newbie question, lost connection when ip routing enabled?

Unanswered Question
Dec 14th, 2011
User Badges:

hi there,


i am configuring a 3560, everthing is fine until i enable the "ip routing"


i lost connection to all vlan, any idea?


thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cadet alain Wed, 12/14/2011 - 02:21
User Badges:
  • Purple, 4500 points or more

Hi,


try changing this command: ip default-gateway x.x.x.x into ip route 0.0.0.0 0.0.0.0 x.x.x.x


Regards.


Alain

Richard Burts Wed, 12/14/2011 - 19:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bill


If the suggestion from Alain does not solve your issue then I suggest that you post the configuration of the switch. This might help us to identify the issue.


HTH


Rick

sc.bill.lee Wed, 12/14/2011 - 20:42
User Badges:

Sorry bros, let me make my question more clear


actually, my situation is..


the core switch 3750 serves voice/servers/etc..all the vlans, routings (e.g. routing all traffic excluding 10.x.x.x to ISP_A)


a newly added Room B, got an old 3560, made truncking to 3750


Need to achieve:


users in room B use ISP_B for internet, all other traffic goes back to 3750


Question:


is that i need to do routes in 3560? is that i need to enable ip routing in 3560?

cadet alain Thu, 12/15/2011 - 01:44
User Badges:
  • Purple, 4500 points or more

Hi,


post the config from 3750 and 3560.


Regards.


Alain

Richard Burts Thu, 12/15/2011 - 06:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bill


Given what is in the drawing I would think that you would need to enable routing on the 3560. You would want to configure a default route that would send traffic from the local VLANs out to ISP B. And you would want routes on the 3560 that would send traffic for the VLANs/subnets in room A to the 3750.


HTH


Rick

sc.bill.lee Thu, 12/15/2011 - 17:36
User Badges:

3750 and 3560 have common vlan now, they can talk to each other,


but when I tried to enable "ip routing" in 3560, I lost connection to the 3560, any idea?

Kishore Chennupati Thu, 12/15/2011 - 18:26
User Badges:
  • Gold, 750 points or more

You probably still have  "ip default-gateway" . This works only for a layer2 siwtch only. So, once you enable ip routing this functionality is no more valid and you loose connection as the switch doesnt have a default gateway.


but you should still be able to log into it from 3750 and check "sh ip route" and it will show you nothing.



Hope this give you some idea.

Kishore Chennupati Thu, 12/15/2011 - 14:24
User Badges:
  • Gold, 750 points or more

hi,


to add to what rick mentioned make sure you have common vlans between the switches that need to talk and configure a trunk and enable ip routing on the 3560. This will enable the vlans to talk to each other.


For the internet traffic configure a default route on the 3560 and that will allow traffic destined for internet to go out via ISP B.


HTH


Kishore

sc.bill.lee Thu, 12/15/2011 - 17:39
User Badges:

C3560-GZH-01#sh run

Building configuration...



Current configuration : 4399 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname C3560-GZH-01

!

enable secret

!

no aaa new-model

system mtu routing 1500

vtp domain SCGZHnetwork

vtp mode transparent

ip subnet-zero

!

!

!

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1 priority 36864

!

vlan internal allocation policy ascending

!

vlan 8

name PBX

!

vlan 9

name servers

!

vlan 19

name Network-devices

!

vlan 160

name Workstations

!

interface GigabitEthernet0/1

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/2

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/3

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/4

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/5

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/6

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/7

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/8

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/9

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/10

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/11

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/12

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/13

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/14

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/15

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/16

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/17

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/18

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/19

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/20

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/21

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/22

switchport access vlan 160

switchport mode access

!

interface GigabitEthernet0/23

description ***ASA 5510***

switchport access vlan 9

switchport mode access

!

interface GigabitEthernet0/24

description ***PABX***

switchport access vlan 8

switchport mode access

!

interface GigabitEthernet0/25

description 3560_3750_Fibre

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface Vlan1

no ip address

no ip route-cache

!

interface Vlan8

ip address 10.161.8.2 255.255.255.0

no ip redirects

no ip unreachables

ip accounting output-packets

!

interface Vlan9

description ***----Server VLAN----***

ip address 10.161.9.2 255.255.255.0

no ip redirects

no ip unreachables

!

interface Vlan19

ip address 10.161.19.2 255.255.255.0

no ip route-cache

!

ip classless

ip http server

!

!

control-plane

!

line con 0

login local

line vty 0 4

login local

line vty 5 15

login

!

end



C3560-GZH-01#

Kishore Chennupati Thu, 12/15/2011 - 18:32
User Badges:
  • Gold, 750 points or more

Hi,


Currently the switch is acting like a Layer2 switch. Also, I cant see any default GW? Where is the switch going to send the traffic to?

sc.bill.lee Thu, 12/15/2011 - 18:39
User Badges:

yes, it's still acting as layer 2, all the traffic is now going through another 3750 connected to g0/25


what I need to achieve is making all the clients connected to 3560 going internet by the firewall connected to 3560 g0/23


but when I enable ip routing in 3560, i lost connection to it....

JohnTylerPearce Thu, 12/15/2011 - 19:01
User Badges:
  • Silver, 250 points or more

From looking at your configuration, it appears that all your ports on the 3560 are on VLAN160. I don't see a vlan interface for VLAN160 on the 3560? Where is the default gateway for VLAN160 located? If you want the 3560 in Room B to use the ISP from B you will need a vlan interface on 3560 and point a default route to the ASA, and then the ASA should hae a default route going towards the ISP next hop.

sc.bill.lee Thu, 12/15/2011 - 20:27
User Badges:

actually all vlan is in room A 3750, i would like to make 3560 all traffic goes ISP_B except traffic for 10.x.x.x

Kishore Chennupati Thu, 12/15/2011 - 20:52
User Badges:
  • Gold, 750 points or more

No Connectivity After IP Routing is Enabled


One of the most common issue people face is the loss of connectivity  once IP routing is enabled on the switch. A common cause for this issue  is the command used to specify the default gateway for the device.


If IP routing is not enabled on the device, the command is ip default-gateway.


3750-1#ip default-gateway A.B.C.D
!--- where A.B.C.D is the IP address of the default router


If IP routing is enabled, use the ip route command in order to specify the default router for that device.


3750-1#ip route 0.0.0.0 0.0.0.0 A.B.C.D



Taken from the link


http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00807ccc79.shtml


Hope this helps

JohnTylerPearce Fri, 12/16/2011 - 03:01
User Badges:
  • Silver, 250 points or more

It looks like you want all traffic on the 3560 to go to the 3750 which is going to hit the default gateway on the 3750. Since this is most likely going to happen, it's going to hit the default route that is most likely going to the ASA in RoomA which is going to ISP1. You have one of two options.


1) Turn IP routing on the 3560

2) Create a route-map on the 3750 to have traffic sources from the 3560 back to the 3560 and out ISP2.


Choice one is the way you want to go, if you choose choice two, it's going to create ineffient routing.


You need to turn on IP routing on the 3560, and create a default route going out to the ISP2. Also, what VLAN is your management vlan?

Richard Burts Fri, 12/16/2011 - 10:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bill


Am I correct in assuming that you are accessing the 3560 remotely (not on the console connection)? In that case the explanation by several of my colleagues may be correct that you lose connectivity because your source address is remote from the 3560. When you first access the 3560 the routing logic that connects the 3560 to your remote address is on the 3750 and it works. But when you enable routing on the 3560 then a problem develops  because it has no routing knowledge to access your remote subnet. I an think of a couple of options which could solve this:

- go to where the 3560 is located and connect to the console to make the config changes to enable routing. You certainly will not lose connectivity there when routing is enabled.

- access the 3750 (by telnet or SSH or whatever you use and from the 3750 access the 3560. Hopefully the 3560 will see this as a local connection and will not lose it when routing is enabled.


HTH


Rick

sc.bill.lee Mon, 12/19/2011 - 02:55
User Badges:

Yes, I would like to take Option 1, but really dont have idea where to start with.


I have enabled ip routing, i can telnet to it now by inserting some static routes


and I tried to made some routes to achieve what I want, but it seems not working


"

Gateway of last resort is 10.161.9.14 to network 0.0.0.0



     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

S       10.0.0.0/8 [1/0] via 10.161.19.1

C       10.161.9.0/24 is directly connected, Vlan9

C       10.161.8.0/24 is directly connected, Vlan8

C       10.161.19.0/24 is directly connected, Vlan19

S*   0.0.0.0/0 [1/0] via 10.161.9.14"


I suppose all traffic starting with 10.x.x.x will go 10.161.19.1, all other traffic will go to the firewall 10.161.9.14 for the ISP_B

Richard Burts Mon, 12/19/2011 - 05:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bill


Based on what I understand of this discussion it looks like you have most of what you need. You have configured a static default route and I assume that 10.161.9.14 is the next hop that gets to the ISP B. Can you confirm that?

You have a static route for some subnets in network 10.0.0.0 which I assume are the VLANs in room A. Can you confirm that? And I assume that there are no devices connected in room A that are not in network 10.0.0.0. Can you verify that?


From what I have understood in the config that you posted the main thing that you are missing is that you need to configure inteface vlan 160 and configure an IP address on it. Then you need to make sure that devices in vlan 160 use this address as their default gateway. (You also need to make sure that devices in vlan 8, 9, and 19 use the addresses on the 3560 as their default gateway - I would assume that their current default gateway is probably a vlan address on the 3750.)


If you do this it should achieve your goal of having traffic from devices connected to the 3560 will use ISP B and will have connectivity to devices in room A. It does not address the question of whether you want to be able to have failover so that if ISP B becomes not available you could send traffic through ISP A. This is possible but would require additional config changes and probably need implementation of a dynamic routing protocol.


HTH


Rick

Actions

This Discussion