cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1451
Views
0
Helpful
13
Replies

setting up switch 3560G

z
Level 1
Level 1

I am setting up my first Cisco Switch, its a 3560G and I'm going to use it to segment my network with Vlans, I have followed this guide.

All I have connected right now is my router (cheap Home router) and I can ping devices on my local network 192.168.1.0/24 except for the router (can ping its interface 192.168.1.200 but not its ip 192.168.1.1) and I am unable to ping externally such as google.com or 8.8.8.8 if I ping google.com I get:

CORESW01#ping google.com
Translating "google.com"...domain server (255.255.255.255) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.8.206, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
As you can see it is grabbing a valid IP for the domain google.com but is
for some reason unable to route to it.

I am also able to ping the switch from a client that is not connected to the switch (they both are connected to the router), but from a device connected to the switch I am unable to ping externally as well but can ping other Vlan interfaces such as 10.0.100.1

I have attached a network diagram, the only difference is the interface between the router and the switch is 192.168.1.200 not 192.168.1.2

Here is my running-config

Current configuration : 3595 bytes
!
! Last configuration change at 00:33:49 UTC Mon Mar 1 1993
! NVRAM config last updated at 06:38:52 UTC Thu Jun 8 2017
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORESW01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
!
(Removed Cert info)
!
!
(Removed Cert info)
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 100
!
interface GigabitEthernet0/2
switchport access vlan 100
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
switchport access vlan 100
!
interface GigabitEthernet0/5
switchport access vlan 100
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
no switchport
ip address 192.168.1.200 255.255.255.0
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
!
interface Vlan40
ip address 10.0.40.1 255.255.255.0
!
interface Vlan100
ip address 10.0.100.1 255.255.255.0
!
ip http server
ip http secure-server
!
!
ip default-network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
snmp-server community no RO
!
!
line con 0
line vty 0 4
line vty 5 15
!
end

Here is show ip route

CORESW01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.1
* 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C* 192.168.1.0/24 is directly connected, GigabitEthernet0/24
L 192.168.1.200/32 is directly connected, GigabitEthernet0/24

I'm sure its something stupid I messed up and any help would be appreciated.

Thanks

13 Replies 13

Austin Sabio
Level 4
Level 4

You don't have routing config. In order to reach out different VLANs you need routing whether its static or using routing protocols like RIP 'for learning' or EIGRP. 

Please refer to below link for basic routing labs.

http://danscourses.com/routers-and-routing-intro/

sidenote: typically in cisco ios you don't ping hostname but the IP unless you configure dns locally. 

http://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/24182-reversedns.html

I hope this helps. Good luck!

So my current setup is a simple netgear router hooked up to a 3560g acting as the layer 3 device.

I believe I have it figured out and will test when I get out of work in 4 hours.

Am I correct that even though I have a default route on the switch via ip route 0.0.0.0 0.0.0.0 192.168.1.1 I would also need to put static routes on my router in order for it to know how to send a reply back.

That is something I overlooked, I didn't think about the fact that 10.0.1.x and 10.0.40.x and 10.0.100.x mean nothing to the router and I have to tell it to route it through the switch's interface via 192.168.1.200, correct?

As for pinging hostname, I thought since I set a default route via ip route 0.0.0.0 0.0.0.0 192.168.1.1 then if it doesn't recognize a device or hostname that it would send it to the router to figure out, so I ping google.com and then the router's DNS would find it for me. 

If the 3560G serves as layer 3 device and ip routing is enabled and required nodes live on same switch then static/dynamic routing is not needed its the same box.but make sure you assign a port to each vlan (vlan1, vlan40 and vlan100) so its in use. 

do show ip int brief you will find out that vlan40 status is up/down.

 

also your default route should be 

 ip route 0.0.0.0 0.0.0.0 192.168.1.200
or
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/24

That's why I posted -before seeing your response-  the default route above to correct yours. 

!
ip http server
ip http secure-server
!
!
ip default-network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
snmp-server community no RO
!
!
line con 0
line vty 0 4
line vty 5 15
!
end

So you are saying I should use int g0/24 as the next hop?

Sorry for all the confusion, I'm learning Networking basics at the same time as I'm learning the Cisco IOS. 

No worries. yes you can or use 192.168.1.200. Let me know how it goes!

I leave work in half an hour, I'll let you know.

Alright so I messed up bad here, I had my router access control on so that new devices were blocked, after turning that off and allowing the blocked devices (switch and laptop currently) I am able to ping the router.

I also changed the route to 

ip route 0.0.0.0 0.0.0.0 g0/24

But if my laptop (on vlan1 with ip 10.0.1.20) pings 8.8.8.8 (for example) I get this error on the switch cli

%ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 8.8.8.8 GigabitEthernet0/24

You have to configure NAT in order to go to the internet. 

See https://learningnetwork.cisco.com/docs/DOC-15754

I'm not using a cisco router but I believe I have routes set up properly in my Home Router, I have static routes pointing all the 10. networks to the router-switch interface. 

I am able to ping from a device connected right to the router to a device on a separate vlan on the switch so the router is routing it to the right place (the 3560g) but the devices are still not able to ping externally. Although the switch is now able to ping externally. The devices connected to it are not. 

As I said before. You need to include the new internal network 10.0.0.0 in your NAT config. The reason why the switch (via Gig0/24--192.168.1.200) is able to ping to the outside because by default the modem is NATing 192.168.0.0 to your public IP. Try to login into your modem and add that in the NAT settings if supported. Otherwise, a router is needed to NAT from 10.0.0.0 to 192.168.0.0. I hope this helps. Good luck!

SideNote: Or just simply use 192.168.x.x instead of 10.0.0.0 for your internal VLANs to reach out the internet. 

I'm sorry, I'm trying to follow along, this my first experience with a layer 3 switch, or Cisco in general.

Say I ping 8.8.8.8 it would be required that it goes through my router as that is the only device with public facing interface. Without a static route on my router does it know that it needs to go through 192.168.1.200.

I followed this guide. That told me to set it to the ip of my default router (in my case my only one). I would not be able to use ip route 0.0.0.0 0.0.0.0 192.168.1.200 as that would be the same as saying 

WHEN ip = 0.0.0.0 and subnet is 0.0.0.0

Hop to 192.168.1.200 (the switch, I would be telling the switch that the next stop is itself)

Review Cisco Networking for a $25 gift card