Vlan – Cannot ping or SSH into new Catalyst 2960-CX switch from the server VLAN (1)

managementsshswitchingswitchportvlan

I recently setup a Cisco Catalyst 2960-CX switch at work (I'm a SysAdmin at a SMB). Our workstations use VLAN 3, but our servers use VLAN 1. The management IP of the new switch (in VLAN 3) is 192.168.3.253

I can ping it and SSH to it from the workstation VLAN (VLAN 3), but not the server VLAN (VLAN 1). How can I fix this? We are using a ROAS ("router on a stick") setup for the VLANs. I can ping everything else to/from VLAN 1 to/from VLAN 3.

Here is the "show run brief" of the switch:

NewSwitch>ena
Password:
NewSwitch#show run bri
Building configuration...

Current configuration : 2278 bytes
!
! Last configuration change at 18:18:32 UTC Thu Jun 14 2018
! NVRAM config last updated at 17:59:56 UTC Thu Jun 14 2018
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NewSwitch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GYaG$LSF2suD8FNQhzrM70mwg61
!
username admin password 0 ***********
username Equus password 0 ***********
no aaa new-model
system mtu routing 1500
!
!
ip domain-name company.local
!
!
crypto pki trustpoint TP-self-signed-3533827072
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3533827072
 revocation-check none
 rsakeypair TP-self-signed-3533827072
!
!
crypto pki certificate chain TP-self-signed-3533827072
 certificate self-signed 01
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 switchport access vlan 3
!
interface GigabitEthernet0/3
 switchport access vlan 3
!
interface GigabitEthernet0/4
 switchport access vlan 3
!
interface GigabitEthernet0/5
 switchport access vlan 3
!
interface GigabitEthernet0/6
 switchport access vlan 3
!
interface GigabitEthernet0/7
 switchport access vlan 3
!
interface GigabitEthernet0/8
 switchport access vlan 3
!
interface GigabitEthernet0/9
 switchport trunk native vlan 3
 switchport mode trunk
!
interface GigabitEthernet0/10
 switchport access vlan 3
!
interface GigabitEthernet0/11
 switchport trunk native vlan 3
 switchport mode trunk
!
interface GigabitEthernet0/12
 switchport trunk native vlan 3
 switchport mode trunk
!
interface Vlan1
 no ip address
!
interface Vlan3
 ip address 192.168.3.253 255.255.255.0
 ip access-group INBOUND in
!
ip default-gateway 192.168.2.1
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip access-list extended INBOUND
 permit icmp any any echo
 permit icmp any any echo-reply
 permit tcp any any
ip access-list extended OUTBOUND
 permit icmp any any
!
!
line con 0
 logging synchronous
 login local
line vty 0 4
 password ***********
 login local
 transport input ssh
line vty 5 15
 password ***********
 login local
 transport input ssh
!
end

Best Answer

ip default-gateway 192.168.2.1

It has no interface (or route) to 192.168.2.1, so you have no default route. Point your default-gateway to something that exists in 192.168.3.0/24 [vlan3].

Related Topic