Solved: Hi Grant, - Page 2

nmwenda01 · ‎07-22-2017

Hi

I have configured a cisco 3850 to act as my core switch which assigns dhcp in different vlans. On the access switch I have a 2960x switch which I have configured to access one of the dhcp vlan 3. On the access and 3850 i have created a trunk port and allowed all vlans. Below is the configuration. On the 3850.

My problem is from the access switch 2960x I cannot ping the core switch but when connected to the switch in a machine I can telnet to the core switch. The core switch is receiving internet but the users on the access cannot access Internet.

3850

Inter vlan policy ascending 

ip dhcp pool vlan2                  
 network 192.168.2.0 255.255.255.0                                  
 default-router 192.168.2.254 255.255.255.0                                           
 dns-server 192.168.0.1 8.8.8.8                               
! 
ip dhcp pool vlan3                  
 network 192.168.3.0 255.255.255.0                                  
 default-router 192.168.1.1 255.255.255.0                                        dns-server 8.8.8.8

IP route 0.0.0.0 0.0.0.0 192.168.10.1

interface Vlan1               
 no ip address              
! 
interface Vlan2               
 ip address 192.168.2.254 255.255.255.0                                       
 shutdown
! 
interface Vlan3               
 ip address 192.168.1.1 255.255.255.0 

Interface gigabitethernet 1/0/1
No switch port
IP address 192.168.10.1

Interface gigabitethernet 1/0/3
Switch port mode trunk
Switch port trunk allowed vlan all                                      
! 
ip forward-protocol nd                  
no ip http server                 
ip http authentication local                                        
Router eigrp 1
Network 192.168.0.0
Redistribute connected
Stub summary
Passive interface default 
No passive interface gigabit ether net 1/0/1


On the access switch 2960x

Interface gigabitethernet 1/0/49
Switchport mode trunk 
Switchport trunk allowed vlan all

Interface gigabitethernet 1/0/1 -1/0/48
Switchport mode access
Switchport access vlan 3

GRANT3779 · ‎07-23-2017

What are you tracing to on your PC?

Can you have post configs from both devices as they are currently?

nmwenda01 · ‎07-23-2017

configurations are the same as posted earlier Grant.

Tracing on the 192.168.10.1. Traffic reaches the 192.168.1.1 then drops

GRANT3779 · ‎07-23-2017

I have just labbed this up and it works absolutely fine. I did however manage to get the same symptoms as you by leaving the command "ip routing" on the access layer switch (2960).

On the 2960 can you ensure you have typed no ip routing in global config mode.

This is with regards to not being able to ping between the switches.

See the basic configs attached I used for this. I can ping the 2960 sourcing from all vlan interfaces on the 3850.

nmwenda01 · ‎07-23-2017

Hi Grant thanks. The access switch can ping any user machine and the core but not the gateway that is the 192.168.10.1 and has no internet. Also from the core can ping the access switch user machines and Internet. Do I need an access list or what could I be missing ?

GRANT3779 · ‎07-23-2017

What is the device with the address 192.168.10.1 that is connected to gi1/0/1 with the routed port? Does it have routes back to the other 192.168.0.0 networks you have? Sounds like it doesn't and only knows about its directly connected interfaces

nmwenda01 · ‎07-24-2017

Hi Grant,

The device is a wireless router (192.168.10.1) which nat's internet to the public. It has no static route back to the switch. I was using a wireless TP-link as my router which doesnt understand routing back to the user . Putting a router which i can add routes back to the switch

nmwenda01 · ‎07-24-2017

Thank you so much for your support

paul driver · ‎07-24-2017

Hello

if you have access too this wifi rtr then it possible to still nat your internel network from this device.

To make think more simplistic first of all do your really need all those subnets?

May just require a couple of changes to get this working?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nmwenda01 · ‎07-26-2017

thank you for the insight

paul driver · ‎07-24-2017

Hello

one thing i have noticed is if i do a tracert from my pc it reaches the default gateway 192.168.1.1 then it doesnt knw where to take the traffic so i think the 3850 might be the one with an issue

3860 has these L3 interfaces with a default next hop of 192.168.10.1

interface Vlan2
ip address 192.168.2.254 255.255.255.0

interface Vlan3
ip address 192.168.1.1 255.255.255.0

interface Vlan10
ip address 192.168.0.1 255.255.255.0

interface GigabitEthernet1/0/1
ip address 192.168.10.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.10.1

2960 -
interface Vlan100
ip address 192.168.100.2 255.255.255.0
ip default-gateway 192.168.10.2

ip route 0.0.0.0 0.0.0.0 192.168.10.2
ip route 192.168.0.0 255.255.0.0 192.168.10.2

Disable ip routing on the 2960 and make sure the L2 switch has L2 vlan connectivity back to the core
For mgt purposes, Remove that vlan 100 on the 2960 and put that switch into one of the vlans configure on the 3860

On 2960
no ip routing
no interface Vlan100

int vlan 3
ip address 192.168.1.xx

Ip default-gateway 192.168.1.1

vlan 2,3,10
exit

As for internet reachability , This all depends on how users in your 3 vlans are being delt with by you next-hop device, The reason you have internet from the 3850 is that switch has a connected interface to the nexthop device - 192.168.10.1

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

GRANT3779 · ‎07-24-2017

3860 has these L3 interfaces with a default next hop of 192.168.10.1

The 3850 also has a vlan interface 100 now which is acting as a management VLAN and I believe he has connectivity between the 2 switches (between all interfaces on the Core and the management)

Hi Grant thanks. The access switch can ping any user machine and the core but not the gateway that is the 192.168.10.1 and has no internet. Also from the core can ping the access switch user machines and Internet. Do I need an access list or what could I be missing

I agree that the issue is now with that next hop of 192.168.10.1 and most likely not having routes back to the other networks on the Core.

GRANT3779 · ‎07-23-2017

Also on the 2960 -

i would remove the following -

ip route 0.0.0.0 0.0.0.0 192.168.10.2
ip route 192.168.0.0 255.255.0.0 192.168.10.2

ip routing

GRANT3779 · ‎07-23-2017

Pulling this all together -

On the access switch - you want the one interface vlan 100 to be up which I think you have.

interface Vlan100
ip address 192.168.100.2 255.255.255.0

ip default-gateway 192.168.100.1

also create vlan 100

No other vlan interface required on that switch.

On 3850 -

int vlan 100
ip address 192.168.100.1 255.255.255.0

GRANT3779 · ‎07-23-2017

Please can you post configs as the currenty are.

paul driver · ‎07-23-2017

Hello

give the 2960 switch an mgt IP address and default -gateway of vlan 3 and disable ip routing then you should be able to reach the L3 switch from the 2960

Make sure also that the vlans are propergated over th trunks into the vtp database of 2960 And clients can obtain dhcp addressing

Lastky your default route on the L3 is pointing to an interface on the same switch this isn't correct it should be pointing to the next-hop address for any non local traffic to route to

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Routing and switching