[This is now Fixed]
I have a Cisco Catalyst 2950 running IOS 12.1(22) that sits behind a Watchguard Router / Firewall. I've just turned this on for the first time today, and it is coming off of a fresh / default factory settings.
The Catalyst is able to ping itself (10.1.200.2), but is unable to ping the router or anything on the outside. The router, on the other hand, is able to ping the switch.
The Watchguard is providing the DHCP to the network where this Catalyst sits, and has an IP address of 10.1.200.1. On the Catalyst, I've given the native vlan1 an IP address of 10.1.200.2.
There's two GigEth ports on the 2950, and I've configured the 1st (gig0/1) to act as the trunk port:
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1
switchport mode trunk
spanning-tree portfast disable
!
Further config options for the switch (including int vlan1 settings):
!
interface Vlan1
ip address 10.1.200.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.200.1
ip http server
!
I can't figure out if there's anything additional that I'm missing to get this thing up and running. I also have a Cisco SG-200 (much newer, obviously) that works flawlessly on the same network.
Is there anything I'm missing to get this switch initially talking to the outside?
[EDIT]
I should have clarified, too, that I tried setting these switchports to mode access, which didn't work either. Per the recent answer, here's what the running-config looks like after I just reverted the settings again to switchport mode access:
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode access
!
{ snip }
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
switchport mode access
!
interface GigabitEthernet0/2
switchport mode access
!
interface Vlan1
ip address 10.1.200.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.200.1
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end
Best Answer
The switch is up and running. It does not need ip address settings nor does it need to be able to ping any other host for it to function as a layer 2 switch, which is what it is. Assigning an ip address to the VLAN1 interface allows you to manage the switch by connecting to that ip address, nothing more. It has no bearing on it's functionality as a layer 2 switch. If you plug a correctly configured host into one of the switch ports you'll find, undoubtedly, that the host has proper network connectivity.
Unless you are connecting this switch to another switch and you plan on having multiple VLAN's configured between both switches, there's no need to configure any ports as trunk ports.
The Watchguard firewall is not a router, it is a firewall.
Reconfigure the trunk ports as access ports and see if that resolves the issue.
Make sure you have the correct subnet mask configured on the switch. You should be using the same subnet mask that you're using in the rest of your network.