Hello Alan,

Please see running config per your request. I am using an RV042 cisco Dual
WAN router but i dont exactly how to configure the NAT.

Thanks.

config-file-header
JPCCORESW
v2.4.5.71 / RTESLA2.4.5_930_181_144
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 10,100,200
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network JPC-ADMIN
address low 192.168.100.91 high 192.168.100.250 255.255.255.0
default-router 192.168.100.3
dns-server 8.8.8.8
exit
ip dhcp pool network JPC-GUEST
address low 172.29.240.51 high 172.29.243.254 255.255.252.0
lease 0 2
default-router 172.29.240.3
dns-server 192.168.1.1
exit
bonjour interface range vlan 1
hostname JPCCORESW
username cisco password encrypted 8f288262e7de38f011a41fcdaa5d9445f5031e3e
privilege 15
username isadmin password encrypted
8f288262e7de38f011a41fcdaa5d9445f5031e3e privilege 15
ip ssh server
snmp-server location "JPC CORE"
ip name-server 192.168.1.1
!
interface vlan 1
name JPC-ADMIN
ip address 192.168.100.3 255.255.255.0
no ip address dhcp
!
interface vlan 10
name "MGMT VLAN"
!
interface vlan 100
name JPC-GUEST
ip address 172.29.240.3 255.255.252.0
!
interface vlan 200
name JPC-CAMERAS
ip address 172.30.240.3 255.255.255.0
!
interface GigabitEthernet1
switchport access vlan 100
switchport trunk native vlan 200
!
interface GigabitEthernet2
switchport general allowed vlan add 1 tagged
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet3
switchport access vlan 100
switchport trunk allowed vlan remove 2-199,201-4094
!
interface GigabitEthernet4
switchport access vlan 100
switchport trunk allowed vlan remove 2-199,201-4094
!
interface GigabitEthernet5
switchport access vlan 200
!
interface GigabitEthernet6
switchport access vlan 200
!
interface GigabitEthernet12
switchport access vlan 100
switchport trunk allowed vlan remove 2-4094
!
interface GigabitEthernet24
switchport general pvid 100
switchport trunk native vlan 100
!
interface GigabitEthernet25
switchport mode trunk
!
interface GigabitEthernet26
ip address 192.168.1.2 255.255.255.0
no switchport
switchport mode trunk
switchport access vlan 100
!
interface GigabitEthernet28
switchport access vlan 100
switchport trunk allowed vlan remove 2-4094
!
exit
macro auto enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
ip default-gateway 192.168.1.1
ip route 172.29.240.0 /22 192.168.1.1
ip route 192.168.100.0 /24 192.168.1.1
JPCCORESW#

Hi the NAT would be configured on the router not the SG350 as switches dont support NAT generally

Here is a quick doc with screenshots showing you how to do it on your specific model

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb4154-configure-one-to-one-network-address-translation-nat-on-rv32.html

Hi Mark,

I have attached some screenshots. If you could let me know what is wrong
with the config with my NAT config on the RV042.

I have did a ping to 8.8.8.8 from the rv042 and it succeeded, but when
pinging 8.8.8.8 from the SG350 its unsuccessful.

Seems the Attachement didn’t go through.

My Config for the one to one NAT is

Private IP- 192.168.1.2
Public IP- 101.99.128.1
Range 1

As I mentioned.

I have did a ping to 8.8.8.8 from the rv042 and it succeeded, but when
pinging 8.8.8.8 from the SG350 its unsuccessful.

I’m not sure where I’m going wrong.

Please see attachement and below sg350 config file. set default route
0.0.0.0 0.0.0.0 192.168.1.1(Gateway Router)

JPCCORESW#show running-config
config-file-header
JPCCORESW
v2.4.5.71 / RTESLA2.4.5_930_181_144
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 100,200
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network JPC-ADMIN
address low 192.168.100.91 high 192.168.100.250 255.255.255.0
default-router 192.168.100.3
dns-server 8.8.8.8
exit
ip dhcp pool network JPC-GUEST
address low 172.29.240.51 high 172.29.243.254 255.255.252.0
lease 0 2
default-router 172.29.240.3
dns-server 8.8.8.8
exit
bonjour interface range vlan 1
hostname JPCCORESW
username cisco password encrypted 8f288262e7de38f011a41fcdaa5d9445f5031e3e
privilege 15
username isadmin password encrypted
8f288262e7de38f011a41fcdaa5d9445f5031e3e privilege 15
ip ssh server
snmp-server location "JPC CORE"
ip name-server 8.8.8.8
ip domain polling-interval 8
!
interface vlan 1
name JPC-ADMIN
ip address 192.168.100.3 255.255.255.0
no ip address dhcp
!
interface vlan 100
name JPC-GUEST
ip address 172.29.240.3 255.255.252.0
!
interface vlan 200
name JPC-CAMERAS
ip address 172.30.240.3 255.255.255.0
!
interface GigabitEthernet1
switchport access vlan 100
switchport trunk native vlan 200
!
interface GigabitEthernet2
switchport general allowed vlan add 1 tagged
switchport access vlan 100
switchport trunk native vlan 100
!
interface GigabitEthernet3
switchport access vlan 100
switchport trunk allowed vlan remove 2-199,201-4094
!
interface GigabitEthernet4
switchport access vlan 100
switchport trunk allowed vlan remove 2-199,201-4094
!
interface GigabitEthernet5
switchport access vlan 200
!
interface GigabitEthernet6
switchport access vlan 200
!
interface GigabitEthernet12
switchport access vlan 100
switchport trunk allowed vlan remove 2-4094
!
interface GigabitEthernet24
switchport general pvid 100
switchport trunk native vlan 100
!
interface GigabitEthernet25
switchport mode trunk
!
interface GigabitEthernet26
ip address 192.168.1.2 255.255.255.0
no switchport
switchport mode trunk
!
interface GigabitEthernet28
switchport access vlan 100
switchport trunk allowed vlan remove 2-4094
!
exit
macro auto enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
ip default-gateway 192.168.1.1
JPCCORESW#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S 0.0.0.0/0 [1/4] via 192.168.1.1, 00:01:37, gi26
C 172.29.240.0/22 is directly connected, vlan 100
C 172.30.240.0/24 is directly connected, vlan 200
C 192.168.1.0/24 is directly connected, gi26
C 192.168.100.0/24 is directly connected, vlan 1

JPCCORESW#


Test ping from Router to 8.8.8.8 successful

Sorry attachement attached.

Hi
Remove trunk from this its a routed port not required

interface GigabitEthernet26
ip address 192.168.1.2 255.255.255.0
no switchport
switchport mode trunk

Change the ip default-gateway to a layer 3 default as its a multi vlan switch

no ip default-gateway 192.168.1.1
To
ip route 0.0.0.0 0.0.0.0 192.168.1.1

You dont need native vlans these days and there should only be ever 1 on a local network if it is in use , which is it 100 or 200 , if you dont require to specifically have it as native remove it and just use standard trunk links not specifying native

Ports are also set as trunk and access at same time meaning trunk will always take pref , choose 1 , if its just pc connected use switchport access only , its another switch or a device that requires multiple vlans use a trunk config


connect a pc to this port , remove the trunk part , make sure pc gets the correct IP address and test do you have internet access after fixing the above too

interface GigabitEthernet1
Description Test PC
switchport access vlan 100

Thanks for the information about your SG350. I am guessing it is more likely that the issue is with the RV042. Can you provide information about it? In particular we would want to see information about whether it has routes for the 2 subnets that are not getting Internet access. Also looking for information about how its address translation is set up.

 

From a device in the subnets that are not getting Internet access are you able to ping the address of the RV042?

 

HTH

 

Rick

Hi,

 

Please see attached for config file per your instructions. On this config file it indicates the cli commands that i used. Internet access still unavailable for either VLANS. 1 or 100.

 

I have also included the routing table again for the RV042.

 

 

 

kindly advise next steps to try.

You have provided the config of the SG350 and the output of show ip route from it. These show clearly that the SG350 is routing for vlans 1 and 100 and is routing them over the routed port Gig26 with the RV042 as the next hop. You have also provided a screenshot of the routing page of the RV042. And clearly it has routes for the subnets of vlan 1 and vlan 100 with the SG350 as the next hop. So it is pretty clear that the problem is not a routing problem.

 

The other likely cause of symptoms like this is address translation. Can you provide information from the RV042 about what it is doing for address translation? Or can you post the config of the RV042?

 

HTH

 

Rick

Hi
Internets working from router thats good can you try using a default route on the switch instead of multiple routes and a gateway , ip route 0.0.0.0 0.0.0.0 x.x.x.x (LAN INT on router )

it doesn't look like anything attached ?

In addition to the advice about NAT given by Malone, I want to add the following;

 

In the device datasheet I can see that the SG350 supports IP routing, but see some routing statements that are not clear in your configuration. 

 

ip route 172.29.240.0 /22 192.168.1.1
ip route 192.168.100.0 /24 192.168.1.1

 

The 172.29.240.0 /22 appears as a directly connected interface (interface vlan 100) on the switch. 192.168.100.0 /24 appears as directly connected on interface vlan 1. Could you elaborate on what device has 192.168.1.1? 

If indeed it is the switch (as you say), then those routes are redundant because they are directly connected interfaces. If it is your router, then I would delete those routes and replace them with a default route pointing to the RV.

 

ip route 0.0.0.0/0 {ip address of the router}

 

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5724-configure-ipv4-static-routes-settings-on-a-switch-through-th.html

 

Hope this helps.