Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

How to configure route between two subnets on 2960-S?

Hello everyone,

Please assist me with configuring a working route between two subnets (172.28.0.0/16 and 192.168.0.0/24) on a Cisco Catalyst 2960-S.

Problem: The subnet 172.28.0.0/16 is on VLAN 40 and the clients on this subnet have to access a preconfigured device with an ip in 192.168.0.0/24 subnet. The configuration of this device cannot be changed.

I have an Cisco 2960-S Lan Base (c2960s-universalk9-tar.150-1.SE3) switch (http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html) that I would like to use to solve this problem.

Is this possible and if so how can I do this?

Thank you and best regards,

Gasper

Everyone's tags (5)
17 REPLIES
Purple

How to configure route between two subnets on 2960-S?

Hi,

take a look here:http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swipstatrout.html

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Hall of Fame Super Gold

How to configure route between two subnets on 2960-S?

Gasper

The 2960 switch was originally a layer 2 switch and could not route between VLANs or between subnets. But Cisco added limited ability to route on the 2960 beginning with release 12.2(55)SE as indicated in the link that you reference. So I am guessing that you switch can do this.

As a first step go into config mode and enter the command ip routing. If the command is accepted and if it shows up in the output of show run, then we can be confident that your switch can be used to provide the connectivity between subnets.

I am assuming that the switch is already configured with the two VLANs, one VLAN for the 172.28 network and one VLAN for the 192.168.0 network, and appropriate ports assigned to each VLAN. If that is not the case then let us know and we can discuss that part.

Assuming that two VLANs exist perhaps as vlan 40 and vlan 50 and that the ip routing command was accepted, then the rest of the configuration is pretty simple. You will configure two VLAN interfaces and configure IP addresses on them. It might look something like this:

ip routing

interface vlan 40

ip address 172.28.0.1 255.255.0.0

interface vlan 50

ip address 192.168.0.0 255.255.255.0

This should be enough to allow the clients in network 172.28 to access the device in network 192.168.0. I do not believe that you would need to configure any static routes to establish that connectivity.

Give it a try and let us know how it works.

HTH

Rick

New Member

Re: How to configure route between two subnets on 2960-S?

Hi Richard,

Thank you for your help. I actually tried this prior to posting here but I am still unable to ping from one subnet to another. I guess I am doing something wrong.

Yes, sdm prefer lanbase-routing and ip routing commands are accepted.

To further clarify:

I have a subnet 172.28.0.0/255.255.0.0 in a VLAN 40 with a gateway at 172.28.0.1. This Vlan is configured throughout my network infrastructure. This VLAN is also configured on the Cisco Catalyst 2960-S that I'm trying to use to configure the route between two subnets.

The subnet 192.168.0.0/255.255.255.0 is not deployed throughout my network as I have only one device that needs to be accessed from the 172.28.0.0/255.255.0.0 subnet. I also don't have a gateway configured for the 192.168.0.0/255.255.255.0 subnet.

Then what I did is I added VLAN 11 for this subnet on the previously mentioned Cisco Catalyst 2960-S:

Switch#conf t

Switch(config)# vlan 11

Switch(config)# name TEST

Then what I did is:

Switch#conf t

Switch(config)#ip routing

Switch(config)#

Switch(config)#int vlan 40

Switch(config-if)#ip add 172.28.254.254 255.255.0.0 <- I cannot assign 172.28.0.1 as this IP address is the gateway IP address of this subnet

Switch(config-if)#

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.2 255.255.255.0 <- Here you wrote ip add 192.168.0.0 255.255.255.0, is this a typo or is this where I did the mistake?

If I configure a client in the 172.28.0.0/255.255.0.0 subnet (Vlan 40) I am able to ping 172.28.254.254.

Also if I configure a client in a 192.168.0.0/255.255.255.0 subnet (Vlan 40), I am able to ping 192.168.0.2.

But I am unable to ping 192.168.0.2 from the 172.28.0.0/255.255.0.0 subnet (Vlan 40).

So I am able to ping between VLANs (for example from VLAN 40 to VLAN 11), but only if the device that I am using is configured in the same subnet as the IP that I'm trying to ping.

I hope that my post makes any sense.

I really appreciate your help and I hope you will be able to further assist me with my issue.

Thank you and best regards,

Gasper

Purple

How to configure route between two subnets on 2960-S?

Hi,

did you try the ping between the vlans on the switch first ?

have you configured the default-gateway of the devices as the SVI IP address in the same subnet?

Have you tried the tests with the device firewall disabled ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: How to configure route between two subnets on 2960-S?

Hi Alain,

did you try the ping between the vlans on the switch first ?

Yes and it worked.

have you configured the default-gateway of the devices as the SVI IP address in the same subnet?

I don't understand what you mean by that. Please advise how to do this properly?

I use a seperate management VLAN with a subnet 192.168.99.0/24 for device management. So I have only ip default-gateway 192.168.99.9 configured for the switch management on the Cisco Catalyst 2960-S.

Please note that the client devices configuration cannot be changed. I cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24 devices.

Have you tried the tests with the device firewall disabled ?

Yes, all client devices have firewall disabled.

Thank you and best regards,

Gasper

Purple

How to configure route between two subnets on 2960-S?

Hi,

Please note that the client devices configuration cannot be changed. I  cannot change the gateway on the 172.28.0.0/16 nor on the 192.168.0.0/24  devices.

if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.

Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: How to configure route between two subnets on 2960-S?

if you don't put 192.168.0.2 as the default-gateway on the 192.168.0.0/24 network then it won't work by using the svi.

So should I have 192.168.0.2 configured as the default gateway on my client devices in the 192.168.0.0/24 network or on the switch using:

interface Vlan11

ip address 192.168.0.2 255.255.255.0

ip default-gateway 192.168.0.2 <- this somehow seems wrong

Also should i use ip route-cache?

Can you provide a diagram specifying where are the 192.168.0.0/24 devices and what is theyr Ip config for now as well as for the other subnet devices.

Diagram:

     Cisco ASA:

    

          - Cisco 3750G Stack:

         

               - Cisco Catalyst 2960-S:

                    - Connected devices 172.28.0.0/16

                    - Conencted devices 192.168.0.0/24

192.168.0.0/24 device configuration:

IP: 192.168.0.X

Subnet: 255.255.255.0

Gateway: 192.168.0.1 <- non existing

DNS: 192.168.0.1 <- non existing

172.28.0.0/16 device configuration:

IP: 172.28.X.X

Subnet: 255.255.0.0

Gateway: 172.28.0.1 <- does exist

DNS: ISP public DNS <- working

Now if I understand correctly what I should do is:

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.1 255.255.255.0

instead of:

Switch(config-if)#int vlan 11

Switch(config-if)#ip add 192.168.0.2 255.255.255.0

Is this correct?

Thank you and best regards,

Gasper

Purple

How to configure route between two subnets on 2960-S?

Hi,

yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP  and the same goes for the other vlan.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: How to configure route between two subnets on 2960-S?

yes if the default-gateway is 192.168.0.1 then iny vlan11 must have this IP  and the same goes for the other vlan.

I don't see any problems configuring this for vlan 11, but vlan 40 already has an ip 172.28.0.1 for the gateway which is configured on asa. If I configure interface on the same ip in vlan 40, won't it conflict?

Thank you and best regards,

Gasper

Purple

How to configure route between two subnets on 2960-S?

Hi,

of course they will conflict but in this case no need for vlan 40 on the switch except if you want to connect to this IP for management as the ASA will do the routing but you must have a correct route on the asa.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: How to configure route between two subnets on 2960-S?

Ok, I hope I understood correctly what I have to do.

1. I've reconfigured interface vlan 11: 

     interface vlan 11

     ip address 192.168.0.1 255.255.255.0

2. I've connected a device to vlan 11 with the settings:

     ip: 192.168.0.138

     sub: 255.255.255.0

     gw: 192.168.0.1

3. I've connected a device to vlan 40 with the settings:

     ip: 172.28.2.99

     sub: 255.255.0.0

     gw: 172.28.0.1

Then I tried:

a) Ping to 192.168.0.1 from switch. Result: OK

b) Ping to 172.28.0.1 from switch. Result: NOT OK

c) Ping from device 172.28.2.99 to 172.28.0.1. Result: OK

d) Ping from device 172.28.2.99 to 192.168.0.1. Result: NOT OK

e) Ping from device 172.28.2.99 to 192.168.0.138. Result: NOT OK

f) Ping from device 192.168.0.138 to 192.168.0.1. Result: OK

g) Ping from device 192.168.0.138 to 172.28.0.1. Result: NOT OK

h) Ping from device 192.168.0.138 to 172.28.2.99. Result: NOT OK

On the switch there are configured VLANs 1, 11, 40, 999 (management). And IPs set for vlan interfaces 11 (192.168.0.1) and 999 (192.168.99.28). I didn't set an IP for vlan inferface 40. Default gateway on the switch 192.168.99.9 (I also tried with 192.168.0.1 but there was no difference in results above).

I don't know what I'm doing wrong?

Best regards,

Gasper

Purple

How to configure route between two subnets on 2960-S?

Hi,

can you post a diagram as well as the config from switch and asa.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Purple

Re: How to configure route between two subnets on 2960-S?

  When you entered the command "sdm prefer lanbase-routing"  did you reload the switch stack after this ?  Switch must be reloaded after entering this command .

New Member

Re: How to configure route between two subnets on 2960-S?

  When you entered the command "sdm prefer lanbase-routing"  did you reload the switch stack after     this?

Yes I did.

Best regards,

Gasper

New Member

Re: How to configure route between two subnets on 2960-S?

can you post a diagram as well as the config from switch and asa.

Thank you but for security reasons I cannot publish configuration in such detail.

Purple

How to configure route between two subnets on 2960-S?

Hi,

so we'll try to do without  .

b) Ping to 172.28.0.1 from switch. Result:

NOT OK

if you got no int vlan 40 configured this is normal

all other pings not working are the sign than intervlan routing is not  working.

Can you do traceroute from a device in vlan 11 to a device in vlan 40 and vice versa.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Hall of Fame Super Gold

How to configure route between two subnets on 2960-S?

Gasper

Yes writing 192.168.0.0 255.255.255.0 was a mistake on my part. The interface needs to have a host address (as you did it) and not the subnet address. Sorry about my oversight.

In the original post I was assuming that you wanted to route between VLANs on an isolated switch and that would have been easy. But recognizing that the 2960 is part of a larger group of network devices does complicate things. If the device in 192.168.0 network has a default gateway configured that matches the address that you put on the VLAN interface then routing for that device and that subnet should be working. But the complication comes with the device(s) in the 172.28 network. As long as their default gateway points to 172.28.0.1 then they will want to forward through that address to get to 192.168.0 network.

There are a couple of possibilities that should work:

- put a route on the 172.28.0.1 device for 192.168.0.0 with the address of the VLAN interface as the next hop. So the client will forward to its gateway which will then forward back to 192.168.0.1 which will forward to the target device. This means that traffic will go off the switch and back onto the switch. But it works with the least amount of changes to your network.

- make the default gateway of the clients use the 172.28.254.254 address. Then they will forward all "remote" destinations to the 2960 which can forward traffic to 192.168.0 and the 2960 will need a default route configured pointing to 172.28.0.1 as its next hop.

HTH

Rick

20214
Views
1
Helpful
17
Replies
CreatePlease to create content