CBS350-8T-E-2G VLAN acces internet

sid-informatique · ‎03-11-2024

Bonjour,

J'ai un VLAN bureautique en 192.168.1.0. Mon CBS350-8T-E-2G a l'adresse 192.168.1.240.

La passerelle par défaut est le 192.168.1.1.

J'ai un VLAN formation en 192.168.80.0. Mon CBS350-8T-E-2G a l'adresse 192.168.80.1, le dhcp fonctionne parfaitement.

Comment faire pour que le VLAN 80 (formation) accède à internet ?

Vous remerciant,

Romain

pieterh · ‎03-18-2024

which device does the NAT for 192.168.1.0 to the internet provider?
-> you need to add a NAT rule on this device for the new inside subnet/vlan 192.168.80.0/24
if this is a different device than the CBS350-8T-E-2G,
then you also need to configure the new vlan on the link between these two devices

sid-informatique · ‎03-20-2024

I added a NAT rule on the internet provider for the new inside subnet/vlan 192.168.80.0/24.

Gateway 192.168.1.1, new vlan 192.168.80.0.

without success

pieterh · ‎03-21-2024

for your internet router the 192.168.80.0 is "behind" the CBS350
so you need a static route on your internet router, so it can find the path back to 192.168.80.0
if I understand your network correctly this static route needs to point to your CBS350 address 192.168.1.240
and the CBS350 will route between 192.168.1.0/24 and 192.168.80.0/24

sid-informatique · ‎03-26-2024

I started with this note:
https://www.cisco.com/c/en/us/support/docs/smb/switches/Cisco-Business-Switching/kmgmt-2254-configure-vlan-mapping-on-a-cbs-switch.html

Here is my configuration:

config-file-header
switchb3e59e
v3.4.0.17 / RCBS3.4_950_377_325
CLI v1.0
file SSD indicator plaintext
@
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 2,80
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 00096e Avaya
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone
voice vlan oui-table add 00e075 Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
gvrp enable
no ip routing
system resources policy-ip-routes 32 policy-ipv6-routes 32 vlan-mapping-entries 128
ip dhcp server
ip dhcp pool network "dhcp formation"
address low 192.168.80.10 high 192.168.80.220 255.255.255.0
dns-server 80.10.246.2
exit
bonjour interface range vlan 1
hostname switchb3e59e

!
interface vlan 1
ip address 192.168.1.240 255.255.255.0
no ip address dhcp
no ipv6 address dhcp
!
interface vlan 2
name Administratif
!
interface vlan 80
name Formation
ip address 192.168.80.1 255.255.255.0
ipv6 address dhcp
!
interface GigabitEthernet1
gvrp vlan-creation-forbid
gvrp registration-forbid
spanning-tree disable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
!
interface GigabitEthernet2
ipv6 address autoconfig
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 2
switchport general pvid 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2
switchport customer vlan 2
!
interface GigabitEthernet3
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
!
interface GigabitEthernet4
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
!
interface GigabitEthernet5
gvrp vlan-creation-forbid
gvrp registration-forbid
spanning-tree disable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 80
switchport general pvid 80
switchport trunk native vlan 80
switchport trunk allowed vlan 80
switchport vlan-mapping one-to-one 80 2
!
interface GigabitEthernet6
gvrp vlan-creation-forbid
gvrp registration-forbid
spanning-tree disable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
switchport access vlan 80
switchport general pvid 80
switchport trunk native vlan 80
switchport trunk allowed vlan 80
switchport vlan-mapping one-to-one 80 2
!
interface GigabitEthernet7
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk native vlan 80
!
interface GigabitEthernet8
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk native vlan 80
!
interface GigabitEthernet9
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
!
interface GigabitEthernet10
gvrp enable
spanning-tree guard root
spanning-tree bpduguard enable
switchport mode trunk
!
exit
ip ssh-client key rsa key-pair
---- BEGIN SSH2 PRIVATE KEY ----
Comment: RSA Private Key

---- END SSH2 PRIVATE KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: RSA Public Key

---- END SSH2 PUBLIC KEY ----
.
ip ssh-client key dsa key-pair
---- BEGIN SSH2 PRIVATE KEY ----
Comment: DSA Private Key
---- END SSH2 PRIVATE KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: DSA Public Key
1WYGaj2MTfv3xgdj1kM=
---- END SSH2 PUBLIC KEY ----
.
crypto key import rsa
---- BEGIN SSH2 PRIVATE KEY ----
Comment: RSA Private Key

---- END SSH2 PRIVATE KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: RSA Public Key
---- END SSH2 PUBLIC KEY ----
.
crypto key import dsa
---- BEGIN SSH2 PRIVATE KEY ----
Comment: DSA Private Key
---- END SSH2 PRIVATE KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: DSA Public Key
---- END SSH2 PUBLIC KEY ----
.
crypto certificate 1 import
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
.

I only deleted the ssh key