I have a Cisco 2960 running 12.2(58) SE2 with four VLANs configured (10.10.10.0/24 – 10.10.40.0/24) plus one uplink on a 192.168.1.0/24 network. I have enabled ip routing and the VLANs can talk between one another no problem, but my internet connectivity is not working.
My internet gateway is 192.168.1.1, and I have one interface (GigabitEthernet0/2) on the switch configured on 192.168.1.0/24 with an IP of 192.168.1.254. I tried creating a default route using:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
but that is not working.
In DHCP I set the default gateway for each VLAN as the .1 address.
Here is the config:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname myswitch
!
!
no aaa new-model
clock timezone CST -6
system mtu routing 1500
udld aggressive
!
sdm prefer lanbase-routing
!
ip routing
!
ip subnet-zero
!
!
mls qos map cos-dscp 0 8 16 26 32 46 46 56
!
!
macro global description cisco-global
errdisable recovery cause link-flap
errdisable recovery interval 60
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 192
switchport trunk native vlan 192
switchport trunk allowed vlan 10-192
switchport mode trunk
!
interface Vlan1
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
no ip route-cache
!
interface Vlan20
ip address 10.10.20.1 255.255.255.0
no ip route-cache
!
interface Vlan30
ip address 10.10.30.1 255.255.255.0
no ip route-cache
!
interface Vlan40
ip address 10.10.40.1 255.255.255.0
no ip route-cache
!
interface Vlan192
ip address 192.168.1.254 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
!
ip domain-name domain.internal
ip name-server 10.10.10.2
!
ip dhcp pool vlan10
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.2
domain-name domain.internal
lease 0 1 0
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool vlan20
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 10.10.10.2
domain-name domain.internal
lease 0 1 0
ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool vlan30
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
dns-server 10.10.10.2
domain-name domain.internal
lease 0 1 0
ip dhcp excluded-address 10.10.30.1 10.10.30.10
!
ip dhcp pool vlan40
network 10.10.40.0 255.255.255.0
default-router 10.10.40.1
dns-server 10.10.10.2
domain-name domain.internal
lease 0 1 0
ip dhcp excluded-address 10.10.40.1 10.10.40.10
!
end
From the switch I can get to the internet no problem, but none of the clients connected to the switch can. I suspect it is a problem with my switchport configuration on GigabitEthernet0/2, but I am a server guy, not a network guru and in a bit over my head here.
Best Answer
You need to use the 'ip route 0.0.0.0 0.0.0.0 192.168.1.1' command like you mentioned instead of the existing 'ip default-gateway' command. 'IP route' commands work for all traffic while 'ip default-gateway' is only for traffic originated by that switch.
Also unless whatever is attached to Gi0/2 is a switch configured to trunk you don't want Gi0/2 to be a trunk, you just want it to be an access port.
And you also need to make sure that 192.168.1.1 knows to route 10.10.10.0/24, 10.10.20.0/24 10.10.30.0/24 and 10.10.40.0/24 back to 192.168.1.254.