Solved

Cisco 1921 Not Routing

Posted on 2013-05-16
14
634 Views
Last Modified: 2013-06-21
Hello Experts,

I have a scenario that is doing my head in.

From the diagram I can ping 10.45.82.2 on the 1921 from vlan 112 with ip address 10.44.112.16. However, I can’t ping the same ip address from my pc with ip address 10.44.112.17.

I can ping 10.44.112.17 from the 2690.

Can someone please take a look at the configs and let me know why that is?

Cheers

Carlton
ISR-G2-1921.txt
Switch-2960.txt
topology.png
0
Comment
Question by:cpatte7372
  • 9
  • 3
  • 2
14 Comments
 

Author Comment

by:cpatte7372
ID: 39171671
Experts,

Please note, although I've provided the topology with GNS3 routers, this is live equipment.

Cheers
0
 
LVL 28

Expert Comment

by:asavener
ID: 39171952
Add the command "ip routing" to the 2960.
0
 

Author Comment

by:cpatte7372
ID: 39172725
asavener,

It would accept ip routing. The router will only accept ip default-gateway
0
 

Author Comment

by:cpatte7372
ID: 39172730
asavener,

I meant to say it 'won't' accept ip routing
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39172741
Can you provide the output of "show version" on the 2960?

You tried to enter "ip routing" in configuration mode?  

The prompt should say Switch(config)#
0
 

Author Comment

by:cpatte7372
ID: 39172857
asavener,

Thanks again for responding. I'm not at work so can't provide the show version. However, its very the latest 2960-S. Its the only 2960-S that utilises the Flex Stack.

I did try 'ip routing' in configuration mode. It actually isn't available.

I also can't configure sub interfaces.
0
 

Author Comment

by:cpatte7372
ID: 39173092
asavener,

I was able to log onto the device remotely and do a show version.

From the show version would you be able let me know what the problem is?

And why I can't add sub-interfaces to Fast 0? Or make Fast 0 into a switchport?

Cheers

Switch#show ver
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 09-Feb-12 19:22 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01B00000

ROM: Bootstrap program is Alpha board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)

Switch uptime is 6 hours, 15 minutes
System returned to ROM by power-on
System image file is "flash:/c2960s-universalk9-mz.122-55.SE5/c2960s-universalk9-mz.122-55.SE5.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960S-48FPD-L (PowerPC) processor (revision E0) with 131072K bytes of memory.
Processor board ID FOC1705W22N
Last reset from power-on
3 Virtual Ethernet interfaces
1 FastEthernet interface
50 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 50:06:04:0B:67:00
Motherboard assembly number     : 73-12561-09
Power supply part number        : 341-0382-02
Motherboard serial number       : FOC170520E4
Power supply serial number      : DCA1647V0H2
Model revision number           : E0
Motherboard revision number     : A0
Model number                    : WS-C2960S-48FPD-L
Daughterboard assembly number   : 73-11933-04
Daughterboard serial number     : FOC17050PTP
System serial number            : FOC1705W22N
Top Assembly Part Number        : 800-32643-03
Top Assembly Revision Number    : A0
Version ID                      : V03
CLEI Code Number                : COMGH00ARC
Daughterboard revision number   : A0
Hardware Board Revision Number  : 0x01
         

Switch Ports Model              SW Version            SW Image                
------ ----- -----              ----------            ----------              
*    1 52    WS-C2960S-48FPD-L  12.2(55)SE5           C2960S-UNIVERSALK9-M    


Configuration register is 0xF
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 28

Expert Comment

by:asavener
ID: 39173408
OK, it appears that the 2960s is not a full-featured layer 3 device.   It can have multiple interfaces, and it can have static routes, but many expected layer 3 features are not available.

Try running this command in global configuration mode:

sdm prefer lanbase-routing
0
 

Author Comment

by:cpatte7372
ID: 39173827
ASavener,

Thanks again for responding.  I will try the command and let you know how I get on. In the meantime can you tell me what its meant to achieve?
0
 

Author Comment

by:cpatte7372
ID: 39173946
asavener/experts,

What I don't understand is why can't I ping from the pc with ip address 10.44.112.17, however I can ping from the switch svi with ip address of 10.44.112.16?

And the PC uses 10.44.112.16 as its default gateway....

Weird
0
 
LVL 2

Expert Comment

by:compbatty
ID: 39174310
Hi Carlton,

Having a look at what you have setup here I can see where the issue for you is. As the Cisco 2960-S is only a layer 2 access switch it is not able to do the routing you are hoping that it will do for you. The other issue is that the interface Fa0/0 is an out-of-band management port which is not used for anything other than this.

I have taken some of your configurations and modified them to get this gear to route as you have explained.

I would recommend changing the routing point from the 2960-S to the 1921 Router.

Steps to achieve this:
1) Setup the sub interface on the 1921 with the default gateway IP address and VLAN ID

interface GigabitEthernet0/1.1
 encapsulation dot1Q 10 native
!
interface GigabitEthernet0/1.2
 description Local VLAN for site
 encapsulation dot1Q 112
 ip address 10.44.112.16 255.255.255.0
 ip helper-address 10.44.108.252
 ip helper-address 10.44.40.29


2) Move the cable you have from the router to the switch from Fa0/0 and put it into Gi1/0/1 and apply the following configurations assuming your PC is plugged into Gi1/0/45

interface FastEthernet0
 no description xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 no ip address 10.45.82.10 255.255.255.240
!
interface GigabitEthernet1/0/1
 description Link to 1921-Router
 switchport mode trunk
!
interface GigabitEthernet1/0/45
 switchport access vlan 112
!
interface Vlan10
 ip address 10.45.82.10 255.255.255.192
 no ip helper-address 10.44.108.252
 no ip helper-address 10.44.40.29
 no shut
!
no interface Vlan112


Once this has been changed your traffic will pass through the switch and get dealt with by the router out through the tunnel or any other interfaces you create later on down the track.

To confirm that the configuration is working you can run the show ip route command on the 1921 and make sure there is an entry for 10.45.82.0 and 10.44.112.0

I hope that this helps you and let me know how you get on.

Cheers,

Doug
0
 

Author Comment

by:cpatte7372
ID: 39174316
Wow Doug,

You've renewed my faith in EE.

I will attempt your configuration later this afternoon and let you know how I get on.


Cheers mate.
0
 
LVL 2

Expert Comment

by:compbatty
ID: 39240261
Any update on how the configuration went?
0
 

Author Closing Comment

by:cpatte7372
ID: 39265435
Cheers
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now