Solved: thanks that worked! - Page 2

parisvcisco · ‎06-04-2014

Until now we haven't had much config on our switches so everything is running on vlan1. I've been setting up a new vlan but wanted to give the switch an ip address on vlan1 for now so I did:

interface Vlan1
ip address 192.168.120.240 255.255.192.0

ip default-gateway 192.168.120.248

Once I did this our monitoring server which is on a different site - ip 10.1.1.20 cannot see/ping the switch anymore.

It's a Cisco 2960 layer 2 switch.

What do I need to do in order for this switch to be able to see the 10.1.1.0/24 subnet?

I'm a bit of a beginner so excuse me if I have explained it in the most technical way!

mmoulson1 · ‎06-05-2014

Have a look here:

http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

"The ip default-gateway command differs from the other two commands. It should only be used when ip routing is disabled on the Cisco router."

"Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. As with the ip default-network command, using the static route to 0.0.0.0 is not dependent on any routing protocols. However, ip routing must be enabled on the router. "

parisvcisco · ‎06-05-2014

so after adding ip route 0.0.0.0 0.0.0.0 192.168.120.248 should I do a no default gateway?

mmoulson1 · ‎06-05-2014

Correct

parisvcisco · ‎06-05-2014

thanks that worked!

syed kazim abbas · ‎06-05-2014

Hi dear,

you have problem with ACL and specially subnatting /supernatting

AS you mention below in description:

interface Ethernet1 description Internal Network (192.168.113.0/18) speed 100 duplex full nameif inside security-level 90 ip address 192.168.120.248 255.255.192.0 standby 192.168.120.249 ! interface Ethernet1.1 vlan 20 nameif guest security-level 80 ip address 192.168.1.248 255.255.255.0 standby 192.168.1.249 access-list inside-vpn extended permit ip 192.168.113.0 255.255.192.0 10.1.1.0 255.255.255.0 access-list site-to-site extended permit ip 192.168.113.0 255.255.192.0 10.1.1.0 255.255.255.0 access-list split-tunnel standard permit 10.1.1.0 255.255.255.0

actually the real sub-net is: 192.168.64.0 255.255.192.0

so you have to change the ACL as well then it will work

Regards,

kazim

"please rate me it post helpful"

paul driver · ‎06-04-2014

Hello

The 2960 only support one active svi interface, So if you did have a an ip address assigned in a different svi then it would have been over wrote.

I suggest the easiest way to get this back it to reload the switch, assuming you didn't write your changes to the switch.

Also if you can post you core switch config it would be much easier to understand your current setup.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Julio E. Moisa · ‎06-04-2014

Hi Parisvcisco,

You must have a device L3 to communicate both vlans or subnets. Cisco 2960 doesn't support L3 capabilities.

Can you provide a topology as it is connected (no details)? just to have an idea.

Regards.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

syed kazim abbas · ‎06-05-2014

hi Parisvcisco,

Make sure you do these two things:

1)

interface Vlan1
ip address 192.168.120.240 255.255.192.0

no shutdown (by default it is administratively down)

ip default-gateway 192.168.120.248

2)

Switch's Port connected to ASA (default gateway) in vlan 1

and try to ping 192.168.120.248

Regards,

kazim

"please rate me, if post helpful'

Cannot ping different subnet