Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1541
Views
0
Helpful
7
Replies

Catalyst 3850 can not route to external networks, only internal

sbenter2009
Level 1
Level 1

‎10-01-2015 03:40 AM - edited ‎03-05-2019 02:25 AM

We have two 3850-24-T switches stacked. The diagram is attached.

We have several vlans 20,30,70,100.

 

VLAN 20: WAN 10.141.0.1 Service providers IP

VLAN 30: ADSL (Internet) 192.168.0.1 ISP router IP

VLAN 100: User VLAN, SVI IP: 10.141.2.1 ( in other words interface VLAN 100 IP )

 

we also have a 2960 as distribution layer switch, connected with etherchannel

then another 2960 as a access layer switch, connected with etherchannel.

 

from switch console, we can ping Internet and hosts in the WAN. we can ping everything

when we connect to vlan 100 with a user pc, we can only ping within the 3850...no internet no wan...but from switch console we can ping

when I connect the pc to vlan 30 ( same network as internet segment ) it pings internet but not the internal networks

 

My etherchannels are working.- any suggestions?

 

 

 

 

 

 

 

 

 

Labels:
Preview file
119 KB
0 Helpful
7 Replies 7

Mark Malone
VIP Alumni
VIP Alumni

‎10-01-2015 03:53 AM

all your svis break out on the 3850 yes , vlan 100 is up/up no access-lists applied to it same general config as other vlans that are working?, are you getting the correct dhcp gateway for vlan 100 when the pcs connected to it

0 Helpful

sbenter2009
Level 1
Level 1
In response to Mark Malone

‎10-01-2015 04:00 AM

yes..all interfaces UP /UP..no accesslists anywhere..plain vanilla config

we did not suspect anything cuz from switch console we were able to ping every possible point

until we l=plugged in the pc...the PC pings all interfaces..even the interface that connects directl to ISP s router

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sbenter2009

‎10-01-2015 05:06 AM

Check all your routing tables.

So -

1) does the ADSL device have a route for vlan 100

2) does the CORP WAN know about vlan 100 ie. how are you advertising vlan 100 IP subnet across the WAN.

The reason everything pings from the switch is because it is using the connected SVIs as the source IPs when you ping.

Try an extended ping from the switch using vlan 100 SVI as the source and if it doesn't work then routing tables are the issue.

Jon

0 Helpful

sbenter2009
Level 1
Level 1
In response to Jon Marshall

‎10-01-2015 05:18 AM

ADSL does not have a route for vlan 100? it is a standard ISP device

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sbenter2009

‎10-01-2015 05:19 AM

Then how is it meant to route traffic back to that IP subnet ?

Jon

0 Helpful

sbenter2009
Level 1
Level 1
In response to Jon Marshall

‎10-01-2015 05:45 AM

I guess the only way is to add routes to the ADSL? ...!!

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to sbenter2009

‎10-01-2015 05:59 AM

Yes and you also need to make sure the ADSL router is doing NAT for the vlan 100 IPs and any other IP subnets.

It may or may not allow you to do this.

Jon

0 Helpful
Customers Also Viewed These Support Documents