«

Switch is a Cisco 2960-24TC IOS 150-1.SE1

First let me say this switch is suppose to do layer 3 routing, which I've enabled with:

Switch(config)#sdm prefer lanbase-routing

I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.

Here I'm pinging from vlan2 to vlan1 and it works

Switch#ping
Protocol [ip]:
Target IP address: 192.168.100.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: vlan2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
Packet sent with a source address of 10.5.60.14
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.

Switch#ping
Protocol [ip]:
Target IP address: 192.168.100.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: vlan2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
Packet sent with a source address of 10.5.60.14
......
Success rate is 0 percent (0/5)


Here is the config

!
aaa session-id common
system mtu routing 1500
ip routing
!
!
mls qos
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.100.1 255.255.255.0
!
interface Vlan2
ip address 10.5.60.14 255.255.255.192
!
!
ip http server
ip http secure-server
logging esm config
!
!

sky <> writes:
>Switch is a Cisco 2960-24TC IOS 150-1.SE1

First off, I'd stay away from having anything in Vlan1 if you are
configing extra VLANs, move everything into new vlans away from Vlan1..
Leave that as your wasteland.

>Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.

And the PC is staticly configured for 192.168.100.2 as its IP address?
Does it have a software firewall blocking pings? (like most windows
now do?) Can it ping the switch?

Is ip routing running on the switch? Can you do a 'show ip route'?

Your config seems to be missing the vlan database commands or its
modern equivilent. But this model should have auto-created those for
you when you tagged ports being assigned in the vlans? You can try
doing that by hand.

vlan 1,2

In article <4fffbb76$0$74854$> ,
Doug McIntyre <> wrote:

> sky <> writes:
> >Switch is a Cisco 2960-24TC IOS 150-1.SE1
>
> First off, I'd stay away from having anything in Vlan1 if you are
> configing extra VLANs, move everything into new vlans away from Vlan1..
> Leave that as your wasteland.

Definitely.

> >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
> >it doesn't work.
>
> And the PC is staticly configured for 192.168.100.2 as its IP address?
> Does it have a software firewall blocking pings? (like most windows
> now do?) Can it ping the switch?
>
> Is ip routing running on the switch? Can you do a 'show ip route'?
>
> Your config seems to be missing the vlan database commands or its
> modern equivilent. But this model should have auto-created those for
> you when you tagged ports being assigned in the vlans? You can try
> doing that by hand.
>
> vlan 1,2

'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip
arp' and 'show spanning-tree'.

Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote:
> sky writes:
> &gt;Switch is a Cisco 2960-24TC IOS 150-1.SE1
>
> First off, I'd stay away from having anything in Vlan1 if you are
> configing extra VLANs, move everything into new vlans away from Vlan1..
> Leave that as your wasteland.
>
> &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.
>
> And the PC is staticly configured for 192.168.100.2 as its IP address?
> Does it have a software firewall blocking pings? (like most windows
> now do?) Can it ping the switch?

Yes statically assigned, it's a Linux box and is not blocking pings, it can ping the switch vlan1, but not vlan2.

>
> Is ip routing running on the switch? Can you do a 'show ip route'?

Switch#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.5.60.0/26 is directly connected, Vlan2
L 10.5.60.14/32 is directly connected, Vlan2
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan1
L 192.168.100.1/32 is directly connected, Vlan1


>
> Your config seems to be missing the vlan database commands or its
> modern equivilent. But this model should have auto-created those for
> you when you tagged ports being assigned in the vlans? You can try
> doing that by hand.
>
> vlan 1,2

After typing vlan 1 what commands do I need to type?

On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote:
> In article &lt;4fffbb76$0$74854$ et&gt;,
> Doug McIntyre &lt;&gt; wrote:
>
> &gt; sky writes:
> &gt; &gt;Switch is a Cisco 2960-24TC IOS 150-1.SE1
> &gt;
> &gt; First off, I'd stay away from having anything in Vlan1 if you are
> &gt; configing extra VLANs, move everything into new vlans away from Vlan1..
> &gt; Leave that as your wasteland.
>
> Definitely.
>
> &gt; &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
> &gt; &gt;it doesn't work.
> &gt;
> &gt; And the PC is staticly configured for 192.168.100.2 as its IP address?
> &gt; Does it have a software firewall blocking pings? (like most windows
> &gt; now do?) Can it ping the switch?
> &gt;
> &gt; Is ip routing running on the switch? Can you do a 'show ip route'?
> &gt;
> &gt; Your config seems to be missing the vlan database commands or its
> &gt; modern equivilent. But this model should have auto-created those for
> &gt; you when you tagged ports being assigned in the vlans? You can try
> &gt; doing that by hand.
> &gt;
> &gt; vlan 1,2
>
> 'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip
> arp' and 'show spanning-tree'.
>
> Sam
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.

Switch#show vlan id 1

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Switch#show vlan id 2

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------


Switch#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.5.60.14 - 08d0.9f69.2245 ARPA Vlan2
Internet 10.5.60.16 4 0027.0e0a.a23e ARPA Vlan2
Internet 192.168.100.1 - 08d0.9f69.2260 ARPA Vlan1
Internet 192.168.100.2 162 0004.2722.0fc5 ARPA Vlan1
Internet 192.168.100.17 14 0030.4866.1528 ARPA Vlan1


Switch#show spanning-tree

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 08d0.9f69.2200
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 08d0.9f69.2200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/8 Desg FWD 100 128.8 Shr
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/14 Desg FWD 19 128.14 P2p
Fa0/15 Desg FWD 19 128.15 P2p
Fa0/17 Desg FWD 100 128.17 Shr
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/22 Desg FWD 100 128.22 P2p
Fa0/23 Desg FWD 19 128.23 P2p

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------

Fa0/24 Desg FWD 19 128.24 P2p
Gi0/1 Desg FWD 4 128.25 P2p



VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 08d0.9f69.2200
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 08d0.9f69.2200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p

In article <ecfa1432-e898-48f4-b321->,
sky <> wrote:

> On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote:
> > Your config seems to be missing the vlan database commands or its
> > modern equivilent. But this model should have auto-created those for
> > you when you tagged ports being assigned in the vlans? You can try
> > doing that by hand.
> >
> > vlan 1,2
>
> After typing vlan 1 what commands do I need to type?

Usually nothing. In software that I'm familiar with that would be
needed to create the VLANs, though I'd typically give them a name:

my-box(config)#vlan 2
my-box(config-vlan)#name Office-LAN

Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

In article <528da759-3aee-4bc9-99c1->,
sky <> wrote:

> On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote:
> > In article &lt;4fffbb76$0$74854$ et&gt;,
> > Doug McIntyre &lt;&gt; wrote:
> >
> > &gt; sky writes:
> > &gt; &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
> > &gt; &gt;it doesn't work.
> > &gt;
> > &gt; And the PC is staticly configured for 192.168.100.2 as its IP address?
> > &gt; Does it have a software firewall blocking pings? (like most windows
> > &gt; now do?) Can it ping the switch?
> > &gt;
> > &gt; Is ip routing running on the switch? Can you do a 'show ip route'?
> > &gt;
> > &gt; Your config seems to be missing the vlan database commands or its
> > &gt; modern equivilent. But this model should have auto-created those for
> > &gt; you when you tagged ports being assigned in the vlans? You can try
> > &gt; doing that by hand.
> > &gt;
> > &gt; vlan 1,2
> >
> > 'show vlan id 1' and 'show vlan id 2' would be useful, as
> > would 'show ip
> > arp' and 'show spanning-tree'.
>
> [snip included output]

That all looks healthy. I forgot to ask for 'show mac-address-table'
and 'show protocols' but I don't think they're going to show any
problems. The 'show arp' shows that the ARP packets are getting between
the PC and the switch so there's no basic problem. I echo Doug's
question - can you ping the switch from the PC? Many PCs these days
don't respond to ping be default.

Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

On Thursday, July 12, 2012 8:02:32 PM UTC-4, sky wrote:
> Switch is a Cisco 2960-24TC IOS 150-1.SE1
>
> First let me say this switch is suppose to do layer 3 routing, which I've enabled with:
>
> Switch(config)#sdm prefer lanbase-routing
>
> I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.
>
> Here I'm pinging from vlan2 to vlan1 and it works
>
> Switch#ping
> Protocol [ip]:
> Target IP address: 192.168.100.1
> Repeat count [5]:
> Datagram size [100]:
> Timeout in seconds [2]:
> Extended commands [n]: y
> Source address or interface: vlan2
> Type of service [0]:
> Set DF bit in IP header? [no]:
> Validate reply data? [no]:
> Data pattern [0xABCD]:
> Loose, Strict, Record, Timestamp, Verbose[none]:
> Sweep range of sizes [n]:
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
> Packet sent with a source address of 10.5.60.14
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
>
>
> Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.
>
> Switch#ping
> Protocol [ip]:
> Target IP address: 192.168.100.2
> Repeat count [5]:
> Datagram size [100]:
> Timeout in seconds [2]:
> Extended commands [n]: y
> Source address or interface: vlan2
> Type of service [0]:
> Set DF bit in IP header? [no]:
> Validate reply data? [no]:
> Data pattern [0xABCD]:
> Loose, Strict, Record, Timestamp, Verbose[none]:
> Sweep range of sizes [n]:
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
> Packet sent with a source address of 10.5.60.14
> .....
> Success rate is 0 percent (0/5)
>
>
> Here is the config
>
> !
> aaa session-id common
> system mtu routing 1500
> ip routing
> !
> !
> mls qos
> !
> !
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> vlan internal allocation policy ascending
> !
> !
> interface FastEthernet0/1
> switchport access vlan 2
> !
> interface FastEthernet0/2
> switchport access vlan 2
> !
> interface FastEthernet0/3
> !
> interface FastEthernet0/4
> !
> interface FastEthernet0/5
> !
> interface FastEthernet0/6
> !
> interface FastEthernet0/7
> !
> interface FastEthernet0/8
> !
> interface FastEthernet0/9
> !
> interface FastEthernet0/10
> !
> interface FastEthernet0/11
> !
> interface FastEthernet0/12
> !
> interface FastEthernet0/13
> !
> interface FastEthernet0/14
> !
> interface FastEthernet0/15
> !
> interface FastEthernet0/16
> !
> interface FastEthernet0/17
> !
> interface FastEthernet0/18
> !
> interface FastEthernet0/19
> !
> interface FastEthernet0/20
> !
> interface FastEthernet0/21
> !
> interface FastEthernet0/22
> !
> interface FastEthernet0/23
> !
> interface FastEthernet0/24
> !
> interface GigabitEthernet0/1
> !
> interface GigabitEthernet0/2
> !
> interface Vlan1
> ip address 192.168.100.1 255.255.255.0
> !
> interface Vlan2
> ip address 10.5.60.14 255.255.255.192
> !
> !
> ip http server
> ip http secure-server
> logging esm config
> !
> !

I was missing the default gateway on the PC's pointing to the switch, added that and it works now.

In article <69f546fe-8f4a-4117-b6e0->,
sky <> wrote:

> I was missing the default gateway on the PC's pointing to the switch, added
> that and it works now.

Ha! Too obvious!

Sam

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

On Friday, July 13, 2012 10:31:52 AM UTC-5, Sam Wilson wrote:
> In article &lt;69f546fe-8f4a-4117-b6e0-&gt;,
> sky &lt;&gt; wrote:
>
> &gt; I was missing the default gateway on the PC's pointing to the switch, added
> &gt; that and it works now.
>
> Ha! Too obvious!
>
> Sam
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.

Just curious, the 2960 line of switches are layer 2 devices.
http://www.cisco.com/en/US/prod/coll...d806b0bd8.html

How are you getting a layer 2 switch to route?
I see the IS-IS routing in the show ip route listed.

The 2960 line of switches are a lot cheaper than the 3560's due to the lack of layer 3 support (and a few other feature sets).