1. Home
  2. Cisco Systems
  3. Cisco 2960 routing between vlans

Cisco 2960 routing between vlans

Switch is a Cisco 2960-24TC IOS 150-1.SE1

First let me say this switch is suppose to do layer 3 routing, which I've enabled with:

Switch(config)#sdm prefer lanbase-routing

I have two vlans setup vlan1 and vlan2 and I want to be able to route between them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.

Here I'm pinging from vlan2 to vlan1 and it works

Switch#ping Protocol [ip]: Target IP address: 192.168.100.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: vlan2 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds: Packet sent with a source address of 10.5.60.14 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Now if I try to ping 192.168.100.2 which is a PC on a vlan1 ethernet port, it doesn't work.

Switch#ping Protocol [ip]: Target IP address: 192.168.100.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: vlan2 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds: Packet sent with a source address of 10.5.60.14 ..... Success rate is 0 percent (0/5)

Here is the config

! aaa session-id common system mtu routing 1500 ip routing ! ! mls qos ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface FastEthernet0/1 switchport access vlan 2 ! interface FastEthernet0/2 switchport access vlan 2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.100.1 255.255.255.0 ! interface Vlan2 ip address 10.5.60.14 255.255.255.192 ! ! ip http server ip http secure-server logging esm config ! !

Reply to
sky
Loading thread data ...

First off, I'd stay away from having anything in Vlan1 if you are configing extra VLANs, move everything into new vlans away from Vlan1.. Leave that as your wasteland.

doesn't work.

And the PC is staticly configured for 192.168.100.2 as its IP address? Does it have a software firewall blocking pings? (like most windows now do?) Can it ping the switch?

Is ip routing running on the switch? Can you do a 'show ip route'?

Your config seems to be missing the vlan database commands or its modern equivilent. But this model should have auto-created those for you when you tagged ports being assigned in the vlans? You can try doing that by hand.

vlan 1,2

Reply to
Doug McIntyre

Definitely.

'show vlan id 1' and 'show vlan id 2' would be useful, as would 'show ip arp' and 'show spanning-tree'.

Sam

Reply to
Sam Wilson

it doesn't work.

Yes statically assigned, it's a Linux box and is not blocking pings, it can ping the switch vlan1, but not vlan2.

Switch#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.5.60.0/26 is directly connected, Vlan2 L 10.5.60.14/32 is directly connected, Vlan2 192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.100.0/24 is directly connected, Vlan1 L 192.168.100.1/32 is directly connected, Vlan1

After typing vlan 1 what commands do I need to type?

Reply to
sky

would 'show ip

Switch#show vlan id 1

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

Remote SPAN VLAN

---------------- Disabled

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Switch#show vlan id 2

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

2 enet 100002 1500 - - - - - 0 0

Remote SPAN VLAN

---------------- Disabled

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Switch#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.5.60.14 - 08d0.9f69.2245 ARPA Vlan2 Internet 10.5.60.16 4 0027.0e0a.a23e ARPA Vlan2 Internet 192.168.100.1 - 08d0.9f69.2260 ARPA Vlan1 Internet 192.168.100.2 162 0004.2722.0fc5 ARPA Vlan1 Internet 192.168.100.17 14 0030.4866.1528 ARPA Vlan1

Switch#show spanning-tree

VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 08d0.9f69.2200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 08d0.9f69.2200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- -------------------------------- Fa0/8 Desg FWD 100 128.8 Shr Fa0/9 Desg FWD 19 128.9 P2p Fa0/13 Desg FWD 19 128.13 P2p Fa0/14 Desg FWD 19 128.14 P2p Fa0/15 Desg FWD 19 128.15 P2p Fa0/17 Desg FWD 100 128.17 Shr Fa0/19 Desg FWD 19 128.19 P2p Fa0/22 Desg FWD 100 128.22 P2p Fa0/23 Desg FWD 19 128.23 P2p Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Fa0/24 Desg FWD 19 128.24 P2p Gi0/1 Desg FWD 4 128.25 P2p

VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 08d0.9f69.2200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 08d0.9f69.2200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 19 128.1 P2p Fa0/2 Desg FWD 19 128.2 P2p Fa0/3 Desg FWD 19 128.3 P2p

Reply to
sky

Usually nothing. In software that I'm familiar with that would be needed to create the VLANs, though I'd typically give them a name:

my-box(config)#vlan 2 my-box(config-vlan)#name Office-LAN

Sam

Reply to
Sam Wilson

That all looks healthy. I forgot to ask for 'show mac-address-table' and 'show protocols' but I don't think they're going to show any problems. The 'show arp' shows that the ARP packets are getting between the PC and the switch so there's no basic problem. I echo Doug's question - can you ping the switch from the PC? Many PCs these days don't respond to ping be default.

Sam

Reply to
Sam Wilson

enabled with:

them, I can ping from vlan2 to vlan1 and the other way, but can't ping any of the computers hooked to the ports between vlans.

doesn't work.

I was missing the default gateway on the PC's pointing to the switch, added that and it works now.

Reply to
sky

Ha! Too obvious!

Sam

Reply to
Sam Wilson

Just curious, the 2960 line of switches are layer 2 devices.

formatting link
How are you getting a layer 2 switch to route? I see the IS-IS routing in the show ip route listed.

The 2960 line of switches are a lot cheaper than the 3560's due to the lack of layer 3 support (and a few other feature sets).

Reply to
born2frag

layer 3 support (and a few other feature sets).

2960 switches offer "basic Layer 3 static routing with 16 routes"..
formatting link
and no dynamic routing protocols. Requires such-and-such IOS version, not original version that shipped when first released.
Reply to
Doug McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.