T2600G-28TS - cannot access Internet within the switch
T2600G-28TS - cannot access Internet within the switch

Hello,
 
 I'm having issue - I cannot access Internet within the switch, pinging the Internet / the default gateway is not working (the 0.0.0.0/0 static route is already set):
 
 Pinging the router on VLAN3 (is working):
T2600G-28TS#ping 192.168.3.1
Pinging 192.168.3.1 with 64 bytes of data :
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Ping statistics for 192.168.3.1:
    Packets: Sent = 4 , Received = 4 , Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms
 
Pinging same router on VLAN1 (is not working):
T2600G-28TS#ping 192.168.1.1
Pinging 192.168.1.1 with 64 bytes of data :
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.1:
    Packets: Sent = 4 , Received = 0 , Lost = 4 (100% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms 
Pinging router from within the PC connected to T2600G-28TS (is working):
  
>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms 
Pinging some host on 192.168.1.0/24 network within T2600G-28TS (is working):
T2600G-28TS#ping 192.168.1.246
Pinging 192.168.1.246 with 64 bytes of data :
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Ping statistics for 192.168.1.246:
    Packets: Sent = 4 , Received = 4 , Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 1ms , Maximum = 2ms , Average = 1ms 
Pinging the Internet (is not working):
T2600G-28TS#ping 1.1.1.1
Pinging 1.1.1.1 with 64 bytes of data :
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 1.1.1.1:
    Packets: Sent = 4 , Received = 0 , Lost = 4 (100% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms 
Pinging the Internet from within the PC connected to T2600G-28TS (is working):
>ping 1.1.1.1
Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=48ms TTL=53
Reply from 1.1.1.1: bytes=32 time=49ms TTL=53
Reply from 1.1.1.1: bytes=32 time=48ms TTL=53
Reply from 1.1.1.1: bytes=32 time=49ms TTL=53
Ping statistics for 1.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms
 
So it seems that something is wrong with T2600G-28TS configuration, which is as follow:
  
- The T2600G-28TS is connected via 1/0/24 trunk/general port to main switch
- Default VLAN is "1" (and cannot be changed), other VLANs are created
- T2600G-28TS IP is 192.168.1.249
- Router / gateway IP is 192.168.1.1
!T2600G-28TS # vlan 2 name "voip-vlan" # vlan 3 name "wifi-vlan" # vlan 4 name "management-vlan" # vlan 5 name "guest-vlan" # serial_port baud_rate 115200 # system-time ntp UTC+01:00 133.100.9.2 139.78.100.163 12 no system-time dst # user name admin privilege admin secret 5 ### # spanning-tree spanning-tree mode rstp # voice vlan 2 voice vlan oui 00:15:65 oui-desc "YEALINK" # lldp # ip route 0.0.0.0 0.0.0.0 192.168.1.1 # auto-voip # interface vlan 1 ip address 192.168.1.249 255.255.255.0 ipv6 enable # interface vlan 2 ip address 192.168.2.249 255.255.255.0 no ipv6 enable # interface vlan 3 ip address 192.168.3.249 255.255.255.0 no ipv6 enable # interface vlan 4 ip address 192.168.4.249 255.255.255.0 no ipv6 enable # interface vlan 5 ip address 192.168.5.249 255.255.255.0 no ipv6 enable # interface gigabitEthernet 1/0/1 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/2 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/3 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/4 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/5 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/6 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/7 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/8 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/9 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/10 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/11 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/12 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/13 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/14 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/15 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/16 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/17 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/18 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/19 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/20 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/21 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/22 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/23 voice vlan lldp med-status auto-voip 2 # interface gigabitEthernet 1/0/24 switchport general allowed vlan 2-5 tagged spanning-tree # interface gigabitEthernet 1/0/25 # interface gigabitEthernet 1/0/26 # interface gigabitEthernet 1/0/27 # interface gigabitEthernet 1/0/28 # end
Routes:
  
T2600G-28TS#show ip route
Codes: C - connected, S - static
       * - candidate default
S*      0.0.0.0/0 [1/0] via 192.168.1.1, VLAN1
C       192.168.1.0/24 is directly connected, VLAN1
C       192.168.2.0/24 is directly connected, VLAN2
C       192.168.3.0/24 is directly connected, VLAN3
C       192.168.4.0/24 is directly connected, VLAN4
C       192.168.5.0/24 is directly connected, VLAN5 
 Any ideas what could be wrong with that setup?
 
 Best Regards,
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Andone 
 
 Hello,
 
 I've changed configuration - enabled Auto VoIP only - the issue is now that IP phone works OK (VLAN 2), but it seems that I've lost VLAN 1 on the same port - computer connected to IP phone cannot access VLAN 1 network. If I connect computer only - same thing - no access to VLAN 1.
 
 As for Wireshark capture, here is what I got:
 
 Main switch (switch is on trunk port 24):
 
 
 
 T2600G-28TS:
 
 
 
 So there are ping reply packages on VLAN1 (192.168.1.1 / 192.168.1.30) and VLAN 2 and 3 (192.168.2.1 / 192.168.3.1), but somehow T2600G-28TS ignores VLAN1 replies (other VLANs are working fine). The other issue is that I cannot see ping request packages - but maybe this is a Wireshark configuration issue.
 
 Here is a new configuration (with monitoring settings):
  
!T2600G-28TS # vlan 2 name "voip-vlan" # vlan 3 name "wifi-vlan" # vlan 4 name "management-vlan" # vlan 5 name "guest-vlan" # hostname "T2600G-28TS-GF" contact-info "" serial_port baud_rate 115200 # system-time ntp UTC+01:00 194.146.251.100 194.146.251.101 12 system-time dst predefined Europe # user name admin privilege admin secret 5 AAAAAA telnet disable # ip dos-prevent ip dos-prevent type land ip dos-prevent type scan-synfin ip dos-prevent type xma-scan ip dos-prevent type null-scan ip dos-prevent type port-less-1024 ip dos-prevent type blat ip dos-prevent type ping-flood ip dos-prevent type syn-flood ip dos-prevent type win-nuke # ip ssh server no ip ssh version v1 # spanning-tree spanning-tree mode rstp # no ip http server # lldp # ip route 0.0.0.0 0.0.0.0 192.168.3.1 # loopback-detection # auto-voip # interface vlan 1 ip address 192.168.1.249 255.255.255.0 ipv6 enable # interface vlan 2 ip address 192.168.2.249 255.255.255.0 no ipv6 enable # interface vlan 3 ip address 192.168.3.249 255.255.255.0 no ipv6 enable # interface vlan 4 ip address 192.168.4.249 255.255.255.0 no ipv6 enable # interface vlan 5 ip address 192.168.5.249 255.255.255.0 no ipv6 enable # interface gigabitEthernet 1/0/1 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/2 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/3 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/4 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/5 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/6 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/7 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/8 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/9 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/10 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/11 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/12 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/13 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/14 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/15 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/16 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/17 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/18 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/19 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/20 switchport general allowed vlan 2 tagged lldp med-status loopback-detection config process-mode port-based recovery-mode auto loopback-detection auto-voip 2 # interface gigabitEthernet 1/0/21 switchport general allowed vlan 5 untagged switchport pvid 5 no switchport general allowed vlan 1 loopback-detection config process-mode port-based recovery-mode auto loopback-detection # interface gigabitEthernet 1/0/22 switchport general allowed vlan 5 untagged switchport pvid 5 no switchport general allowed vlan 1 loopback-detection config process-mode port-based recovery-mode auto loopback-detection # interface gigabitEthernet 1/0/23 switchport general allowed vlan 1-5 tagged switchport acceptable frame tagged spanning-tree # interface gigabitEthernet 1/0/24 switchport general allowed vlan 1-5 tagged switchport acceptable frame tagged spanning-tree # interface gigabitEthernet 1/0/25 shutdown # interface gigabitEthernet 1/0/26 shutdown # interface gigabitEthernet 1/0/27 shutdown # interface gigabitEthernet 1/0/28 shutdown # monitor session 1 destination interface gigabitEthernet 1/0/19 monitor session 1 source interface gigabitEthernet 1/0/24 both monitor session 1 source cpu 1 both end
 Any ideas?
 
 Thank you,
 Best regards,
- Copy Link
- Report Inappropriate Content
Try to add
ip route 192.168.3.0 255.255.255.0 192.168.3.1
Switch doesn't automatically route traffic to connected networks, like routers do, so you have one-way route right know. If you capture traffic, I guess, you will see packets on 192.168.3.1, but reply packet will not pass switch.
- Copy Link
- Report Inappropriate Content
Got it working, on trunk port I have:
  
interface gigabitEthernet 1/0/24 switchport general allowed vlan 1-5 tagged switchport acceptable frame tagged spanning-tree #
 The VLAN1 / PVID1 wasn't tagged, so switch dropped all packets from it. After changing it to:
interface gigabitEthernet 1/0/24 switchport general allowed vlan 1-5 tagged spanning-tree #
everything started to work.
 
 Thank you!
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 5664
Replies: 13
Voters 0
No one has voted for it yet.

