Configuring 2960 and 300 ES switches

Unanswered Question
Jul 27th, 2012

I have a 2960S switch and nine (9) 300 switches. I have three VLANs configured on them, data, voice and management. Each 300 has unique data and ovice VLANs corresponding to their locations. All of the 300 switches connect to the 2960 in a hub and spoke network topology via 802.1q trunks. I can access devices between switches on the data and voice VLANs fine from any other switch. My issue is that from any 300 switch I can access the 2960 management VLAN interface without a problem, but I can not access the 300 switch management VLAN that I am connected to from the CLI. I do not use the GUI at all for management.

Am I missing something.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (7 ratings)
Tom Watts Fri, 07/27/2012 - 08:18

Hello meptrella, I'm assuming the 300 ES switches are SX300 series models.

The switch is not accessible via any method but http or console without first being 'activated'.

config t

ip telnet server

This should allow telnet from the 2960 to the SX300 series. You can also enable ssh the same way

config t

ip ssh server

If the SSH keys are not generated the SSH server may wait until the keys are generated

crypto key pubkey-chain ssh

user-key ******

key-string rsa

* = whatever you want

-Tom

mpetrella Fri, 07/27/2012 - 08:31

Thanks Tom. This solved a piece of the puzzle, but brought up another issue.

I am not sure if it is a telnet server issue. The reason I say that is I added the suggested commands. I can access the 300 switches from the 2960 now. If I am connected to the 300 I can not access its management address. I can ping the 2960 management address, the 300 gateway, other devices on the 300, but not the management interface address on VLAN one.

Any ideas?

Mike

Tom Watts Fri, 07/27/2012 - 08:43

In layer 3, if there is not a device connected on the IP interface, there won't be a response. Perform a show ip route, you will notice a default route is built, additionally you will notice routes built to each subnet for an active interface.  If you connect a device to the ip interface, the ip route will dynamically build and the interface will respond.

If the switch is in L2 then it should simply work

-Tom

mpetrella Fri, 07/27/2012 - 08:50

I may be in over my head. I could not do the ip routing command on the 2960 and I thought the 300's were all layer 2 devices. I have worked on the Cisco Enterprise switches for about 10 years and many of the "normal" switch commands are not there. There is no router in the network so we have to work with the 16 static routes on the 2960 and  default gateway on the 300. Again, I may be missing something on these. We had nothing to do with the selection of the switches and have to get them working for the three VLANs.

Thanks,

Mike

Tom Watts Fri, 07/27/2012 - 08:56

On the SX300, in the layer 2 mode, the IP address does not matter for the device except management purpose. So, what to do, connect a computer via ethernet to the SX300 on a port part of the management VLAN, assign a static IP address to the computer and see if you can open the GUI and ping the switch.

If successful, directly connected to the switch, then we know there is either an incorrect configuration, an incorrect route on the 2960 or the device attempting to access the switch IP interface is not on the management ip subnet.

-Tom

mpetrella Fri, 07/27/2012 - 10:12

I will try that this weekend. I will post the results Monday.

Thanks again for all the help.

Mike

mpetrella66 Wed, 08/01/2012 - 06:12

Back again. We have VLAN 1, VLAN 10 and VLAN 11 on the 300ES and 2960. The 2960 has VLAN interfaces configured on the 2960 as well as the VLAN database. The 300ES has the VLAN database, but no VLAN interfaces configured on it. We have trunks between the switches. The 300ES has ports assigned to VLAN 10 with VLAN 11 being the VoIP.

I did as suggested and the results were as follows:

1) We can now get between all switches on VLAN 1.

2) If we have a PC on VLAN 10 on the 300ES we can not ping any interface on the 2960. From the 2960 we can not ping the PC on the 300ES sourcing it from the VLAN 10 interface address on the 2960.

3) From the 300ES we can ping the gateway defined on the 2960 for VLAN 10, but can not ping anything off of the VLAN 10 network.

I have to be missing something stupid. I set this up with 4500 and 3750 with no problems, but the CLI on the 300ES and 2960 do not match the higher switches and I can not figure out what the miussing piece is on this.

Any help is appreciated.

Mike

mpetrella66 Wed, 08/01/2012 - 07:08

Tom,

I will have to do it tonight. I left my thumb drive at home.

Thanks,

Mike

mpetrella66 Wed, 08/01/2012 - 07:41

Tom,

My fellow engineer had the configs and sent them to me.The configs are below. The 2960 is first. One additional test we did was to have a PC on VLAN 10 on the 2960 and one on the 300ES and could not ping between them either. Thanks again.

Building configuration...

Current configuration : 11609 bytes

!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname 2960-MDF-1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$6yul$iZz2Rj6HA8JHl2KMHxF16/

!

username lns privilege 15 secret 5 $1$A129$F19PkQvMBPoRbT.z4ldwB.

username cisco privilege 15 secret 5 $1$sAYS$mdeBRQa/Yfhh6RoTEcd9x1

!

!

no aaa new-model

clock timezone UTC -5

clock summer-time UTC recurring

switch 1 provision ws-c2960s-48fps-l

ip routing

!

!

vtp mode transparent

udld aggressive

!

!

crypto pki trustpoint TP-self-signed-2638571776

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2638571776

revocation-check none

rsakeypair TP-self-signed-2638571776

!

!

crypto pki certificate chain TP-self-signed-2638571776

certificate self-signed 01

  30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32363338 35373137 3736301E 170D3933 30333031 30303033

  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333835

  37313737 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CBED 28723530 0501217D 4FBE6C5B B902D9B8 2A9D7A10 67503A3A B47B4097

  0C6BA011 D14837A1 B1E169A7 D0FF03A1 AADBA145 BCD6937A 0B05BDC6 227C9FF1

  AA692CE7 720E3D8D 7724FD7D 794778F9 61702964 080872D9 E9A52437 D67B2DA6

  18E1D1EC B7827EB2 4EBF8D82 6A15655E 66D1B9DC C67661D3 86908DC6 60935A63

  81E90203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603

  551D1104 0F300D82 0B323936 302D4D44 462D312E 301F0603 551D2304 18301680

  145CC643 4DF22380 B319CD2F 65AB80C7 DBFE044B 17301D06 03551D0E 04160414

  5CC6434D F22380B3 19CD2F65 AB80C7DB FE044B17 300D0609 2A864886 F70D0101

  04050003 818100CA 5EF4A7F4 E97C67B2 38062B1A B1C9A132 499EFE7F A00F4897

  84CA79E9 7C0E0C77 0899B745 5D2D69B0 BB3E2495 6E98D522 7B8BA267 A766460F

  BB319F55 A7B1C752 EC4D4EEF 84B51524 56C3003B D8D0F970 F3BEA90B 7B668399

  AA08760D F5598EEE E25CA8D7 59F11EC3 94B25B97 9FC4D6BE DF1AD4C9 FEC88DA2

  08DB8A4A 6A1DFD

  quit

!

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

auto qos srnd4

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig (STP)

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause pppoe-ia-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause inline-power

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery cause small-frame

!

vlan internal allocation policy ascending

!

vlan 10  

name BLDG-10

!

vlan 11

name VoIP-BLDG-10

!

vlan 100

name SERVERS

!

ip ssh version 2

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface GigabitEthernet1/0/1

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/3

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/4

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/5

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/6

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/7

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/8

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/9

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/10

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/11

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/12

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/13

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/14

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/15

switchport access vlan 100

switchport mode access

spanning-tree portfast

!        

interface GigabitEthernet1/0/16

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/17

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/18

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/19

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/20

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/21

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/22

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/23

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/24

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/25

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/26

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/27

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/28

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/29

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/30

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/31

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/32

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/33

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/34

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/35

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/36

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/37

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/38

switchport access vlan 100

switchport mode access

spanning-tree portfast

!        

interface GigabitEthernet1/0/39

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/40

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/41

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/42

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/43

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/44

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/45

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/46

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/47

description SF300-BLDG10-1 Port G1

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet1/0/48

description SF300-SALES Port G1

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet1/0/49

!

interface GigabitEthernet1/0/50

!

interface GigabitEthernet1/0/51

!

interface GigabitEthernet1/0/52

!

interface Vlan1

description Management

ip address 10.0.5.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan10

description BLDG-10

ip address 10.0.10.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan11

description VoIP BLDG-10

ip address 10.0.11.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan100

description SERVERS

ip address 10.0.0.1 255.255.255.0

!

ip default-gateway 10.0.0.5

no ip route static inter-vrf

ip route 10.0.10.0 255.255.255.0 10.0.5.10

no ip http server

ip http secure-server

!

line con 0

line vty 0 4

logging synchronous

login local

transport input telnet ssh

line vty 5 15

logging synchronous

login local

transport input telnet ssh

!

end

One of the nine (9) 300ES follows.

SF300-BLDG10-1(config)#do sho run       

interface range fa1-48

spanning-tree portfast

exit

interface  fa48

description Management

exit

interface  gi1

description "MDF-1 Port 1/45"

exit

vlan database

vlan 10-11

exit

voice vlan id 11

voice vlan state auto-enabled

voice vlan cos 6 remark

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 001049 shoretel

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 1

ip address 10.0.5.10 255.255.255.0

exit

ip default-gateway 10.0.5.1

interface vlan 1

no ip address dhcp

exit

hostname SF300-BLDG10-1

no passwords complexity enable

ip ssh server

ip telnet server

interface fastethernet1

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet2

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet3

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet4

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet5

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet6

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet7

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet8

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet9

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet10

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet11

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet12

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet13

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet14

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet15

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet16

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet17

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet18

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet19

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet20

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet21

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet22

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet23

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet24

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet25

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet26

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet27

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet28

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet29

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet30

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet31

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet32

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet33

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet34

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet35

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet36

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet37

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet38

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet39

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet40

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet41

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet42

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet43

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet44

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet45

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet46

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet47

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet48

switchport mode access

exit

interface gigabitethernet1

no macro auto smartport

switchport trunk allowed vlan add 10-11

exit

mpetrella66 Wed, 08/01/2012 - 07:50

Fat fingered my last two posts. One the 2960 we had a PC on VLAN 100, not 10.

Tom Watts Wed, 08/01/2012 - 08:12

interface GigabitEthernet1/0/47

description SF300-BLDG10-1 Port G1

switchport mode trunk

switchport trunk allowed vlan add 10,11,100 <- Try this

mls qos trust dscp

spanning-tree mode rapid-pvst <-- SX300 does not support the PVST. I am not sure if it makes a difference

spanning-tree portfast bpduguard default

spanning-tree extend system-id

auto qos srnd4

SX300 port-

interface gigabitethernet1

no macro auto smartport

switchport trunk allowed vlan add 10-11  <- VLAN 100 is not a member of the port (I think this is your uplink?)

switchport trunk allowed vlan add 10,11,100 <- Try

exit

switchport trunk allowed vlan add 10,11, this means the port is 1untag, 10 and 11 tag.

-Tom

mpetrella66 Wed, 08/01/2012 - 10:33

WIll try the suggested confifuration changes tonight.

One questions, why would I need to include the VLANs in the allowed statements? The reason I ask is that with the 4500 and 3750 we use we don't have them specifically and things work fine.

Thanks,

Mike

Tom Watts Wed, 08/01/2012 - 11:09

Ingress filtering on trunk and access port will discard any vlan id not specified on the port of the SX300.

-Tom

Tom Watts Wed, 08/01/2012 - 18:55

Michael, another idea you may try to set the switchport to general and remove the ingress filter all together

switchport mode general

switchport general pvid 1

switchport general ingress-filter disable

switchport general allowed vlan add 1 untagged

switchport general allowed vlan add 10,11,100 tagged

If the forementioned config doesn't work, give this a try.

-Tom

mpetrella66 Thu, 08/02/2012 - 05:50

Tom,

We did not get to try your suggestion yesterday. In testeing we could not ping between VLAN interfaces on the 2960. We addesd VLAN 10 to an interface and connected a PC to it. We could ping the gateway, but not a PC on VLAN 100. While researching the issue we saw that we did not have any routed interfaces. We then vevrified that the lanbased-routing template was being used and the output is below. The 0 routed interfaces is a concern for us. Any ideas on what is missing?

We also saw that this seems to be a common issue, but it seems the answers are "get different switches." That is not an option with us.

Thanks,

Mike

2960-MDF-1#sho ver
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version
12.2(55)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 09-Feb-12 19:22 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01B00000

ROM: Bootstrap program is Alpha board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE
SOFTWARE (fc1)


2960-MDF-1#sho sdm prefer
 The current template is "lanbase-routing" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 0 routed interfaces and 255 VLANs.

  number of unicast mac addresses:                  4K
  number of IPv4 IGMP groups + multicast routes:    0.25K
  number of IPv4 unicast routes:                    4.875k
    number of directly-connected IPv4 hosts:        4K
    number of indirect IPv4 routes:                 0.875k
  number of IPv6 multicast groups:                  0.25K
  number of directly-connected IPv6 addresses:      0.25K
  number of indirect IPv6 unicast routes:           0
  number of IPv4 policy based routing aces:         0
  number of IPv4/MAC qos aces:                      0.375k
  number of IPv4/MAC security aces:                 0.375k
  number of IPv6 policy based routing aces:         0
  number of IPv6 qos aces:                          0
  number of IPv6 security aces:                     0.125k
Tom Watts Thu, 08/02/2012 - 09:24

Michael, first need to change the SDM template

SwitchA(config)#sdm prefer lanbase-routing

Changes to the running SDM preferences have been stored, but cannot take effect until the next reload.

Use 'show sdm prefer' to see what SDM preference is currently active.

SwitchA(config)

SwitchA#reload

System configuration has been modified. Save? [yes/no]: y

Proceed with reload? [confirm]

SwitchA#conf t

SwitchA(config)#ip routing

SwitchA(config)# interface vlan 1 ip address x.x.x.x /24

SwitchA(config)# interface vlan 10 ip address x.x.x.x /24

SwitchA(config)# interface vlan 11 ip address x.x.x.x /24

SwitchA(config)# interface vlan 100 ip address x.x.x.x /24

SwitchA(config)# do show ip route

-Tom

mpetrella66 Thu, 08/02/2012 - 09:28

Tom,

We cahnged the sdm template and in the output above it shows that the template is lanbase-routing, but no routed interfaces.

I am totally lost on this.

Thanks,

Mike

mpetrella66 Thu, 08/02/2012 - 11:29

Tom,

We had the VLAN interfaces configured before we changed the SDM template and did the "ip routing" command. Do you think it makes sense to remove the VLAN interfaces, reload the switch and re-configure the VLAN interfaces?

Thanks,

Mike

Tom Watts Thu, 08/02/2012 - 11:57

Please post the following outputs

show sdm prefer

show ip interface [vlan id]

show ip route

Make sure there is an active connection on the routed interfaces (in other words, make sure there is a live link on each vlan interface to ensure there is a link connectivity to build the route table).

-Tom

mpetrella66 Fri, 08/03/2012 - 09:45

Tom,

Last night we tftp the config file to a pc, wipeed the config on the switch, reloaded it, tftp the config file back onto the switch and everything is fine. Not sure what happened when we started this, but that did the trick.

Thanks for all the help. I will post another topic if we have any more issues.

Mike.

Actions

Login or Register to take actions

This Discussion

Posted July 27, 2012 at 8:12 AM
Stats:
Replies:22 Avg. Rating:5
Views:1918 Votes:0
Shares:0

Related Content

Discussions Leaderboard