catalyst 2960G vlan configuration

Answered Question
Oct 25th, 2011

Hi,

I have got a catalyst cisco 2960G series switch and via this switch I want to creat serveral vlans.

I am getting a dhcp IP from a router and I want to setup my own vlan networks.

I plugged in the Ethernet cable that came from the dhcp router to port 16 of the cisco switch and configured the ports 1,2 and 3 for vlan 1, 2 and 3

the dhcp router has given me this IP 192.168.10.158

defautl gateway is : 192.168.10.1

when I plug in a PC to port 1 or 2 of the cisco switch I still receiving the IP from range 192.168.10.* but not from the range that I configured for the vlan 1 or 2.

Below is my startup configuration:

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport access vlan 2

  switchport mode access

!

interface GigabitEthernet0/3

switchport access vlan 3

switchport mode access

!

interface Vlan1

ip dhcp client lease 50 0 0

ip address 192.168.1.1 255.255.255.0

no ip route-cache

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

no ip route-cache

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.10.1

ip http server

----------------

What I want is to get a dhcp IP from vlan based on the subnet that has been specified for subnet. e.g; If I plug in a PC to port 1 (vlan 1) then I expect to get an IP 192.168.1.*   - same case for other vlans.

I'm not sure if I have got the right configuration and really not sure if I have pluged in the Ethernet cable that came from the dhcp router to the right port (16 of the cisco switch) ?

Thanks in advance for your help.

I have this problem too.
0 votes
Correct Answer by naiduccnp about 2 years 5 months ago

Hi Shafi,

To achive what you want you need to do below...

1. You need to specify the required address pools in your DHCP (Router) Server.
2. Specify the "ip helper-address "DHCP server address" under the required VLAN..

interface Vlan2
ip address 192.168.2.1 255.255.255.0
no ip route-cache
ip helper-address "DHCP server IP"

3. Configured the access port to which you are connecting PC on your 2960 to specific VLAN...

int fa2/4
switch-port mode access vlan 2

Please rate the helpfull posts.
Regards,
Naidu.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
naiduccnp Tue, 10/25/2011 - 05:24

Hi Shafi,

To achive what you want you need to do below...

1. You need to specify the required address pools in your DHCP (Router) Server.
2. Specify the "ip helper-address "DHCP server address" under the required VLAN..

interface Vlan2
ip address 192.168.2.1 255.255.255.0
no ip route-cache
ip helper-address "DHCP server IP"

3. Configured the access port to which you are connecting PC on your 2960 to specific VLAN...

int fa2/4
switch-port mode access vlan 2

Please rate the helpfull posts.
Regards,
Naidu.

shafitokhi Wed, 10/26/2011 - 02:56

Thanks,

I followed the points that you have mentioned, now I can get a dhcp IP from the respective vlan, but I can't connect to the internet.

On step 3  I can't use the "fa" command on 2960G switch, I only can use the gigabitEthernet.

Below is how the startup config looks like: (dhcp scop only configured for Vlan 2)

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

ip dhcp pool dpool1

   import all

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet0/3

switchport access vlan 3

switchport mode access

i        

interface Vlan1

ip address 192.168.1.1 255.255.255.0

no ip route-cache

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.10.1

ip helper-address 192.168.2.1

no ip route-cache

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

ip default-gateway 192.168.10.1

ip http server

-----------------------------------------------------

@ Reza Shrifi

Switch#sh ip int bri vlan 2

Interface              IP-Address      OK? Method Status                Protocol

Vlan2                  192.168.2.1     YES NVRAM  up                    down   

Switch#sh ip int bri vlan 3

Interface              IP-Address      OK? Method Status                Protocol

Vlan3                  192.168.3.1     YES NVRAM  up                    down   

Reza Sharifi Tue, 10/25/2011 - 05:26

Hi,

Have you configured the DHCP scope for the other subnets (192.168.2.1 255.255.255.0 &192.168.3.1 255.255.255.0?

Are vlans 2 and 3 in up and up mode? try "sh ip int bri vlan 2"

HTH

vipinrajrc Sat, 10/29/2011 - 01:01

Hi,

Create multiple DHCP scope in your DHCP server/router corresponding to each VLAN.

I mean create a scope 192.168.2.0/24 for VLAN2 and 192.168.3.0/24 for VLAN 3 in the same DHCP server.

and put ip helper-address 192.168.10.1 in each interface VLAN configuration.

So whenerver a DHCP packet came from a client it will broadcast to the Corresponding VLAN and it will reach the DHCP server. So a broadcast packet for DHCp address in VLAN to will be destined to the broadcast address 255.255.255.255. So the DHCp server will understand it is asking for the a IP address in the range 192.168.2.0/24. So it will lease IP address corresponding to it.

HTH

Thanks

Vipin

shafitokhi Sat, 10/29/2011 - 02:29

Hi,

thanks for the reply,

I have already done that, as an example I have only configured this for the vlan2 but still i'm not able to connect to the internet via vlan 2

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.10.1

ip helper-address 192.168.2.1

no ip route-cache

I probably need to delete the 2nd ip-helper, I didn't know the command how to delete the extra one.

any idea for the above configuration?

vipinrajrc Sat, 10/29/2011 - 02:42

Hi,

You can delete this by

r(config)#int vlan2

r(config-if)# no ip helper-address 192.168.2.1

Are you sure you made different scope for different vlans?

Thanks

Vipin

shafitokhi Sat, 10/29/2011 - 03:47

Yes,

I have created seperate dhcp pools for each vlan and define the

ip helper-address 192.168.2.1 for each vlan, now I can get the ip but still can't ping.

same configuration as below goes for each vlan.

ip dhcp pool dpool1

   import all

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

ip default-gateway 192.168.10.1

I pluged in the internet cable to one fo the ports which is not configured for any vlans ( not sure if this is the right port?)

but I can't ping the default gateway ( 192.168.10.1)

Do I need to configure the port that the internet cable is pluged in? if yes any hint?

Many thanks.

Cadet Alain Sat, 10/29/2011 - 05:12

Hi,

post a diagram of the topology as well as running config of router and switch.

You can't go to internet from the switch or from PCs?

Alain.

glen.grant Sat, 10/29/2011 - 06:42

  I think a 2960 may be able to route with the newest IOS codes   .Make sure you have ip routing turned on if you do have the latest codes.  You said you plugged the internet into a port that wasnt configured so that means its in a port that is vlan 1 which I believe you already setup for another subnet .  The ip default gateway does nothing , this is used for managing the switch if ip routing is turned off .  I would remove that and see if it will take a default static route , 0.0.0.0 0.0.0.0 192.168.10.1 .  

Jon Marshall Sat, 10/29/2011 - 06:45

Glen

I edited my post because i wasn' totally sure about this.

I know with the latest code the 2960S switches can do basic routing.

Do you know if this also applies to the non S 2960 switches, because i can't find a definitive answer on this and don't have one to test with.

Jon

shafitokhi Sun, 10/30/2011 - 03:11

Thanks for the reply,

I'm not sure if I have the lates IOS on my router, I tried to perform dynamic routing, but the 2960G router could not recagnize the command. ( I think Ip routing is not enabled, and I don't have the clue how to make it enable)

When I connect to the vlan 2, I could get the dhcp IP but not able to ping the default gateway/google for instance ( both from router and PC).

below is the result of the route command on my PC:

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         192.168.2.1        0.0.0.0               UG    0      0        0 eth0

link-local      *                       255.255.0.0         U     1000   0       0 eth0

192.168.2.0     *                   255.255.255.0       U     1      0        0 eth0

The complete startup file:

show startup-config

Using 3175 out of 65536 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

enable secret 5 $1$E2kH$zZbWhNiIphJNxxA8F3cB81

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

ip dhcp pool dpool1

   import all

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

!

ip dhcp pool dpool2

   import all

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

!

ip dhcp pool dpool4

   import all

   network 192.168.4.0 255.255.255.0

   default-router 192.168.4.1

!

ip dhcp pool dpool5

   import all

   network 192.168.5.0 255.255.255.0

   default-router 192.168.5.1

!

ip dhcp pool dpool6

   import all

   network 192.168.6.0 255.255.255.0

   default-router 192.168.6.1

!

ip dhcp pool dpool7

   import all

   network 192.168.7.0 255.255.255.0

   default-router 192.168.7.1

!

ip dhcp pool dpool8

   import all

   network 192.168.8.0 255.255.255.0

   default-router 192.168.8.1

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet0/3

switchport access vlan 3

switchport mode access

!        

interface GigabitEthernet0/4

switchport access vlan 4

switchport mode access

!

interface GigabitEthernet0/5

switchport access vlan 5

switchport mode access

!

interface GigabitEthernet0/6

switchport access vlan 6

switchport mode access

!

interface GigabitEthernet0/7

switchport access vlan 7

switchport mode access

!

interface GigabitEthernet0/8

switchport access vlan 8

switchport mode access

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!        

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface Vlan1

no ip address

no ip route-cache

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan4

ip address 192.168.4.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan5

ip address 192.168.5.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan6

ip address 192.168.6.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan7

ip address 192.168.7.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

interface Vlan8

ip address 192.168.8.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

!

ip default-gateway 192.168.10.1

ip http server

!

control-plane

!

!

line con 0

line vty 0 4

password nocnoc

login

line vty 5 15

password nocnoc

login

!

end

Router version:

Switch      Ports         Model                        SW Version              SW Image           

------             -----         -----                              ----------                     ----------         

*    1          24            WS-C2960G-24TC-L   12.2(35)SE5       C2960-LANBASE-M

Do I need to upgrade the IOS?

Thanks.

kishore.chennupati Sun, 10/30/2011 - 04:11

Hi Shafi,

You have a very old IOS. It was from 2007. I would definetly upgrade the IOS to newer version. The latest version is

c2960-lanbasek9-mz.150-1.SE.bin.

Once you upgraded the IOS then iIn the global configuration mode, enter the command

sdm prefer lanbase-routing

Then  save the configuration and reload the switch. After the reload, you  should be able to activate the IP routing and set up static routing  entries

and type ip route 0.0.0.0 0.0.0.0 192.168.10.1

In regards to your question about not able to ping the internet, you nee a public ip address on the device. This device should be connected to a router and that router should have a public ip address. Can you please paste your topology here?

HTH

Regards

Kishore

Leo Laohoo Sun, 10/30/2011 - 21:36

You have a very old IOS. It was from 2007. I would definetly upgrade the IOS to newer version. The latest version is

c2960-lanbasek9-mz.150-1.SE.bin.

Stay as far away from 15.0(1) as you can.  It's got a memory leak issue.  When you load this IOS, even without a config, it will cause the memory to go up to a critical level.

Leo Laohoo Sun, 10/30/2011 - 22:01

Errrr ... Depends Kishore.  I mean if you want to enable routing then I'd stick with 12.2(58)SE1 or SE2.  Otherwise, 12.2(55)SE4 is a safe bet because the 58-series also have a similar (not the same) memory leak issue.

Now, the 15.0(1)SE bug, according to Cisco, is ACROSS THE BOARD.  So use this version with caution.  The fix for this version will be on March 2012.  Not happy because you can still download the current version even though you have this issue. 

shafitokhi Mon, 10/31/2011 - 02:19

I tried to download the 12.2(55) SE4, but I couldn't do so, at the top of the page they have published the message:

"

Due to a scheduled maintenance, the Software Download area will be  intermittently available between 5:00 pm PT Saturday, November 5th, 2011  and 7:00 am PT Sunday, November 6th, 2011.

"

This is the url:  http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm

I just want to know if I have got the right url?

thanks.

Leo Laohoo Mon, 10/31/2011 - 15:26

That's a scheduled maintenance period for the weekend.  You should be able to download the IOS if your CCO login has a valid Service Contract attached.

shafitokhi Mon, 10/31/2011 - 23:33

I don't know why I can't download the cisco software.

When I try to download the IOS I'm getting the error below:

Authorization Required

This server could not verify that you are authorized to access the document requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

I'm trying to download via the firefox browser.

any idea?

thanks.

kishore.chennupati Tue, 11/01/2011 - 01:47

Hi Shafi,

You need to have valid CCO login with valid smartnet contract.Do you buy you gear directly from cisco or a 3rd party  vendor. If you buy from a vendor then they should be able to give you the IOS you want.

HTH

Regards,

Kishore

shafitokhi Sun, 01/08/2012 - 00:47

Thanks leolaohoo,

I wonder if IOS 15.0(1)SE1 supports routing?

recently I have upgraded my 2960 cisco switch to IOS 15.0(1)SE1 with the below configuration

vlan2: connected to the dhcp server 192.168.10.1

vlan3: connected to a pc

_______________________________________

ip dhcp pool dhpool3

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

interface FastEthernet0/3

switchport access vlan 3

switchport mode access

interface Vlan2

no ip address

no ip route-cache

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

________________

Now the PC that is connected to the vlan 3 has got an IP of 192.168.3.2. But when I try to ping google.com from the PC, respond me with the message "ping: unknown host www.google.com"

Any idea?

Leo Laohoo Sun, 01/08/2012 - 13:26
I wonder if IOS 15.0(1)SE1 supports routing?

Starting from 12.2(55)SE3 (and later).

Something is not right with your config ...

You have a DHCP pool assigned to VLAN3.  Next, VLAN3 has an IP helper address. 

BOGDAN OVIDIU S... Mon, 01/09/2012 - 01:56

Hi,

Let's draw a line with what you have, what is working and what is NOT working:

-you have a 2960G switch that also knows static routing.

-you have configured DHCP pools for each vlan.

What is working:

- the PCs are geting their correct IP addresses.

What is NOT working:

- you cannot ping www.google.com from PCs.

1. you have to have on the switch the command: ip route 0.0.0.0 0.0.0.0 192.168.10.1 (like Kishore said).

BUT you have to have an SVI (switched Virtual Interface) interface that belongs to that subnet (192.168.10.0) first. You can configure interface vlan 1 (or 10) with an IP from 192.168.10.0 and, ofcourse, assign a physical interface to this vlan.

2. you cannot reach www.google.com from PCs because there is not DNS server that can resolve the name www.google.com into IP address. To send the IP address of a DNS server to your PCs you have to have in each DHCP pool: dns-server A.B.C.D

A.B.C.D - IP address of you DNS server.

3. to test connectivity to "internet" try first to send a ping from your switch to 192.168.10.1.

4. if the previous ping works than do a ping from your PCs to192.168.10.1. Now it should work.

I hope it helps,

Bogdan

shafitokhi Wed, 01/11/2012 - 03:03

Thanks for the reply,

I tried to follow the steps which you have mentioned, unfortunately I couldn't complete all the needed steps

I created a SVI interface for the vlan 10 :

ip dhcp pool dpool2

   import all

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   dns-server ip

interface Vlan10

ip address 192.168.10.5 255.255.255.0

interface Vlan3

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.10.1

no ip route-cache

interface GigabitEthernet0/10

switchport mode trunk
switchport trunk encapsulation dot1q  # this command is not working on my switch

ip route 0.0.0.0 0.0.0.0 192.168.10.1

I still can't ping the gateway 192.168.10.1 from the switch.

any idea?

BOGDAN OVIDIU S... Wed, 01/11/2012 - 04:35

Hi,

Is not important that you could not enter the "command switch trunk encap dot1q" on interface G0/10. Catalyst 2960 knows only dot1q. So, it's normal.

Does your int gi0/10 goes into the router?

You have to have an interface in Vlan 10, in order to have Layer3 connectivity. It's OK with a trunk interface only if this interface goes into the router. In this case the router should be configured with subinterfaces.

Is this your case?

As Shine said, please paste the latest configs of your switch and router!

Cheers,

Bogdan

shinepothen Sun, 01/08/2012 - 18:21

Please post the latest config of your switch and router...we will have to see what kind of config done on the router end .....

Sent from Cisco Technical Support iPad App

Actions

Login or Register to take actions

This Discussion

Posted October 25, 2011 at 5:04 AM
Stats:
Replies:28 Avg. Rating:5
Views:7698 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55