Cisco 2960 routing between vlans

Discussion in 'Cisco' started by sky, Jul 13, 2012.

  1. sky

    sky Guest

    Switch is a Cisco 2960-24TC IOS 150-1.SE1

    First let me say this switch is suppose to do layer 3 routing, which I've enabled with:

    Switch(config)#sdm prefer lanbase-routing

    I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.

    Here I'm pinging from vlan2 to vlan1 and it works

    Switch#ping
    Protocol [ip]:
    Target IP address: 192.168.100.1
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: vlan2
    Type of service [0]:
    Set DF bit in IP header? [no]:
    Validate reply data? [no]:
    Data pattern [0xABCD]:
    Loose, Strict, Record, Timestamp, Verbose[none]:
    Sweep range of sizes [n]:
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
    Packet sent with a source address of 10.5.60.14
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


    Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.

    Switch#ping
    Protocol [ip]:
    Target IP address: 192.168.100.2
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: vlan2
    Type of service [0]:
    Set DF bit in IP header? [no]:
    Validate reply data? [no]:
    Data pattern [0xABCD]:
    Loose, Strict, Record, Timestamp, Verbose[none]:
    Sweep range of sizes [n]:
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
    Packet sent with a source address of 10.5.60.14
    ......
    Success rate is 0 percent (0/5)


    Here is the config

    !
    aaa session-id common
    system mtu routing 1500
    ip routing
    !
    !
    mls qos
    !
    !
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    !
    interface FastEthernet0/1
    switchport access vlan 2
    !
    interface FastEthernet0/2
    switchport access vlan 2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    ip address 192.168.100.1 255.255.255.0
    !
    interface Vlan2
    ip address 10.5.60.14 255.255.255.192
    !
    !
    ip http server
    ip http secure-server
    logging esm config
    !
    !
    sky, Jul 13, 2012
    #1
    1. Advertising

  2. sky <> writes:
    >Switch is a Cisco 2960-24TC IOS 150-1.SE1


    First off, I'd stay away from having anything in Vlan1 if you are
    configing extra VLANs, move everything into new vlans away from Vlan1..
    Leave that as your wasteland.

    >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.


    And the PC is staticly configured for 192.168.100.2 as its IP address?
    Does it have a software firewall blocking pings? (like most windows
    now do?) Can it ping the switch?

    Is ip routing running on the switch? Can you do a 'show ip route'?

    Your config seems to be missing the vlan database commands or its
    modern equivilent. But this model should have auto-created those for
    you when you tagged ports being assigned in the vlans? You can try
    doing that by hand.

    vlan 1,2
    Doug McIntyre, Jul 13, 2012
    #2
    1. Advertising

  3. sky

    Sam Wilson Guest

    In article <4fffbb76$0$74854$>,
    Doug McIntyre <> wrote:

    > sky <> writes:
    > >Switch is a Cisco 2960-24TC IOS 150-1.SE1

    >
    > First off, I'd stay away from having anything in Vlan1 if you are
    > configing extra VLANs, move everything into new vlans away from Vlan1..
    > Leave that as your wasteland.


    Definitely.

    > >Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
    > >it doesn't work.

    >
    > And the PC is staticly configured for 192.168.100.2 as its IP address?
    > Does it have a software firewall blocking pings? (like most windows
    > now do?) Can it ping the switch?
    >
    > Is ip routing running on the switch? Can you do a 'show ip route'?
    >
    > Your config seems to be missing the vlan database commands or its
    > modern equivilent. But this model should have auto-created those for
    > you when you tagged ports being assigned in the vlans? You can try
    > doing that by hand.
    >
    > vlan 1,2


    'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip
    arp' and 'show spanning-tree'.

    Sam

    --
    The University of Edinburgh is a charitable body, registered in
    Scotland, with registration number SC005336.
    Sam Wilson, Jul 13, 2012
    #3
  4. sky

    sky Guest

    On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote:
    > sky writes:
    > &gt;Switch is a Cisco 2960-24TC IOS 150-1.SE1
    >
    > First off, I'd stay away from having anything in Vlan1 if you are
    > configing extra VLANs, move everything into new vlans away from Vlan1..
    > Leave that as your wasteland.
    >
    > &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.
    >
    > And the PC is staticly configured for 192.168.100.2 as its IP address?
    > Does it have a software firewall blocking pings? (like most windows
    > now do?) Can it ping the switch?


    Yes statically assigned, it's a Linux box and is not blocking pings, it can ping the switch vlan1, but not vlan2.

    >
    > Is ip routing running on the switch? Can you do a 'show ip route'?


    Switch#show ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static route
    o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
    + - replicated route, % - next hop override

    Gateway of last resort is not set

    10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C 10.5.60.0/26 is directly connected, Vlan2
    L 10.5.60.14/32 is directly connected, Vlan2
    192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
    C 192.168.100.0/24 is directly connected, Vlan1
    L 192.168.100.1/32 is directly connected, Vlan1


    >
    > Your config seems to be missing the vlan database commands or its
    > modern equivilent. But this model should have auto-created those for
    > you when you tagged ports being assigned in the vlans? You can try
    > doing that by hand.
    >
    > vlan 1,2


    After typing vlan 1 what commands do I need to type?
    sky, Jul 13, 2012
    #4
  5. sky

    sky Guest

    On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote:
    > In article &lt;4fffbb76$0$74854$&gt;,
    > Doug McIntyre &lt;&gt; wrote:
    >
    > &gt; sky writes:
    > &gt; &gt;Switch is a Cisco 2960-24TC IOS 150-1.SE1
    > &gt;
    > &gt; First off, I'd stay away from having anything in Vlan1 if you are
    > &gt; configing extra VLANs, move everything into new vlans away from Vlan1..
    > &gt; Leave that as your wasteland.
    >
    > Definitely.
    >
    > &gt; &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
    > &gt; &gt;it doesn't work.
    > &gt;
    > &gt; And the PC is staticly configured for 192.168.100.2 as its IP address?
    > &gt; Does it have a software firewall blocking pings? (like most windows
    > &gt; now do?) Can it ping the switch?
    > &gt;
    > &gt; Is ip routing running on the switch? Can you do a 'show ip route'?
    > &gt;
    > &gt; Your config seems to be missing the vlan database commands or its
    > &gt; modern equivilent. But this model should have auto-created those for
    > &gt; you when you tagged ports being assigned in the vlans? You can try
    > &gt; doing that by hand.
    > &gt;
    > &gt; vlan 1,2
    >
    > 'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip
    > arp' and 'show spanning-tree'.
    >
    > Sam
    >
    > --
    > The University of Edinburgh is a charitable body, registered in
    > Scotland, with registration number SC005336.


    Switch#show vlan id 1

    VLAN Name Status Ports
    ---- -------------------------------- --------- -------------------------------
    1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
    Fa0/8, Fa0/9, Fa0/10, Fa0/11
    Fa0/12, Fa0/13, Fa0/14, Fa0/15
    Fa0/16, Fa0/17, Fa0/18, Fa0/19
    Fa0/20, Fa0/21, Fa0/22, Fa0/23
    Fa0/24, Gi0/1, Gi0/2

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1 enet 100001 1500 - - - - - 0 0

    Remote SPAN VLAN
    ----------------
    Disabled

    Primary Secondary Type Ports
    ------- --------- ----------------- ------------------------------------------

    Switch#show vlan id 2

    VLAN Name Status Ports
    ---- -------------------------------- --------- -------------------------------
    2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    2 enet 100002 1500 - - - - - 0 0

    Remote SPAN VLAN
    ----------------
    Disabled

    Primary Secondary Type Ports
    ------- --------- ----------------- ------------------------------------------


    Switch#show ip arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 10.5.60.14 - 08d0.9f69.2245 ARPA Vlan2
    Internet 10.5.60.16 4 0027.0e0a.a23e ARPA Vlan2
    Internet 192.168.100.1 - 08d0.9f69.2260 ARPA Vlan1
    Internet 192.168.100.2 162 0004.2722.0fc5 ARPA Vlan1
    Internet 192.168.100.17 14 0030.4866.1528 ARPA Vlan1


    Switch#show spanning-tree

    VLAN0001
    Spanning tree enabled protocol ieee
    Root ID Priority 32769
    Address 08d0.9f69.2200
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
    Address 08d0.9f69.2200
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300 sec

    Interface Role Sts Cost Prio.Nbr Type
    ------------------- ---- --- --------- -------- --------------------------------
    Fa0/8 Desg FWD 100 128.8 Shr
    Fa0/9 Desg FWD 19 128.9 P2p
    Fa0/13 Desg FWD 19 128.13 P2p
    Fa0/14 Desg FWD 19 128.14 P2p
    Fa0/15 Desg FWD 19 128.15 P2p
    Fa0/17 Desg FWD 100 128.17 Shr
    Fa0/19 Desg FWD 19 128.19 P2p
    Fa0/22 Desg FWD 100 128.22 P2p
    Fa0/23 Desg FWD 19 128.23 P2p

    Interface Role Sts Cost Prio.Nbr Type
    ------------------- ---- --- --------- -------- --------------------------------

    Fa0/24 Desg FWD 19 128.24 P2p
    Gi0/1 Desg FWD 4 128.25 P2p



    VLAN0002
    Spanning tree enabled protocol ieee
    Root ID Priority 32770
    Address 08d0.9f69.2200
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
    Address 08d0.9f69.2200
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300 sec

    Interface Role Sts Cost Prio.Nbr Type
    ------------------- ---- --- --------- -------- --------------------------------
    Fa0/1 Desg FWD 19 128.1 P2p
    Fa0/2 Desg FWD 19 128.2 P2p
    Fa0/3 Desg FWD 19 128.3 P2p
    sky, Jul 13, 2012
    #5
  6. sky

    Sam Wilson Guest

    In article <>,
    sky <> wrote:

    > On Friday, July 13, 2012 2:08:54 AM UTC-4, Doug McIntyre wrote:
    > > Your config seems to be missing the vlan database commands or its
    > > modern equivilent. But this model should have auto-created those for
    > > you when you tagged ports being assigned in the vlans? You can try
    > > doing that by hand.
    > >
    > > vlan 1,2

    >
    > After typing vlan 1 what commands do I need to type?


    Usually nothing. In software that I'm familiar with that would be
    needed to create the VLANs, though I'd typically give them a name:

    my-box(config)#vlan 2
    my-box(config-vlan)#name Office-LAN

    Sam

    --
    The University of Edinburgh is a charitable body, registered in
    Scotland, with registration number SC005336.
    Sam Wilson, Jul 13, 2012
    #6
  7. sky

    Sam Wilson Guest

    In article <>,
    sky <> wrote:

    > On Friday, July 13, 2012 5:51:05 AM UTC-4, Sam Wilson wrote:
    > > In article &lt;4fffbb76$0$74854$&gt;,
    > > Doug McIntyre &lt;&gt; wrote:
    > >
    > > &gt; sky writes:
    > > &gt; &gt;Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port,
    > > &gt; &gt;it doesn't work.
    > > &gt;
    > > &gt; And the PC is staticly configured for 192.168.100.2 as its IP address?
    > > &gt; Does it have a software firewall blocking pings? (like most windows
    > > &gt; now do?) Can it ping the switch?
    > > &gt;
    > > &gt; Is ip routing running on the switch? Can you do a 'show ip route'?
    > > &gt;
    > > &gt; Your config seems to be missing the vlan database commands or its
    > > &gt; modern equivilent. But this model should have auto-created those for
    > > &gt; you when you tagged ports being assigned in the vlans? You can try
    > > &gt; doing that by hand.
    > > &gt;
    > > &gt; vlan 1,2
    > >
    > > 'show vlan id 1' and 'show vlan id 2' would be useful, as
    > > would 'show ip
    > > arp' and 'show spanning-tree'.

    >
    > [snip included output]


    That all looks healthy. I forgot to ask for 'show mac-address-table'
    and 'show protocols' but I don't think they're going to show any
    problems. The 'show arp' shows that the ARP packets are getting between
    the PC and the switch so there's no basic problem. I echo Doug's
    question - can you ping the switch from the PC? Many PCs these days
    don't respond to ping be default.

    Sam

    --
    The University of Edinburgh is a charitable body, registered in
    Scotland, with registration number SC005336.
    Sam Wilson, Jul 13, 2012
    #7
  8. sky

    sky Guest

    On Thursday, July 12, 2012 8:02:32 PM UTC-4, sky wrote:
    > Switch is a Cisco 2960-24TC IOS 150-1.SE1
    >
    > First let me say this switch is suppose to do layer 3 routing, which I've enabled with:
    >
    > Switch(config)#sdm prefer lanbase-routing
    >
    > I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.
    >
    > Here I'm pinging from vlan2 to vlan1 and it works
    >
    > Switch#ping
    > Protocol [ip]:
    > Target IP address: 192.168.100.1
    > Repeat count [5]:
    > Datagram size [100]:
    > Timeout in seconds [2]:
    > Extended commands [n]: y
    > Source address or interface: vlan2
    > Type of service [0]:
    > Set DF bit in IP header? [no]:
    > Validate reply data? [no]:
    > Data pattern [0xABCD]:
    > Loose, Strict, Record, Timestamp, Verbose[none]:
    > Sweep range of sizes [n]:
    > Type escape sequence to abort.
    > Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
    > Packet sent with a source address of 10.5.60.14
    > !!!!!
    > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
    >
    >
    > Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.
    >
    > Switch#ping
    > Protocol [ip]:
    > Target IP address: 192.168.100.2
    > Repeat count [5]:
    > Datagram size [100]:
    > Timeout in seconds [2]:
    > Extended commands [n]: y
    > Source address or interface: vlan2
    > Type of service [0]:
    > Set DF bit in IP header? [no]:
    > Validate reply data? [no]:
    > Data pattern [0xABCD]:
    > Loose, Strict, Record, Timestamp, Verbose[none]:
    > Sweep range of sizes [n]:
    > Type escape sequence to abort.
    > Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
    > Packet sent with a source address of 10.5.60.14
    > .....
    > Success rate is 0 percent (0/5)
    >
    >
    > Here is the config
    >
    > !
    > aaa session-id common
    > system mtu routing 1500
    > ip routing
    > !
    > !
    > mls qos
    > !
    > !
    > spanning-tree mode pvst
    > spanning-tree extend system-id
    > !
    > vlan internal allocation policy ascending
    > !
    > !
    > interface FastEthernet0/1
    > switchport access vlan 2
    > !
    > interface FastEthernet0/2
    > switchport access vlan 2
    > !
    > interface FastEthernet0/3
    > !
    > interface FastEthernet0/4
    > !
    > interface FastEthernet0/5
    > !
    > interface FastEthernet0/6
    > !
    > interface FastEthernet0/7
    > !
    > interface FastEthernet0/8
    > !
    > interface FastEthernet0/9
    > !
    > interface FastEthernet0/10
    > !
    > interface FastEthernet0/11
    > !
    > interface FastEthernet0/12
    > !
    > interface FastEthernet0/13
    > !
    > interface FastEthernet0/14
    > !
    > interface FastEthernet0/15
    > !
    > interface FastEthernet0/16
    > !
    > interface FastEthernet0/17
    > !
    > interface FastEthernet0/18
    > !
    > interface FastEthernet0/19
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > !
    > interface FastEthernet0/22
    > !
    > interface FastEthernet0/23
    > !
    > interface FastEthernet0/24
    > !
    > interface GigabitEthernet0/1
    > !
    > interface GigabitEthernet0/2
    > !
    > interface Vlan1
    > ip address 192.168.100.1 255.255.255.0
    > !
    > interface Vlan2
    > ip address 10.5.60.14 255.255.255.192
    > !
    > !
    > ip http server
    > ip http secure-server
    > logging esm config
    > !
    > !


    I was missing the default gateway on the PC's pointing to the switch, added that and it works now.
    sky, Jul 13, 2012
    #8
  9. sky

    Sam Wilson Guest

    In article <>,
    sky <> wrote:

    > I was missing the default gateway on the PC's pointing to the switch, added
    > that and it works now.


    Ha! Too obvious!

    Sam

    --
    The University of Edinburgh is a charitable body, registered in
    Scotland, with registration number SC005336.
    Sam Wilson, Jul 13, 2012
    #9
  10. sky

    born2frag Guest

    On Friday, July 13, 2012 10:31:52 AM UTC-5, Sam Wilson wrote:
    > In article &lt;&gt;,
    > sky &lt;&gt; wrote:
    >
    > &gt; I was missing the default gateway on the PC's pointing to the switch, added
    > &gt; that and it works now.
    >
    > Ha! Too obvious!
    >
    > Sam
    >
    > --
    > The University of Edinburgh is a charitable body, registered in
    > Scotland, with registration number SC005336.


    Just curious, the 2960 line of switches are layer 2 devices.
    http://www.cisco.com/en/US/prod/col...s6406/product_data_sheet0900aecd806b0bd8.html

    How are you getting a layer 2 switch to route?
    I see the IS-IS routing in the show ip route listed.

    The 2960 line of switches are a lot cheaper than the 3560's due to the lack of layer 3 support (and a few other feature sets).
    born2frag, Jul 25, 2012
    #10
  11. born2frag <> writes:
    >Just curious, the 2960 line of switches are layer 2 devices.
    >http://www.cisco.com/en/US/prod/col...s6406/product_data_sheet0900aecd806b0bd8.html


    >How are you getting a layer 2 switch to route?
    >I see the IS-IS routing in the show ip route listed.


    >The 2960 line of switches are a lot cheaper than the 3560's due to the lack of layer 3 support (and a few other feature sets).



    2960 switches offer "basic Layer 3 static routing with 16 routes"..
    http://www.cisco.com/en/US/products/ps6406/index.html

    and no dynamic routing protocols.
    Requires such-and-such IOS version, not original version that shipped
    when first released.
    Doug McIntyre, Jul 25, 2012
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ori
    Replies:
    12
    Views:
    11,957
    Kenny D
    Dec 4, 2003
  2. zher
    Replies:
    2
    Views:
    8,865
  3. J
    Replies:
    0
    Views:
    665
  4. JF Mezei

    871W: Routing between VLANs

    JF Mezei, Nov 29, 2009, in forum: Cisco
    Replies:
    4
    Views:
    3,080
    Curtis Starnes
    Dec 28, 2009
  5. Rainer Bläs
    Replies:
    2
    Views:
    1,549
    Rainer Bläs
    Jun 9, 2011
Loading...

Share This Page