Problem with Catalyst 2960

goldshield123 · ‎07-27-2010

Hi,

My name is Sandeep and I am facing very weird problem with my 2960 switch. I have configured my Juniper firewall interface with the ip 10.11.89.5/24 and connected it to 2960 switch port. The default VLAN created on switch is carrying ip address 10.11.89.1/24 and the default gateway is 10.11.89.5.

The problem is, I am unable to ping the gateway from switch but able to ping switch ip address and server ip address connected to switch.

I even change the cable suspecting that there might be problem with the cable.

Please help.

Regards,

Sandeep

Antonio Brandao · ‎07-27-2010

Hi Sandeep,

Post your switch conf, please and confirm with port is connected your firewall on switch.

AB

goldshield123 · ‎07-27-2010

Hi Antonio,

Thanks for your prompt reply

please find enclosed the config for switch and my firewall is connected to port fa 0/1. the status of the port is link up and connected.

Switch#sh run
Building configuration...

Current configuration : 1301 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.11.89.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.11.89.5
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Switch#

CSCO11584685 · ‎07-27-2010

So your Default Gateway is your Firewall. I'm very sure there is a policy stopping your pings. the command "show ip int br" shows int fa0/1 as UP/UP? if so, then it is definetly your firewall and not the cisco or cable.

goldshield123 · ‎07-27-2010

Hi Syed,

the result is showing up but there is no firewall rule need to configure for it.The same setup i have done in my Mumbai office but i didnt face this issue but i used Nortel Baystack switch for that.

Leo Laohoo · ‎07-27-2010

there is no firewall rule need to configure for it.

Explicit deny/deny applies.

Antonio Brandao · ‎07-28-2010

Try force vlan tag to 1 with follow command

switchport access vlan 1

I´m not sure if that is the problem but as you are using a non-cisco equipment is better ensure

Try and see if change somehing

Antonio

goldshield123 · ‎07-28-2010

Hi Antonio,

I have tried that previously but no success. Even i replace the switch itself but the same thing with the new one as well.

ch_sajid_hussain · ‎07-28-2010

Try to change the encapsulation to dot1q on port connected to Juniper.

switchport trunk encapsulation dot1q

goldshield123 · ‎07-28-2010

Hi sajid,

I tried to configure the suggested command but i am not getting that option. the version on the switch is Version 12.2(35)SE5. and it only allowed me to choose any from the allowed, native and pruning option.

Antonio Brandao · ‎07-28-2010

Hi goldshield,

Do you need to be a trunk on this port. In this case your port is in mode access.

If you need change to

switchport mode trunk

Will pass all vlans.

Are u using vlans on juniper ??

Antonio

goldshield123 · ‎07-28-2010

Hi Antonio,

No need to configure that port as a trunk port and i tried that option as well. Also I didnt configure VLAN on Juniper. It should work in access mode as it is L3.