|
Cisco 2960 routing between vlans
Switch is a Cisco 2960-24TC IOS 150-1.SE1
First let me say this switch is suppose to do layer 3 routing, which I've enabled with: Switch(config)#sdm prefer lanbase-routing I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans. Here I'm pinging from vlan2 to vlan1 and it works Switch#ping Protocol [ip]: Target IP address: 192.168.100.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: vlan2 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds: Packet sent with a source address of 10.5.60.14 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work. Switch#ping Protocol [ip]: Target IP address: 192.168.100.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: vlan2 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds: Packet sent with a source address of 10.5.60.14 ...... Success rate is 0 percent (0/5) Here is the config ! aaa session-id common system mtu routing 1500 ip routing ! ! mls qos ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface FastEthernet0/1 switchport access vlan 2 ! interface FastEthernet0/2 switchport access vlan 2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.100.1 255.255.255.0 ! interface Vlan2 ip address 10.5.60.14 255.255.255.192 ! ! ip http server ip http secure-server logging esm config ! ! |
Re: Cisco 2960 routing between vlans
sky <c320sky@gmail.com> writes:
>Switch is a Cisco 2960-24TC IOS 150-1.SE1 First off, I'd stay away from having anything in Vlan1 if you are configing extra VLANs, move everything into new vlans away from Vlan1.. Leave that as your wasteland. >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work. And the PC is staticly configured for 192.168.100.2 as its IP address? Does it have a software firewall blocking pings? (like most windows now do?) Can it ping the switch? Is ip routing running on the switch? Can you do a 'show ip route'? Your config seems to be missing the vlan database commands or its modern equivilent. But this model should have auto-created those for you when you tagged ports being assigned in the vlans? You can try doing that by hand. vlan 1,2 |
Re: Cisco 2960 routing between vlans
In article <4fffbb76$0$74854$8046368a@newsreader.iphouse.net> ,
Doug McIntyre <merlyn@geeks.org> wrote: > sky <c320sky@gmail.com> writes: > >Switch is a Cisco 2960-24TC IOS 150-1.SE1 > > First off, I'd stay away from having anything in Vlan1 if you are > configing extra VLANs, move everything into new vlans away from Vlan1.. > Leave that as your wasteland. Definitely. > >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, > >it doesn't work. > > And the PC is staticly configured for 192.168.100.2 as its IP address? > Does it have a software firewall blocking pings? (like most windows > now do?) Can it ping the switch? > > Is ip routing running on the switch? Can you do a 'show ip route'? > > Your config seems to be missing the vlan database commands or its > modern equivilent. But this model should have auto-created those for > you when you tagged ports being assigned in the vlans? You can try > doing that by hand. > > vlan 1,2 'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip arp' and 'show spanning-tree'. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. |
Re: Cisco 2960 routing between vlans
On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote:
> sky writes: > >Switch is a Cisco 2960-24TC IOS 150-1.SE1 > > First off, I'd stay away from having anything in Vlan1 if you are > configing extra VLANs, move everything into new vlans away from Vlan1.. > Leave that as your wasteland. > > >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work. > > And the PC is staticly configured for 192.168.100.2 as its IP address? > Does it have a software firewall blocking pings? (like most windows > now do?) Can it ping the switch? Yes statically assigned, it's a Linux box and is not blocking pings, it can ping the switch vlan1, but not vlan2. > > Is ip routing running on the switch? Can you do a 'show ip route'? Switch#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.5.60.0/26 is directly connected, Vlan2 L 10.5.60.14/32 is directly connected, Vlan2 192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.100.0/24 is directly connected, Vlan1 L 192.168.100.1/32 is directly connected, Vlan1 > > Your config seems to be missing the vlan database commands or its > modern equivilent. But this model should have auto-created those for > you when you tagged ports being assigned in the vlans? You can try > doing that by hand. > > vlan 1,2 After typing vlan 1 what commands do I need to type? |
Re: Cisco 2960 routing between vlans
On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote:
> In article <4fffbb76$0$74854$8046368a@newsreader.iphouse.n et>, > Doug McIntyre <merlyn@geeks.org> wrote: > > > sky writes: > > >Switch is a Cisco 2960-24TC IOS 150-1.SE1 > > > > First off, I'd stay away from having anything in Vlan1 if you are > > configing extra VLANs, move everything into new vlans away from Vlan1.. > > Leave that as your wasteland. > > Definitely. > > > >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, > > >it doesn't work. > > > > And the PC is staticly configured for 192.168.100.2 as its IP address? > > Does it have a software firewall blocking pings? (like most windows > > now do?) Can it ping the switch? > > > > Is ip routing running on the switch? Can you do a 'show ip route'? > > > > Your config seems to be missing the vlan database commands or its > > modern equivilent. But this model should have auto-created those for > > you when you tagged ports being assigned in the vlans? You can try > > doing that by hand. > > > > vlan 1,2 > > 'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip > arp' and 'show spanning-tree'. > > Sam > > -- > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. Switch#show vlan id 1 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Switch#show vlan id 2 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 2 enet 100002 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Switch#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.5.60.14 - 08d0.9f69.2245 ARPA Vlan2 Internet 10.5.60.16 4 0027.0e0a.a23e ARPA Vlan2 Internet 192.168.100.1 - 08d0.9f69.2260 ARPA Vlan1 Internet 192.168.100.2 162 0004.2722.0fc5 ARPA Vlan1 Internet 192.168.100.17 14 0030.4866.1528 ARPA Vlan1 Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 08d0.9f69.2200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 08d0.9f69.2200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/8 Desg FWD 100 128.8 Shr Fa0/9 Desg FWD 19 128.9 P2p Fa0/13 Desg FWD 19 128.13 P2p Fa0/14 Desg FWD 19 128.14 P2p Fa0/15 Desg FWD 19 128.15 P2p Fa0/17 Desg FWD 100 128.17 Shr Fa0/19 Desg FWD 19 128.19 P2p Fa0/22 Desg FWD 100 128.22 P2p Fa0/23 Desg FWD 19 128.23 P2p Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/24 Desg FWD 19 128.24 P2p Gi0/1 Desg FWD 4 128.25 P2p VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 08d0.9f69.2200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 08d0.9f69.2200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p Fa0/3 Desg FWD 19 128.3 P2p |
Re: Cisco 2960 routing between vlans
In article <ecfa1432-e898-48f4-b321-70d59dbfbd8b@googlegroups.com>,
sky <c320sky@gmail.com> wrote: > On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote: > > Your config seems to be missing the vlan database commands or its > > modern equivilent. But this model should have auto-created those for > > you when you tagged ports being assigned in the vlans? You can try > > doing that by hand. > > > > vlan 1,2 > > After typing vlan 1 what commands do I need to type? Usually nothing. In software that I'm familiar with that would be needed to create the VLANs, though I'd typically give them a name: my-box(config)#vlan 2 my-box(config-vlan)#name Office-LAN Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. |
Re: Cisco 2960 routing between vlans
In article <528da759-3aee-4bc9-99c1-df9917db018d@googlegroups.com>,
sky <c320sky@gmail.com> wrote: > On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote: > > In article <4fffbb76$0$74854$8046368a@newsreader.iphouse.n et>, > > Doug McIntyre <merlyn@geeks.org> wrote: > > > > > sky writes: > > > >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, > > > >it doesn't work. > > > > > > And the PC is staticly configured for 192.168.100.2 as its IP address? > > > Does it have a software firewall blocking pings? (like most windows > > > now do?) Can it ping the switch? > > > > > > Is ip routing running on the switch? Can you do a 'show ip route'? > > > > > > Your config seems to be missing the vlan database commands or its > > > modern equivilent. But this model should have auto-created those for > > > you when you tagged ports being assigned in the vlans? You can try > > > doing that by hand. > > > > > > vlan 1,2 > > > > 'show vlan id 1' and 'show vlan id 2' would be useful, as > > would 'show ip > > arp' and 'show spanning-tree'. > > [snip included output] That all looks healthy. I forgot to ask for 'show mac-address-table' and 'show protocols' but I don't think they're going to show any problems. The 'show arp' shows that the ARP packets are getting between the PC and the switch so there's no basic problem. I echo Doug's question - can you ping the switch from the PC? Many PCs these days don't respond to ping be default. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. |
Re: Cisco 2960 routing between vlans
On Thursday, July 12, 2012 8:02:32 PM UTC-4, sky wrote:
> Switch is a Cisco 2960-24TC IOS 150-1.SE1 > > First let me say this switch is suppose to do layer 3 routing, which I've enabled with: > > Switch(config)#sdm prefer lanbase-routing > > I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans. > > Here I'm pinging from vlan2 to vlan1 and it works > > Switch#ping > Protocol [ip]: > Target IP address: 192.168.100.1 > Repeat count [5]: > Datagram size [100]: > Timeout in seconds [2]: > Extended commands [n]: y > Source address or interface: vlan2 > Type of service [0]: > Set DF bit in IP header? [no]: > Validate reply data? [no]: > Data pattern [0xABCD]: > Loose, Strict, Record, Timestamp, Verbose[none]: > Sweep range of sizes [n]: > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds: > Packet sent with a source address of 10.5.60.14 > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms > > > Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work. > > Switch#ping > Protocol [ip]: > Target IP address: 192.168.100.2 > Repeat count [5]: > Datagram size [100]: > Timeout in seconds [2]: > Extended commands [n]: y > Source address or interface: vlan2 > Type of service [0]: > Set DF bit in IP header? [no]: > Validate reply data? [no]: > Data pattern [0xABCD]: > Loose, Strict, Record, Timestamp, Verbose[none]: > Sweep range of sizes [n]: > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds: > Packet sent with a source address of 10.5.60.14 > ..... > Success rate is 0 percent (0/5) > > > Here is the config > > ! > aaa session-id common > system mtu routing 1500 > ip routing > ! > ! > mls qos > ! > ! > spanning-tree mode pvst > spanning-tree extend system-id > ! > vlan internal allocation policy ascending > ! > ! > interface FastEthernet0/1 > switchport access vlan 2 > ! > interface FastEthernet0/2 > switchport access vlan 2 > ! > interface FastEthernet0/3 > ! > interface FastEthernet0/4 > ! > interface FastEthernet0/5 > ! > interface FastEthernet0/6 > ! > interface FastEthernet0/7 > ! > interface FastEthernet0/8 > ! > interface FastEthernet0/9 > ! > interface FastEthernet0/10 > ! > interface FastEthernet0/11 > ! > interface FastEthernet0/12 > ! > interface FastEthernet0/13 > ! > interface FastEthernet0/14 > ! > interface FastEthernet0/15 > ! > interface FastEthernet0/16 > ! > interface FastEthernet0/17 > ! > interface FastEthernet0/18 > ! > interface FastEthernet0/19 > ! > interface FastEthernet0/20 > ! > interface FastEthernet0/21 > ! > interface FastEthernet0/22 > ! > interface FastEthernet0/23 > ! > interface FastEthernet0/24 > ! > interface GigabitEthernet0/1 > ! > interface GigabitEthernet0/2 > ! > interface Vlan1 > ip address 192.168.100.1 255.255.255.0 > ! > interface Vlan2 > ip address 10.5.60.14 255.255.255.192 > ! > ! > ip http server > ip http secure-server > logging esm config > ! > ! I was missing the default gateway on the PC's pointing to the switch, added that and it works now. |
Re: Cisco 2960 routing between vlans
In article <69f546fe-8f4a-4117-b6e0-4d0cae041c00@googlegroups.com>,
sky <c320sky@gmail.com> wrote: > I was missing the default gateway on the PC's pointing to the switch, added > that and it works now. Ha! Too obvious! Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. |
Re: Cisco 2960 routing between vlans
On Friday, July 13, 2012 10:31:52 AM UTC-5, Sam Wilson wrote:
> In article <69f546fe-8f4a-4117-b6e0-4d0cae041c00@googlegroups.com>, > sky <c320sky@gmail.com> wrote: > > > I was missing the default gateway on the PC's pointing to the switch, added > > that and it works now. > > Ha! Too obvious! > > Sam > > -- > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. Just curious, the 2960 line of switches are layer 2 devices. http://www.cisco.com/en/US/prod/coll...d806b0bd8.html How are you getting a layer 2 switch to route? I see the IS-IS routing in the show ip route listed. The 2960 line of switches are a lot cheaper than the 3560's due to the lack of layer 3 support (and a few other feature sets). |
| All times are GMT. The time now is 04:44 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.