Cannot route to Internet

Unanswered Question
Mar 21st, 2008

I havew three 2960 switches with multiple VLANS setup. I have them stacked together using the Gige uplink ports and config using Network Assistant.

My Internet router is on VLAN 1 port 48

I cannot access it from any other VLAN other than VLAN1.

Below is a snapshot of my config.

Thanks

cluster enable RBC_Stack 0

cluster member 1 mac-address 001f.2606.3d80

cluster member 2 mac-address 001f.264a.f380

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree uplinkfast

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 5

switchport mode access

spanning-tree portfast trunk

!

interface FastEthernet0/44

switchport access vlan 7

switchport mode access

spanning-tree portfast trunk

!

interface FastEthernet0/45

switchport access vlan 7

switchport mode access

spanning-tree portfast trunk

!

interface FastEthernet0/46

switchport access vlan 7

switchport mode access

spanning-tree portfast trunk

!

interface FastEthernet0/47

switchport mode access

!

interface FastEthernet0/48

switchport mode access

--

interface GigabitEthernet0/1

switchport mode trunk

!

interface GigabitEthernet0/2

switchport mode trunk

!

interface Vlan1

ip address 172.17.1.10 255.255.255.0

no ip route-cache

!

interface Vlan5

ip address 172.17.5.1 255.255.255.0

ip helper-address 172.17.5.5

no ip route-cache

!

interface Vlan7

ip address 172.17.7.1 255.255.255.0

ip helper-address 172.17.5.5

no ip route-cache

!

interface Vlan10

ip address 172.17.10.1 255.255.255.0

ip helper-address 172.17.5.5

no ip route-cache

!

ip default-gateway 172.17.1.1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Fri, 03/21/2008 - 15:03

Not sure how you were able to configure more than one Layer3 interface on a 2960 switch.

A 2960 switch is strictly Layer2 and only one Layer3 interface can be enabled at the same time and this interface is used only for management, not for inter-vlan routing.

The connection from the switch to the router must be configured as a trunk interface and you need to configure all the Vlans you have above in the router. The router will perform the inter-vlan routing.

HTH,

__

Edison.

dagoose66 Fri, 03/21/2008 - 16:21

The router is a PC with 2 NICS running Linux.

Am I missing something?

Thx

Edison Ortiz Fri, 03/21/2008 - 18:01

You are missing a device that is able to perform the inter-vlan routing on the Vlans you've created.

I'm not very familiar with Linux networking but in addition to the Linux kernel, the NIC must support dot1q trunking. You need the Linux box to perform inter-vlan routing for all the subnets as the switch you've purchased can't do it.

Just to verify you are indeed running a 2960 switch, can you post the output while typing the following commands in the switch:

show ip interface brief | ex una

and

show version

Thanks

dagoose66 Sat, 03/22/2008 - 08:29

Thanks for the help.

they are 2960's, I have the wrong switches for what i need to do.

Richard Burts Sat, 03/22/2008 - 08:39

Donald

There is another issue evident on your config which causes the inability to route to the Internet. Your "router" is on port 48 which is configured as an access port. So only devices in VLAN 1 can access it. The typical solution for inter VLAN routing is to make the connection to the router to be a trunk port so that all the VLANs can be carried over the trunk. This allows devices on all the VLANs to access the router and allows the router to provide inter VLAN routing. The 2960s are not necessarily the wrong switch - many people successfully implement inter VLAN routing on 2960s. But they need to have some device that can trunk and do layer 3 inter VLAN routing.

HTH

Rick

Richard Burts Sat, 03/22/2008 - 10:06

Brandon

If they are 2960 switches then turning on IP routing is not an option. The 2960 is a layer 2 switch and does not support routing.

[edit] though as Edison points out the configuration of VLAN interfacess 1, 5, 7, and 10 with IP addresses suggests that this might not really be a 2960. And in that case your suggestion about turning on IP routing is quite right.

HTH

Rick

Actions

This Discussion