06-04-2014 06:59 AM - edited 03-04-2019 11:05 PM
Until now we haven't had much config on our switches so everything is running on vlan1. I've been setting up a new vlan but wanted to give the switch an ip address on vlan1 for now so I did:
interface Vlan1
ip address 192.168.120.240 255.255.192.0
ip default-gateway 192.168.120.248
Once I did this our monitoring server which is on a different site - ip 10.1.1.20 cannot see/ping the switch anymore.
It's a Cisco 2960 layer 2 switch.
What do I need to do in order for this switch to be able to see the 10.1.1.0/24 subnet?
I'm a bit of a beginner so excuse me if I have explained it in the most technical way!
Solved! Go to Solution.
06-05-2014 03:02 AM
Just change your IP route to:
ip route 0.0.0.0 0.0.0.0 192.168.120.248
06-04-2014 08:11 AM
When you say "Once I did this our monitoring server which is on a different site - ip 10.1.1.20 cannot see/ping the switch anymore."
How was is setup previously when it worked?
If your switch has an IP of 192.168.120.240 255.255.192.0, it will need to go to it's default gateway to talk to 10.1.1.0/24.
What devices sit between the subnets? If it is another site do you have a VPN or some kind of WAN?
I think a diagram would be helpful!
06-04-2014 08:26 AM
our default gateway is 192.168.120.248 which is the inside interface of our cisco pix 515e firewall. (We don't use a router)
it's configured to use a site to site vpn with an asa5520 which has clients on the 10.1.1.0/24 subnet
06-04-2014 08:31 AM
OK so is it just the switch that can't talk over the VPN?
Can you PING from a host on the 192.168.120.X network to 10.1.1.20?
06-04-2014 08:46 AM
yes.
I also have a layer 3 switch which had the same issue so I did:
ip route 10.1.1.22 255.255.255.0 192.168.120.248
But I guess this is a quick fix for that switch rather than a solution!
06-04-2014 08:58 AM
Does your 2960 not support the 'ip route' command?
06-04-2014 09:50 AM
no, as I understand it this only works on layer switches.
there isn't an ip route command.
I wonder why it could ping 10.1.1.22 before I did:
interface Vlan1
ip address 192.168.120.240 255.255.192.0
06-04-2014 10:30 AM
Hello
"I wonder why it could ping 10.1.1.22 before I did:"
That's what we are trying to establish for you,
Can you post the run ning config of this access switch and the core highlighting the physical interfaces they are connected with.
res
Paul
06-05-2014 12:57 AM
I think it depends on the IOS version running on your 2960:
Like Paul said if you can post your running config?
06-05-2014 03:17 AM
Also I have noticed on various different ports spanning tree is set to either point to point or rapid pvst. Not sure if this is correct?
At the moment this network is one big single point of failure something I would like to sort out!
06-05-2014 03:30 AM
I'm no STP expert but globally you have:
nmysw03
spanning-tree mode rapid-pvst
nmySW04
spanning-tree mode pvst
nmysw05
spanning-tree mode pvst
"spanning-tree link-type point-to-point Recommended for rapid-PVST+ mode only"
"The rapid PVST+ is available only if you have the EI installed on your switch."
Have a look at:
06-05-2014 02:13 AM
Firewall - nmypix01:
Cisco PIX Security Appliance Software Version 8.0(4)
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
interface Ethernet1
description Internal Network (192.168.113.0/18)
speed 100
duplex full
nameif inside
security-level 90
ip address 192.168.120.248 255.255.192.0 standby 192.168.120.249
!
interface Ethernet1.1
vlan 20
nameif guest
security-level 80
ip address 192.168.1.248 255.255.255.0 standby 192.168.1.249
access-list inside-vpn extended permit ip 192.168.113.0 255.255.192.0 10.1.1.0 255.255.255.0
access-list site-to-site extended permit ip 192.168.113.0 255.255.192.0 10.1.1.0 255.255.255.0
access-list split-tunnel standard permit 10.1.1.0 255.255.255.0
ethernet1 connects to nmysw03 fa0/15
WS-C2950T-24
Version 12.1(22)EA6
nmysw03#sh run
Building configuration...
Current configuration : 4379 bytes
!
! Last configuration change at 16:42:09 GMT Thu May 29 2014
! NVRAM config last updated at 15:20:07 GMT Thu May 29 2014
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname nmysw03
!
!
clock timezone GMT 0
clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00
errdisable recovery cause bpduguard
errdisable recovery cause link-flap
errdisable recovery interval 400
mls qos map cos-dscp 0 8 16 26 32 46 46 56
ip subnet-zero
!
udld aggressive
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
macro global description cisco-global
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/15
description nmypix01 - eth1
switchport trunk allowed vlan 1-4,20
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
interface FastEthernet0/16
description nmypix02 - eth1
switchport trunk allowed vlan 1-4,20
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
interface GigabitEthernet0/2
description Netgear GS748T
switchport trunk allowed vlan 1,20
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
!
interface Vlan1
ip address 192.168.120.245 255.255.192.0
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
!
ip default-gateway 192.168.120.248
line con 0
exec-timeout 0 0
line vty 0 4
exec-timeout 30 0
password 7
login
line vty 5 15
password 7
login
!
end
port 48 connects to the switch in question nmysw04 Gi0/2WS-C2960-24PC-L
12.2(50)SE4
C2960-LANBASEK9-M
nmySW04#sh run
Building configuration...
Current configuration : 1790 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname nmySW04
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface GigabitEthernet0/2
description trunk to nmysw02
switchport trunk allowed vlan 1,20
switchport mode trunk
!
interface Vlan1
ip address 192.168.120.244 255.255.192.0
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
password 7
login
line vty 0 4
exec-timeout 30 0
password 7
login
line vty 5 15
login
!
end
06-05-2014 02:29 AM
I've just spotted on nmysw04 it didn't have a default gateway set!
It can ping the 10.1.1.xxx subnet now!
The layer 3 switch nmysw05 did have this set however but wouldn't ping until I did the ip route command. I'll pasted config in a sec.
06-05-2014 02:59 AM
nmysw05#sh run
Building configuration...
Current configuration : 5952 bytes
!
! Last configuration change at 13:34:29 UTC Mon Jun 2 2014
!
version 15.0
hostname nmysw05
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
switch 1 provision ws-c3650-24ps
ip routing
!
ip device tracking
!
ip dhcp pool guest_wifi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.248
dns-server 8.8.8.8 8.8.4.4
!
no errdisable detect cause gbic-invalid
errdisable recovery cause bpduguard
errdisable recovery cause link-flap
errdisable recovery interval 400
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
match non-client-nrt
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
macro global description cisco-global
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/24
description trunk to nmysw02
switchport trunk allowed vlan 1,20
switchport mode trunk
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 192.168.120.237 255.255.192.0
no ip route-cache cef
!
interface Vlan20
ip address 192.168.0.1 255.255.255.0
!
ip default-gateway 192.168.120.248
ip http server
ip http authentication local
ip http secure-server
ip route 10.1.1.0 255.255.255.0 192.168.120.248
!
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!UKTD-SW-ITS-02#conf t
Enter configuration commands, one per line. End with CNTL/Z.
UKTD-SW-ITS-02(config)#no ip route 10.1.1.0 255.255.255.0 192.168.120.248
UKTD-SW-ITS-02(config)#end
UKTD-SW-ITS-02#ping 10.1.1.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.22, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
UKTD-SW-ITS-02#conf t
Enter configuration commands, one per line. End with CNTL/Z.
UKTD-SW-ITS-02(config)#ip route 10.1.1.0 255.255.255.0 192.168.120.248
UKTD-SW-ITS-02(config)#end
UKTD-SW-ITS-02#ping 10.1.1.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms
So our layer 3 switch can only ping 10.1.1.xxx once the ip route has been set even though default gateway has been configured.
06-05-2014 03:02 AM
Just change your IP route to:
ip route 0.0.0.0 0.0.0.0 192.168.120.248
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide