cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31153
Views
1
Helpful
17
Replies

How to configure route between two subnets on 2960-S?

ghunioncisco
Level 1
Level 1

Hello everyone,

Please assist me with configuring a working route between two subnets (172.28.0.0/16 and 192.168.0.0/24) on a Cisco Catalyst 2960-S.

Problem: The subnet 172.28.0.0/16 is on VLAN 40 and the clients on this subnet have to access a preconfigured device with an ip in 192.168.0.0/24 subnet. The configuration of this device cannot be changed.

I have an Cisco 2960-S Lan Base (c2960s-universalk9-tar.150-1.SE3) switch (http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html) that I would like to use to solve this problem.

Is this possible and if so how can I do this?

Thank you and best regards,

Gasper

17 Replies 17

cadet alain
VIP Alumni
VIP Alumni

Hi,

take a look here:http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Richard Burts
Hall of Fame
Hall of Fame

Gasper

The 2960 switch was originally a layer 2 switch and could not route between VLANs or between subnets. But Cisco added limited ability to route on the 2960 beginning with release 12.2(55)SE as indicated in the link that you reference. So I am guessing that you switch can do this.

As a first step go into config mode and enter the command ip routing. If the command is accepted and if it shows up in the output of show run, then we can be confident that your switch can be used to provide the connectivity between subnets.

I am assuming that the switch is already configured with the two VLANs, one VLAN for the 172.28 network and one VLAN for the 192.168.0 network, and appropriate ports assigned to each VLAN. If that is not the case then let us know and we can discuss that part.

Assuming that two VLANs exist perhaps as vlan 40 and vlan 50 and that the ip routing command was accepted, then the rest of the configuration is pretty simple. You will configure two VLAN interfaces and configure IP addresses on them. It might look something like this:

ip routing

interface vlan 40

ip address 172.28.0.1 255.255.0.0

interface vlan 50

ip address 192.168.0.0 255.255.255.0

This should be enough to allow the clients in network 172.28 to access the device in network 192.168.0. I do not believe that you would need to configure any static routes to establish that connectivity.

Give it a try and let us know how it works.

HTH

Rick

HTH

Rick

Hi Richard,

Thank you for your help. I actually tried this prior to posting here but I am still unable to ping from one subnet to another. I guess I am doing something wrong.

Yes, sdm prefer lanbase-routing and ip routing commands are accepted.

To further clarify:

I have a subnet 172.28.0.0/255.255.0.0 in a VLAN 40 with a gateway at 172.28.0.1. This Vlan is configured throughout my network infrastructure. This VLAN is also configured on the Cisco Catalyst 2960-S that I'm trying to use to configure the route between two subnets.

The subnet 192.168.0.0/255.255.255.0 is not deployed throughout my network as I have only one device that needs to be accessed from the 172.28.0.0/255.255.0.0 subnet. I also don't have a gateway configured for the 192.168.0.0/255.255.255.0 subnet.

Then what I did is I added VLAN 11 for this subnet on the previously mentioned Cisco Catalyst 2960-S:

Switch#conf t

Switch(config)# vlan 11

Switch(config)# name TEST

Then what I did is:

Switch#conf t

Switch(config)#ip routing

Switch(config)#

Switch(config)#int vlan 40

Switch(config-if)#ip add 172.28.254.254 255.255.0.0 <- I cannot assign 172.28.0.1 as this IP address is the gateway IP address of this subnet

Switch(config-if)#

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.2 255.255.255.0 <- Here you wrote ip add 192.168.0.0 255.255.255.0, is this a typo or is this where I did the mistake?

If I configure a client in the 172.28.0.0/255.255.0.0 subnet (Vlan 40) I am able to ping 172.28.254.254.

Also if I configure a client in a 192.168.0.0/255.255.255.0 subnet (Vlan 40), I am able to ping 192.168.0.2.

But I am unable to ping 192.168.0.2 from the 172.28.0.0/255.255.0.0 subnet (Vlan 40).

So I am able to ping between VLANs (for example from VLAN 40 to VLAN 11), but only if the device that I am using is configured in the same subnet as the IP that I'm trying to ping.

I hope that my post makes any sense.

I really appreciate your help and I hope you will be able to further assist me with my issue.

Thank you and best regards,

Gasper

Hi,

did you try the ping between the vlans on the switch first ?

have you configured the default-gateway of the devices as the SVI IP address in the same subnet?

Have you tried the tests with the device firewall disabled ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

did you try the ping between the vlans on the switch first ?

Yes and it worked.

have you configured the default-gateway of the devices as the SVI IP address in the same subnet?

I don't understand what you mean by that. Please advise how to do this properly?

I use a seperate management VLAN with a subnet 192.168.99.0/24 for device management. So I have only ip default-gateway 192.168.99.9 configured for the switch management on the Cisco Catalyst 2960-S.

Please note that the client devices configuration cannot be changed. I cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24 devices.

Have you tried the tests with the device firewall disabled ?

Yes, all client devices have firewall disabled.

Thank you and best regards,

Gasper

Hi,

Please note that the client devices configuration cannot be changed. I  cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24  devices.

if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.

Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.

So should I have 192.168.0.2 configured as the default gateway on my client devices in the 192.168.0.0/24 network or on the switch using:

interface Vlan11

ip address 192.168.0.2 255.255.255.0

ip default-gateway 192.168.0.2 <- this somehow seems wrong

Also should i use ip route-cache?

Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.

Diagram:

     Cisco ASA:

    

          - Cisco 3750G Stack:

         

               - Cisco Catalyst 2960-S:

                    - Connected devices 172.28.0.0/16

                    - Conencted devices 192.168.0.0/24

192.168.0.0/24 device configuration:

IP: 192.168.0.X

Subnet: 255.255.255.0

Gateway: 192.168.0.1 <- non existing

DNS: 192.168.0.1 <- non existing

172.28.0.0/16 device configuration:

IP: 172.28.X.X

Subnet: 255.255.0.0

Gateway: 172.28.0.1 <- does exist

DNS: ISP public DNS <- working

Now if I understand correctly what I should do is:

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.1 255.255.255.0

instead of:

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.2 255.255.255.0

Is this correct?

Thank you and best regards,

Gasper

Hi,

yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP  and the same goes for the other vlan.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP  and the same goes for the other vlan.

I don't see any problems configuring this for vlan 11, but vlan 40 already has an ip 172.28.0.1 for the gateway which is configured on asa. If I configure interface on the same ip in vlan 40, won't it conflict?

Thank you and best regards,

Gasper

Hi,

of course they will conflict but in this case no need for vlan 40 on the switch except if you want to connect to this IP for management as the ASA will do the routing but you must have a correct route on the asa.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Ok, I hope I understood correctly what I have to do.

1. I've reconfigured interface vlan 11: 

     interface vlan 11

     ip address 192.168.0.1 255.255.255.0

2. I've connected a device to vlan 11 with the settings:

     ip: 192.168.0.138

     sub: 255.255.255.0

     gw: 192.168.0.1

3. I've connected a device to vlan 40 with the settings:

     ip: 172.28.2.99

     sub: 255.255.0.0

     gw: 172.28.0.1

Then I tried:

a) Ping to 192.168.0.1 from switch. Result: OK

b) Ping to 172.28.0.1 from switch. Result: NOT OK

c) Ping from device 172.28.2.99 to 172.28.0.1. Result: OK

d) Ping from device 172.28.2.99 to 192.168.0.1. Result: NOT OK

e) Ping from device 172.28.2.99 to 192.168.0.138. Result: NOT OK

f) Ping from device 192.168.0.138 to 192.168.0.1. Result: OK

g) Ping from device 192.168.0.138 to 172.28.0.1. Result: NOT OK

h) Ping from device 192.168.0.138 to 172.28.2.99. Result: NOT OK

On the switch there are configured VLANs 1, 11, 40, 999 (management). And IPs set for vlan interfaces 11 (192.168.0.1) and 999 (192.168.99.28). I didn't set an IP for vlan inferface 40. Default gateway on the switch 192.168.99.9 (I also tried with 192.168.0.1 but there was no difference in results above).

I don't know what I'm doing wrong?

Best regards,

Gasper

Hi,

can you post a diagram as well as the config from switch and asa.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

  When you entered the command "sdm prefer lanbase-routing"  did you reload the switch stack after this ?  Switch must be reloaded after entering this command .

  When you entered the command "sdm prefer lanbase-routing"  did you reload the switch stack after     this?

Yes I did.

Best regards,

Gasper

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: