Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
4
Helpful
10
Replies

Basic newbie question (dividing network)

Linchpin
Level 1
Level 1

‎08-21-2023 02:08 AM - edited ‎08-21-2023 02:08 AM

Good morning all,

 

First off, I hope I am posting this in the correct section, I apologise if I have posted it in the wrong section.

So I'm looking to get into networking currently, though I'm on a course for Cyber Security, which covers CCNA 2020.

I've got myself 2 cisco switches at the moment (1 unmanaged SF300-28 and 1 managed SG300-28).

 

I am currently only using just the managed switch to act as a DHCP server, to which is hooked up to my router, as recommended by others on the net.

 

With that said, I've disabled DHCP on my router.

I am just learning how to divide a network into 2 separate networks under a /25 mask of course, I've set up all the details for DHCP up correctly (or at least as far as I am aware), and even set up the DNS to use Googles DNS, but when trying to access the net, it doesn't seem to work, I might add that I am doing this all through the web browser for setting things up, I should familiarize myself with the commands as it was covered in the course I am on, but can anyone give me advise on this as to why I cannot access the internet, is there some firewall behind Cisco that might be blocking the connection?

To reiterate on the part on DHCP part, bare in mind that I have the hardware setup as following Modem > Router > Switch I've set up the array so 10.16.0.128 is the default gateway (or was it 129) with a subnet mask of 255.255.255.128 and DNS servers at 8.8.8.8 and 8.8.4.4

My laptop and PC pick up the DHCP settings no problem, just no internet access.

If there is a guide or list of recommended commands to learn, then it'd be appreciated, thanks!

This switch is running on a L3 mode with factory settings.

Labels:
0 Helpful
10 Replies 10

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-21-2023 03:33 AM

You're doing NAT/PAT too?  (You understand you cannot use 10.x.x.x addresses, directly, with the Internet?)

0 Helpful

Linchpin
Level 1
Level 1
In response to Joseph W. Doherty

‎08-21-2023 04:18 AM - edited ‎08-21-2023 04:19 AM

Hey @Joseph W. Doherty ,

Yeah mate, I am aware of the reserved IPs that aren't usable on the internet, thankfully they covered this part in the course I'm on

 

Edit: hmm, smileys doesn't work on these forums?

0 Helpful

Flavio Miranda
VIP
VIP

‎08-21-2023 03:36 AM

Hi @Linchpin 

 I dont believe the problem is on the switch.  If you are getting IP address on the PC, then make sure you are sending the traffic to the router.

 How did you connect the router and the switch? This is an important point.

 If you did it in layer3, by using an interface with ip address,  you need to add a static routing on the switch sending all traffic to router.

If you did the connection in layer2,  you need to extend the vlan to the router or use subinterface on the router if you are using trunk.

On this case, no static router is necessary and you need to use the router as gateway for PC.

 After check that, you need to make sure the router is properly configured.  The router also need to have route sending to modem and you need to enable NAT on the router.

 By the way, which router is it? Can you share the config?

0 Helpful

Linchpin
Level 1
Level 1
In response to Flavio Miranda

‎08-21-2023 04:17 AM

Hello @Flavio Miranda ,

The router and switch are connected via T568B configuration, being obviously RJ45.

I had reserved the IP for the switch via the router, I just spotted the feature for static route on my router, thanks for the tip on that.

My router does have some features for NAT, I'm guessing I'd need to change this option to auto (this option is under Switch Control)

 

Linchpin_1-1692616544180.png

 

I am using an Asus RT-AC3200 router specs listed below, also what sort of config are we talking about?

Linchpin_0-1692616440589.png

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to Linchpin

‎08-21-2023 04:44 AM

The config I am talking about is NAT. You need to keep in mind that when your PC try to communicate on the internet it will use the IP address you assigned to it. Let´s imagine the IP address 192.168.1.10.

 We can assum that the ISP is doing NAT, after all, it delives and private IP address to you right? You can check it by looking the IP address the router is using.

Well, the problem here is that on the egress traffic, the ISP do the NAT for you and you can make it to get to google.com, but the problem is the ingress traffic. Google replies to your ISP which send the packet to your Modem and your modem does not know the IP address 192.168.1.10.

The only IP address your modem know, inside your network, is the IP address of the router connected to it.  That´s way you need to add NAT on the Router. The NAT will make the router "mascarate" the inside network (192.169.1.10) into its own IP address and send it to modem as if it were the router itself. Then, the return traffic have no problem as the modem does know the router IP address.

Hope I could explain.

Linchpin
Level 1
Level 1
In response to Flavio Miranda

‎08-21-2023 05:05 AM

Yeah mate, you've explained it better then on the course I am on, I will have a try at this, I've enabled NAT though my next problem I was thinking about, was the fact that I want to be able to control all of the range of IPs from my switch under a 25 mask, because the way I am thinking at the moment, if I am understanding this right, is because I want to divide the network into 2, I don't think I can split two sets on the switch, as it has to be on the IP x.x.x.129> range, because, to my understanding, a divided network can only have a preset of x.x.x.1 > 126 (if I recall, 127 would be broadcast), and then 129 to 254, so this has me thinking that I need to put the switch first.

Thanks.

Flavio Miranda
VIP
VIP
In response to Linchpin

‎08-21-2023 05:26 AM - edited ‎08-21-2023 05:28 AM

On the switch, in order to use the two /25 you need to have two vlans. On vlan with x.x.x.1 and another one with x.x.x.129

Linchpin
Level 1
Level 1
In response to Flavio Miranda

‎08-21-2023 05:30 AM

Yeah mate, this part I know, but my router is in front of the switch, so reserving the range for both vlans, surely would be impossible, unless the switch was in front of the router?

Like my router is on 172.16.0.1 for example, and the switch 172.16.0.129

0 Helpful

Flavio Miranda
VIP
VIP
In response to Linchpin

‎08-21-2023 05:46 AM

Got it. You can do the logical connection using a layer3 interface. Take the interface you connected the switch on the router and config an IP address on the interface.  On the router side, do the same. You can use a small network just for transit.

Then, you add a default route on the switch sending all traffic to the router's IP address facing the switch. 

But, you need to be able to add a static route on the router returning traffic to switch on the networks you put on those 2 vlans.

 

Linchpin
Level 1
Level 1
In response to Flavio Miranda

‎08-21-2023 02:30 PM

Okay, thanks mate, I'll give this a shot!

0 Helpful
Customers Also Viewed These Support Documents