04-16-2018 11:04 PM - edited 03-05-2019 10:17 AM
Hi, I'm very new for CISCO switches.
Recently my company install 3650 gigabit switch and I connect it to our Internet line which has static address. And I add 2 VLANs, one for Servers, two for Office PCs.
Now, inter-VLAN routing is no problem but all connected PCs on VLANs has no access internet.
I also made additional VLAN which is assigned only one dedicated port which connected to our internet.
Briefly show the VLANS:
VLAN 1 : default
VLAN 100 : Servers - G1/0/1-12
ip address 100.100.100.1 255.255.255.0
ip nat inside
VLAN 200 : Offices - G1/0/13-22
ip address 100.100.200.1 255.255.255.0
ip nat inside
VLAN 300 : WAN - G1/0/24
ip address 121.133.31.150 255.255.255.192
ip nat outside
And I set ACL for:
access-list 1 permit 100.100.100.0 0.0.0.255
access-list 2 permit 100.100.200.0 0.0.0.255
ip nat inside source list 1 interface vlan 300 overload
ip nat inside source list 2 interface vlan 300 overload
ip route 0.0.0.0 0.0.0.0 121.133.31.194
Also there is DHCP server running:
ip dhcp excluded-address 100.100.100.1
ip dhcp excluded-address 100.100.200.1
ip dhcp pool VLAN_Server
network 100.100.100.0 255.255.255.0
default-router 100.100.100.1
dns-server 8.8.8.8
lease infinite
ip dhcp pool VLAN_Office
network 100.100.200.0 255.255.255.0
default-router 100.100.200.1
dns-server 8.8.8.8
lease infinite
Inter-VLAN communicate is all right.
only each VLANs can't go through internet which connected VLAN 300.
I need all experts advice...
Thanks for advance!
Solved! Go to Solution.
04-19-2018 04:45 AM
Hi,
I think the best router is Cisco 4451 ISR. The Cisco 4451 ISR has 1Gb throughput upgradable to 2Gb.
Regards,
Deepak Kumar
04-17-2018 12:00 AM
Hi,
Your interface Vlan 300 ip address is not within the same subnet as the default route; will you please adjust.
Best regards,
Antonin
04-17-2018 02:20 AM
Hello amikat,
Thanks for your suggestion.
However, VLAN 300 ip address is not what I can change.
This address is given by internet provider (static IPv4 address), directly came from
Fiber cable to cable modem. What this provider just send us is all I have these:
"You can set your IP address like shown below:
address : 121.133.31.150
subnet : 255.255.255.192
gateway : 121.133.31.194" -> this is probably fiber modem's address
This cable is connected to gi1/0/24.
When I connect my PC directly to this modem with given address set, it works fine,
So, I'm trying to figure out routing 100.100.100.xxx (vlan 100) and 100.100.200.xxx (vlan 200)
to vlan 300.
Just connect this vlan 300 with modem, I can "ping 8.8.8.8 repeat 500" without problem.
Also I can ping to 100.100.100.xxx and 100.100.200.xxx connected PCs.
Again, I can ping from PC with address 100.100.100.xxx to 100.100.200.xxx and ip address of
vlan 300, no problem, but I can't ping from PC to gateway (121.133.31.194).
Sorry that I'm very new for vlan and route function, and CISCO as well....
Let me know how can I make it to work with this environment?
04-17-2018 03:55 AM
Perhaps posting the entire config, sanitized if necessary, and the output of "show version" would be hlpful in determining a solution.
Thanks
04-17-2018 07:56 PM - edited 04-17-2018 07:57 PM
04-17-2018 04:04 AM - edited 04-17-2018 04:20 AM
Hi,
Without knowing the details of your configuration will you please just TRY to change your interface vlan 300 ip address to 121.133.31.193 with the same mask (255.255.255.192) and see if there is any progress.
Thanks & Regards,
Antonin
04-18-2018 04:51 AM
04-17-2018 05:35 AM - edited 04-17-2018 05:38 AM
Hi
As I remember this switch model does not support NAT, it is supported on Routers, Firewalls and robust switches like: 65xx, 68xx and 9K switches only.
Some NAT commands can be executed on the switches but they will not work. The following link is an example of the devices supporting NAT (not updated), About other models like Cisco 3850 don´t support NAT either.
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/29283-166.html
Hope it is useful
:-)
04-17-2018 09:18 PM
Ah, yes, thanks for your link regarding list of NAT capable switch list.
According to this information, indeed there is no 3650-24PS model included.
Means that I can't use this "ip nat inside" nor "ip nat outside"...
If so, is there any way to routing internet access from internal vlan devices?
I'm almost desperate to figure out how to do it.
Sure, there is easy way to add small router on top of this 3650 switch and connect to it.
Or even small SOHO type 4-port internet router to connect.
But what I find is that there is no "PORT FORWARDING" command working as well!
"ip nat inside source static tcp 100.100.100.100 80 121.141.31.150 extendable"
If it does not working, it is really hard to connect our web server to this switch vlan group.
Sure I could set port forward from "Router" to this "Switch"
But again I can't assign port forward from router connected uplink port to vlan.
Need good advice!
04-18-2018 01:14 AM
Hi,
As you mentioned the solution will be adding in a router into the mix which will be assigned the VLAN 300 range. This router will then perform the NAT/Port forwarding functions you want.
In terms of the LAN - It would be best to create a new VLAN and SVI(interface vlan) for this on the switch. This new range will be then what you use for the LAN interface on the router. You will then configure on the switch a new default route pointing it to the routers LAN interface. One last thing to keep in mind is your router will need a route to reach the LAN networks via the switch as well.
Hope that helps
Nathan
04-18-2018 05:29 AM
Hi
You could consider the Cisco 800 Router model to make the NAT role and create a router-in-a-stick scheme for your VLANs. Selecting the router you must take in consideration the amount of traffic to pass through, the 800 model is for Small business or branches.
https://www.cisco.com/c/dam/assets/prod/routers/cisco-router-selector/index.html
Hope it is useful
:-)
04-18-2018 09:06 AM
Hi,
The switch will not support NAT. Please go with any router.
Regards,
Deepak Kumar
04-18-2018 12:43 PM
04-18-2018 11:51 PM
Hi,
How much WAN bandwidth?
Regards,
Deepak Kumar
04-19-2018 12:51 AM
We have contract with provider for 1G fiber 1 line with static IP address.
I think for our application, 1G bandwidth is enough.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide