Routing on a Cisco 2960 Catalyst Switch!
Yep, you read that correctly. You can now route on the low-end layer 2 Catalyst 2960 switches (Sounds like one bad oxymoron right?). This feature was introduced in IOS 12.2(55) and requires LAN Base which has been around since late last year, however it is not a very known feature which shocks me! I figured the addition of routing (Albeit limited routing functionality) on a 2960 switch would have been some great news!
Now don’t go expecting to run OSPF or EIGRP on a 2960, in fact it does not support any routing protocol, so your natural reaction is going to be then what is the point? Well it supports inter-vlan routing and up 16 static routes. Remember one of those static routes can be a default route up to a distribution switches’ HSRP address (or VSS Core) allowing you to implement a routed access layer for cheap!
Now in regards to the configuration, once you have 12.2(55) or newer loaded on your 2960 you will need to make sure the switch is running the proper SDM (No, not Security Device Manager for those that are unfortunate to remember it) Switching Database Manager. If you are not familiar with the SDM templates on Catalyst switches they are definitely worth a look at it, especially since the SDM template instructs the switch how to curve up resources to the TCAM. (IE: Mac tables, routing tables, unicast/multicast, QoS, etc -Obviously not all of those pertain to the 2960). The Catalyst 2960 now has the option for ‘lanbase-routing’, which is the SDM we need to enable.
Show sdm prefer – to see the active SDM template in use.
Changing the SDM Template to ‘lanbase-routing’
Note: When we change the SDM the switch requires a reboot for the new SDM template to take effect because it changes the resources allocated by the TCAM.
If you change the SDM and do not perform a reload your changes will not take effect and if you issue sh sdm prefer again the switch will tell you which SDM the switch will load upon next reload.
Ok, now that we have the proper SDM loaded on the switch (lanbase-routing) we need to enable ‘ip routing’ on the switch:
Now, that ‘ip routing’ is enabled we can go ahead and view the routing table of the Catalyst 2960!
Check it out!! A routing table on a Catalyst 2960!
Now, there you have it routing on a Catalyst 2960 the important thing is to remember the limit of 16 static routes. So I put this to the test and added over 20+ static routes:
I placed 22 routes into configuration mode and after #16 the switch silently discarded the rest of the routes. Something else I found pretty interesting is the fact my other VLAN interface disappeared from the routing table (172.16.1.0 /24 which is in the previous screen capture, which is a connected route!) So this feature really is limited but it is there none the less.
In this post I was running 12.2(58) on one of the 2960 switches in my lab C2960TT-L I believe, I was able to place a client one vlan and ping across to another two VLAN attached to the 2960 with no other routing device in the path.
NOTE: WordPress is distorting my images so until I figure out why, all the screen shots in this post are meduim/thumbnail size and can be viewed in full size when clicked on.
CCIE or Null! 
I’ve tried it but routing is not working. when i do sh ip route command it only show the following:
MKT_MasterSwitch#sh ip route
Gateway of last resort is 172.16.33.251 to network 0.0.0.0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.33.0 is directly connected, Vlan33
S 172.16.34.0 [1/0] via 172.16.33.251
S* 0.0.0.0/0 [1/0] via 172.16.33.251
These are the ip route i did:
ip default-gateway 172.16.15.251
ip route 0.0.0.0 0.0.0.0 172.16.33.251
ip route 172.16.33.0 255.255.255.0 172.16.33.251
ip route 172.16.34.0 255.255.255.0 172.16.33.251
no ip http server
ip http authentication local
ip http secure-server
snmp-server community SALES RO
I did the sdm prefer lanbase-routing, save and reload the switch.
rodel
February 13, 2014 at 2:47 PM
Config looks good. Can you ping the next-hop, and the remote network have a back to these networks that are local to the 2960.
Stephen J. Occhiogrosso
February 13, 2014 at 7:25 PM
please remove the ip default-gateway command and enable ip routing command
jim
January 20, 2015 at 10:28 PM
Hi, I have a fortinet and it has 2 vlans.
Also a 2960, it only has a vlans created only to allow Acces to fortinet and then to internet.
Problem is that both vlans can’t communicate so I though if it can be possible to work routing on the 2960 because I don’t have Acces to my fortinet router.
Martín
May 15, 2014 at 10:16 AM
please activate ip routing command
jim
January 20, 2015 at 10:28 PM
I’d like to use 2960-S for Layer 3 Inter-vlan routing using IPv4 and IPv6. Can this be done? Is there a version of 2960 that can do this? Thanks!
Mike
February 7, 2015 at 1:08 PM
I haven’t testing this on a 2960-S specifically but since it works on the regular 2960 I think it should work on the 2960-S just make sure you are running the version. Should be anything post 12.2(55)
Release notes and config guides should verify this.
Stephen J. Occhiogrosso
February 7, 2015 at 3:47 PM
Thanks for this post!
I was just trying to figure out if I could do inter-vlan routing and static routing on a 2960-X with LAN Base, or if I needed to get a 2960-XR with IP Lite. It seems like the 2960-X supports the basic needs for routing at the access layer, and that is awesome.
Limitations are 16 maximum static routes, but do you know if there is a limitation on number of SVIs you can configure?
Thanks again!
Matt
March 11, 2015 at 4:53 PM
There is probably a limit to the number of SVI but imagine the number is very high. I would check the configuration guide they should have the information to get you in the right direction there.
Stephen J. Occhiogrosso
March 11, 2015 at 4:58 PM
I know this is from March 2015, but I just found out the hard way that SVIs count as TWO routes. The directly connected interface (C) and the local network (L) each count as a route and not just one.
So for SVIs you can have up to a max of 8. If you add a default route that goes back to 7 SVI plus one spare route.
Eduardo L. V. Tafner
January 18, 2016 at 3:47 PM
Thank you for additional clarification Eduardo!
Stephen J. Occhiogrosso
January 19, 2016 at 12:09 PM
When I try to activate ip routing, the switch hangs. Any ideas?
Fredric
April 27, 2015 at 5:16 AM
I would try a different IOS and is the proper SDM activated?
Stephen J. Occhiogrosso
April 27, 2015 at 5:54 AM
Im using the lanbase-routing template and IOS 15.0(2)EX5
Fredric
April 28, 2015 at 2:29 AM
[…] Routing on a Cisco 2960 Catalyst Switch […]
It’s been 5 years!! | CCIE or Null!
September 14, 2015 at 9:01 AM
Thanks for this tip, It saved me days of redoing my core, I spend 15 minutes setting up the 2960x and it worked perfect.
TCW
November 25, 2015 at 11:46 AM
Thanks for this explanation.
I did this today and it works perfectly on the 2960X. Only thing different was I used ver 15.5 and had the ‘lanbase-default sdm profile’ as the base. Once I changed this to the ‘lanbase-routing’, everything was working as needed.
Antonio
January 14, 2016 at 7:11 AM
so the routing between vlans works but with restrictions in the number of SVI and static routes. How about 2960s or x stacking, same restrictions?
rizky
August 25, 2016 at 3:13 AM
Thanks for posting this. It’s awesome to know my 2960G has L3 capabilities, even if they are limited. But I’m curious if there’s any performance hit on the switch by changing the sdm template.
David Hoffman
August 31, 2016 at 3:58 PM