Solved: Re: switch swap - no internet

wavess · ‎04-28-2022

Hey All

I'm swapping a cisco 3650 for a new cisco 9200 switch.

the existing switch connects to an ASA, and then also connects to other switches.

I unplugged the old one and plugged in the connections to the new switch. I could not get internet connectivity when i plugged a pc into the new switch after i hooked everything up.

i am wondering if you could toss out some things to try/double check in order to fix this.

I made sure the routed port on the new switch was set up. i could ping the ASA from the new switch. i could not reach out to the internet or ping google.com from inside the new switch.

i'm a newb at this, so i'm sorry if this is a stupid question.

wavess · ‎07-19-2022

hey all. thanks for the replies.

i got it working. the sfp module was not lit up, so i reset both ends of the connection and the light came on. layer 1 issue i guess. the settings were the same betweeen switches. if yours is not working make sure there are lights showing up at both ends of the connection! duh! i'm an idiot. thanks for your patience.

View solution in original post

Reza Sharifi · ‎04-28-2022

Hi,

i'm a newb at this, so i'm sorry if this is a stupid question.

No question is stupid.

If you can connect to the Internet from the switch and not from a laptop you connect to one of the ports on the 9200, make sure the port is in the correct vlan. Also, make sure the laptop has the correct default gateway. In addition to these, can you post the output of

"sh run" and "sh vlans"

HTH

Kasun Bandara · ‎04-28-2022

check the configuration of 3650 switch and note down if any VLANs available. make sure same configuration applied to 9200 switch too.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi · ‎04-28-2022

Questions :

1. is the switch connected out of the box ? or configured the same as the old switch?

2. as others mentioned you need to do basic config on the switch and appropriate VLAN to be in place to work.

post both old switch and new switch config for reference here

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎04-30-2022

without topology we can image what happened, may be L2 STP issue may be VLAN not config in new SW.....
we need more detail

wavess · ‎05-02-2022

i ssh to old switch. i cannot ping google from the old switch, but i know everything works.
i disconnect old switch and connect new switch. still cannot ping google. i can ping the ASA interface that the switch is directly connected to. not sure why pings are not going through...maybe there is some other way to test connectivity? i thought that was the main/best way...
maybe this has something to do with dns or a default gateway? ip routing turned on in both cases. name servers set on both switches. ip domain name set on both switches.
vlan interfaces are identifcal in status, protocol, and ip address from old to new.

Vlan1 unassigned YES NVRAM administratively down down
Vlan11 10.1.1.254 YES NVRAM up up
Vlan12 10.1.2.254 YES NVRAM up up
Vlan13 10.1.3.254 YES NVRAM up up
Vlan14 10.1.4.254 YES NVRAM up up

only 3 ports of 48 that have cables plugged in on the old switch. port configurations match between old and new switch in all cases.

FIRST PORT

OLD AND NEW SWITCH - EXACT SAME CONFIG ON BOTH SWITCHES

interface GigabitEthernet0/1
description ROUTED PORT TO CISCO ASA
no switchport
ip address 192.168.1.245 255.255.255.252

SECOND PORT

OLD SWITCH

interface GigabitEthernet0/2
description TOP FLOOR SWITCH
switchport access vlan 22
switchport trunk encapsulation dot1q
switchport trunk native vlan 22
switchport mode trunk
spanning-tree portfast

NEW SWITCH

interface GigabitEthernet1/0/2
description TOP FLOOR SWITCH
switchport trunk native vlan 22
switchport mode trunk
switchport nonegotiate

THIRD PORT

OLD SWITCH

interface GigabitEthernet0/3
description LOWER LEVEL SWITCH
switchport trunk encapsulation dot1q
switchport trunk native vlan 23
switchport mode trunk
switchport nonegotiate

NEW SWITCH

interface TenGigabitEthernet1/1/1
description FIBER TENGIG TRUNK LOWER LEVEL SWITCH
switchport trunk native vlan 23
switchport mode trunk
switchport nonegotiate

wavess · ‎05-02-2022

there is also a default route on the both switches going to the ASA interface.

ip route 0.0.0.0 0.0.0.0 192.168.1.246

wavess · ‎05-02-2022

not only can i not ping google on the working switch, but i cannot ping externals ip addresses like 8.8.8.8

Reza Sharifi · ‎05-02-2022

If you are trying to ping google from the switch, your source address will be 192.168.1.245. So, the IP segment that connects the switch to the firewall (192.168.1.244 255.255.255.252) needs to be part of your NAT statement.

Also, it would probably be helpful if you post the output of "sh run" here.

HTH

MHM Cisco World · ‎05-02-2022

Encapsulation must conifg in each trunk

Second clear arp table in asa.

wavess · ‎05-03-2022

encapsulation command does not exist on new 9200 switches. it is assumed.

MHM Cisco World · ‎05-03-2022

Yes I check there is no encapsulation since 9200 by default use IEEE 802.1Q for all trunk.

now only clear arp & clear conn in ASA.
from the view of ASA the same IP meaning same MAC address traffic drop.

wavess · ‎07-19-2022

hey all. thanks for the replies.

i got it working. the sfp module was not lit up, so i reset both ends of the connection and the light came on. layer 1 issue i guess. the settings were the same betweeen switches. if yours is not working make sure there are lights showing up at both ends of the connection! duh! i'm an idiot. thanks for your patience.