
 ip address 10.1.255.252 255.255.0.0
 no ip address dhcp
!
interface vlan 2
 ip address 10.2.255.252 255.255.0.0
!
interface vlan 3
 ip address 10.3.255.252 255.255.0.0
!
interface vlan 4
 ip address 10.4.255.252 255.255.0.0
!
interface vlan 5
 ip address 10.5.255.252 255.255.0.0
!
interface vlan 7
 ip address 10.7.255.252 255.255.0.0
!
interface GigabitEthernet1
 switchport access vlan 7
!
interface GigabitEthernet2
 switchport access vlan 7
!
interface GigabitEthernet3
 switchport access vlan 7
!
interface GigabitEthernet4
 switchport access vlan 7
!
interface GigabitEthernet5
 switchport access vlan 7
!
interface GigabitEthernet6
 switchport access vlan 7
!
interface GigabitEthernet7
 switchport access vlan 7
!
interface GigabitEthernet8
 switchport access vlan 7
!
interface GigabitEthernet9
 switchport access vlan 7
!
interface GigabitEthernet10
 switchport access vlan 7
!
interface GigabitEthernet11
 switchport access vlan 7
!
interface GigabitEthernet12
 switchport access vlan 7
!
interface GigabitEthernet13
 switchport access vlan 7
!
interface GigabitEthernet14
 switchport access vlan 7
!
interface GigabitEthernet15
 switchport access vlan 7
!
interface GigabitEthernet16
 switchport access vlan 7
!
interface GigabitEthernet17
 switchport access vlan 7
!
interface GigabitEthernet18
 switchport access vlan 7
!
interface GigabitEthernet19
 switchport access vlan 7
!
interface GigabitEthernet20
 switchport access vlan 7
!
interface GigabitEthernet21
 switchport access vlan 7
!
interface GigabitEthernet22
 switchport access vlan 7
!
interface GigabitEthernet23
 switchport access vlan 7
!
interface GigabitEthernet24
 switchport access vlan 7
!
interface GigabitEthernet25
 ip address 10.130.8.1 255.255.255.0
 switchport access vlan 7
!
exit

Here's the ping results:

xio-1-as03#ping 10.2.0.8
Pinging 10.2.0.8 with 18 bytes of data:

PING: net-unreachable
PING: net-unreachable
PING: net-unreachable
PING: net-unreachable

----10.2.0.8 PING Statistics----
4 packets transmitted, 0 packets received, 100% packet loss

xio-1-as03#ping google.com
% Host not found in DNS database

I took a second look. I'm guessing I'm missing the default route. Making some changes. If anyone has a quick answer or additional feedback, please do so.

Javier Acuña · ‎02-23-2021

Good to hear that we have been of help, verify the communication between the Switch and the Router by enabling the trunk hose port, allowing the vlands that you want to have

Remember to rate this answer as this motivates you to continue helping in the community

sxiong1111 · ‎02-23-2021

Hi Jaoracuna. Many thanks again. Looks like I'm back in business now. The final issue was the missing default route. I've been messing around with the configurations on that one switch so many times, I completely left it in my rear-view. Pinging between devices/nodes in my entire network between switches are working now, including that one switch (xio-1-as03). I probably don't have everything perfectly setup between all my network devices, but at least everything appears to be working fine, so I'll leave it as is. Thanks everyone for your help. This time, I'm going to make sure I backup my running-configs on all my network gear.