Problem with Catalyst 2960

Unanswered Question
Jul 27th, 2010

Hi,

My name is Sandeep and I am facing very weird problem with my 2960 switch. I have configured my Juniper firewall interface with the ip 10.11.89.5/24 and connected it to 2960 switch port. The default VLAN created on switch is carrying ip address 10.11.89.1/24 and the default gateway is 10.11.89.5.

The problem is, I am unable to ping the gateway from switch but able to ping switch ip address and server ip address connected to switch.

I even change the cable suspecting that there might be problem with the cable.

Please help.

Regards,

Sandeep

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Antonio Brandao Tue, 07/27/2010 - 02:42

Hi Sandeep,

Post your switch conf, please and confirm with port is connected your firewall on switch.

AB

goldshield123 Tue, 07/27/2010 - 03:01

Hi Antonio,

Thanks for your prompt reply

please find enclosed the config for switch and my firewall is connected to port fa 0/1. the status of the port is link up and connected.

Switch#sh run
Building configuration...

Current configuration : 1301 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.11.89.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.11.89.5
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Switch#

CSCO11584685 Tue, 07/27/2010 - 03:38

So your Default Gateway is your Firewall. I'm very sure there is a policy stopping your pings. the command "show ip int br" shows int fa0/1 as UP/UP? if so, then it is definetly your firewall and not the cisco or cable.

goldshield123 Tue, 07/27/2010 - 04:13

Hi Syed,

the result is showing up but there is no firewall rule need to configure for it.The same setup i have done in my Mumbai office but i didnt face this issue but i used Nortel Baystack switch for that.

Leo Laohoo Tue, 07/27/2010 - 15:33

there is no firewall rule need to configure for it.

Explicit deny/deny applies.
Antonio Brandao Wed, 07/28/2010 - 01:09

Try force vlan tag to 1 with follow command

switchport access vlan 1

I´m not sure if that is the problem but as you are using a non-cisco equipment is better ensure

Try and see if change somehing

Antonio

goldshield123 Wed, 07/28/2010 - 01:28

Hi Antonio,

I have tried that previously but no success. Even i replace the switch itself but the same thing with the new one as well.

ch_sajid_hussain Wed, 07/28/2010 - 01:42

Try to change the encapsulation to dot1q on port connected to Juniper.

switchport trunk encapsulation dot1q

goldshield123 Wed, 07/28/2010 - 01:59

Hi sajid,

I tried to configure the suggested command but i am not getting that option. the version on the switch is Version 12.2(35)SE5. and it only allowed me to choose any from the allowed, native and pruning option.

Antonio Brandao Wed, 07/28/2010 - 02:07

Hi goldshield,

Do you need to be a trunk on this port. In this case your port is in mode access.

If you need change to

switchport mode trunk

Will pass all vlans.

Are u using vlans on juniper ??

Antonio

goldshield123 Wed, 07/28/2010 - 02:57

Hi Antonio,

No need to configure that port as a trunk port and i tried that option as well. Also I didnt configure VLAN on Juniper. It should work in access mode as it is L3.

Actions

This Discussion