Static Route in 2960-S

IT Administrator · ‎09-21-2015

Hi All,

I have been trying to configure a 2960S Catalyst switch with three VLANS and static route enabled .

I have done the VLAN part but unable to configure static route .

1)VALN created - vlan 10 (interface ip-192.168.10.10) vlan 20 (int IP 192.168.20.20) vlan 30 (int ip 192.168.30.30)

2) SDM set to lan-base routing

3)ip routing enabled

4)#ip route 0.0.0.0 0.0.0.0 192.168.30.30 ( not working)

I need to communicate vlan 10 and vlan 20 PC's to vlan 30 pc's vise verse but no communication in between vlan 10 and vlan 20.

How I can route ? I have a network of 192.168.52.0/24 in VLAN 30 , I need to access that subnet through vlan 30 ???

Hopes for quick replies , need ip route command.

Thanks

JO

John Blakley · ‎09-22-2015

Do you have the static route on the switch for vlan 30? If so, you're pointing the default route to it's own svi which doesn't need to be done since it's locally connected. The switch should already know how to get to all vlans that it has an svi for. Did you create the L2 vlans as well as the interfaces? Can you post:

show ip int brie | ex unassign

show vlan

Also, are you working with the single switch or do you have others? If so, you'll need to make sure that you have the switch interconnected ports trunked, and that those switches also have the same vlans configured.

HTH,

John

HTH, John *** Please rate all useful posts ***

IT Administrator · ‎09-22-2015

Hi John,

Thanks for the reply,

Here we go...

Switch#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48, Te1/0/1
Te1/0/2
10 SBWH active Gi1/0/10
11 test active Gi1/0/11
20 CPD active Gi1/0/20
30 IT active Gi1/0/30
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Switch#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.42.244 YES NVRAM up up
Vlan10 192.168.10.10 YES manual up down
Vlan20 192.168.20.20 YES manual up down
Vlan30 192.168.30.30 YES manual up down
FastEthernet0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset down down

I have two switches , but I'm testing it all on a single switch.

Thanks

JO

John Blakley · ‎09-22-2015

I see that your vlan 10,20, and 30 interfaces are down. Are the hosts up now that are configured for that vlan? Can you post:

show int g1/0/10 trunk

show int g1/0/10

You also need to make sure that the default gateways are configured on the hosts as well. When they receive traffic from a vlan that's not on their own, they're going to need to send it back to the switch for it to route.

HTH,

John

HTH, John *** Please rate all useful posts ***

IT Administrator · ‎09-22-2015

Yes, nothing was connected. I will connect and send again.

Switch#show int g1/0/10 trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/10 off 802.1q not-trunking 1

Port Vlans allowed on trunk
Gi1/0/10 10

Port Vlans allowed and active in management domain
Gi1/0/10 10

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/10 10

Switch#show int g1/0/10
GigabitEthernet1/0/10 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is e089.9da3.ef0a (bia e089.9da3.ef0a)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
6761 packets input, 531123 bytes, 0 no buffer
Received 6761 broadcasts (637 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 637 multicast, 0 pause input
0 input packets with dribble condition detected
1198 packets output, 99520 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

devils_advocate · ‎09-22-2015

I am a little confused.

Your original post says:

...vlan 30 (int ip 192.168.30.30)..

.....I have a network of 192.168.52.0/24 in VLAN 30 ...

Which IP range is Vlan 30? Is it 192.168.30.0 or 192.168.52.0 as it can't be both within the same local network?

You don't need static routes to route between Vlans that terminate on the same L3 switch.

Assuming the default gateways for your clients are the ones below then the clients in those Vlans should be able to communicate with each other, no default route is needed.

Vlan 10 - 192.168.10.10
Vlan 20 - 192.168.20.20
Vlan 30 - 192.168.30.30

Your default route (ip route 0.0.0.0 0.0.0.0 192.168.30.30) is pointing to an IP address that exists on your switch, this is not what a default route is designed to do.

Can you clarify:

A) That your client default gateways are as I have described above?
B) What the 192.168.52.0 subnet refers so as there is some confusion

IT Administrator · ‎09-22-2015

Hi ,

I have a network with more than 200 hosts connected and few servers on VMware esxi .Network is in 52.0 subnet .

now we are planning to upgrade with making different departments on different VLANs , we bought two Catalyst 2960-S 48 port switch for this upgrade (it support lan-base routing SDM)

for example:- Our current network is without VLAN and all, all static ip's and its in 192.168.52.0 range.

In the new setup with 2960-S , divide these network in to few VLANs and make servers also in separate VLAN

So, all our department VLANs should communicate with Server VLAN but no communication in between department VLANs.

I maybe wrong in VLAN interface ip's created , please give me a solution and show me how it should configured and give me an idea of how ip route commands shold use.

thanks for your time

JO

Jon Marshall · ‎09-22-2015

As has already been said the switch will automatically route between locally connected interfaces so you do not need any routes although you may need a default route to an internet device for example.

Your issue is not that it won't route it's that you don't want traffic between the client vlans, only to the servers.

So you need acls ie.

access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

int vlan 10
ip access-group 101 in

int vlan 20
ip access-group 102 in

Note that the second line of each acl is a permit to any destination which includes the servers but also internet IPs assuming you want this.

If you don't then just replace the "any" with the server IP subnet.

As John has said you will only be able to test this once you have active ports ie. up/up in each vlan or a trunk link allowing those vlans because otherwise your SVIs (int vlan <x>) will not come up.

You may also need to do a "no shut" on the SVIs.

If you do want internet then you also need a default route pointing to the internet device eg. a firewall or router.

Jon

IT Administrator · ‎09-22-2015

Switch#show ip int brie
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.42.244 YES NVRAM up up
Vlan10 192.168.10.10 YES manual up up
Vlan20 192.168.20.20 YES manual up up
Vlan30 192.168.30.30 YES manual up up
FastEthernet0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset down down
GigabitEthernet1/0/12 unassigned YES unset down down
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset down down
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset up up
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset down down
GigabitEthernet1/0/25 unassigned YES unset down down
GigabitEthernet1/0/26 unassigned YES unset down down
GigabitEthernet1/0/27 unassigned YES unset down down
GigabitEthernet1/0/28 unassigned YES unset down down
GigabitEthernet1/0/29 unassigned YES unset down down
GigabitEthernet1/0/30 unassigned YES unset up up
GigabitEthernet1/0/31 unassigned YES unset down down
GigabitEthernet1/0/32 unassigned YES unset down down
GigabitEthernet1/0/33 unassigned YES unset down down
GigabitEthernet1/0/34 unassigned YES unset down down
GigabitEthernet1/0/35 unassigned YES unset down down
GigabitEthernet1/0/36 unassigned YES unset down down

Switch#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0
Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi
Gi1/0/29, Gi1/0/31, Gi1/0/32, Gi
Gi1/0/42, Gi1/0/43, Gi1/0/44, Gi
10 SBWH active Gi1/0/10
11 test active Gi1/0/11
20 CPD active Gi1/0/20
30 IT active Gi1/0/30
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup