cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2940
Views
0
Helpful
14
Replies

Vlans on switch 3560 layer 3 is not able to access the internet

I have a Cisco Catalyst 3560-CX switch and an RV320 router.
I am trying to configure my router only for VPN and the switch in layer 3, I have 3 Vlan: Vlan 2 (wireless data), vlan 3 (VoIP server) and Vlan 4 (NAS and web server), but I still can't ping with my router gateway rv320.

 

when I ping from the command line from switch 3560, I can ping 8.8.8.8 or any ip in the world, including vlan 2, 3, 4 and its devices (laptop, pc's, iphone, etc, NAS, SERVER). when I try to ping from my laptop in vlan 2 I can only ping the other vlans (vlan 3, vlan 4) but not at ip 192.168.1.100 and much less at 192.168.1.1 or internet

 

I have configured on router RV320

WAN ip: 10.0.0.2 static

working mode: gateway

LAN ip: 192.168.1.1

 

 

 

I have configured on the switch L3

 

ip routing

 

vlan 2

name Wireless

vlan 3 

name VoIP

vlan 4

name NAS

int vlan 1

no ip add

shut

Int vlan 2

ip add 172.16.2.1 255.255.255.0

no shut

Int vlan 3

ip add 172.16.3.1 255.255.255.0

no shut

Int vlan 4

ip add 172.16.4.1 255.255.255.0

no shut

service dhcp

ip dhcp pool vlan2

netw 172.16.2.0 255.255.255.0

default-router 172.16.2.1

ip dhcp pool vlan3

netw 172.16.3.0 255.255.255.0

default-router 172.16.3.1

ip dhcp pool vlan4

netw 172.16.4.0 255.255.255.0

default-router 172.16.4.1

int gi0/1

switc mode acc

switc acc vlan 2

no shut

int gi0/3

switch mode acc

switch acce vlan 4

ip route 0.0.0.0 0.0.0.0 192.168.1.1

int gi0/9

no switch 

ip add 192.168.1.100

no shut

 

PLEASE HELP

 

14 Replies 14

Hi,

 

Your switch configuration looks good as far as you PING from the switch since it uses the interface connected with the router to send out icmp packets. However, when you PING from any of the VLANs, there is no return route on the Router side (the router does not know how to get back to those networks). There are two alternatives to resolve this issue:-

1) Configure NAT on the LAN side; that is, translate IP addresses from the different VLANs to 192.168.1.100. Unfortunately, you can not do that as 3560 is a switch and it does not support NAT configuration.

2) Configure either static or dynamic routing protocol on the switch and the router, and advertise those routes to the router.

 

HTH,

Meheretab

HTH,
Meheretab

I appreciate your help and prompt response. This is my most accurate information of what I have configured on my switch. I attach the configuration

 

I tried to make the indications you recommended but I still don't find a positive response

 

Configure RIp V2 protocol on the router and on the switch

 

thanks for your help

Hello

On the rtr

ip route 172.16.2.0 255.255.255.0 192.168.1.100
ip route 172.16.3.0 255.255.255.0 192.168.1.100
ip route 172.16.4.0 255.255.255.0 192.168.1.100
ip route 0.0.0.0 0.0.0.0 xxxx<wan interface> 10.0.0 x <wan nexthop>

int xx
Description lan facing interface
ip nat inside

int xx
Description WAN facing interface
ip nat outside

access-list 10 permit 172.16.2.0 0.0.0.255
access-list 10 permit 172.16.3.0 0.0.0.255
access-list 10 permit 172.16.4.0 0.0.0.255

ip nat inside source list 10 interface xx<wan interface>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I cannot enter configuration because it is an RV320 router

 

however enter this configuration on the router

Hello,

 

as far as I recall, the RV320 has only a few commands available through the command line (CLI), so you probably have to configure it through the WebGUI. As suggested, the easiest would be to configure RIPv2 between the RV320 and the 3560. On the RV320, see Step 2 on page 38 of the attached user guide for the procedure to enable RIP.

 

As for granting access to the Internet to all your others Vlans, I think you have to add the additonal networks under Setup --> Network (page 15 of the user guide). There is no setting to manually add these new networks to be natted, so I assume it automatically translates all the networks that you add...not sure if it works like that though...

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv320/administration/guide/en/Updated/rv32x_ag_en.pdf

Hello

make some configurations that are the following attached, if you take a look and tell me your opinion.

thank you

Hi,

The configuration is looking good but you are using two routings as static/default and RIP.  Here, Static/Default routing is taking over the RIP due to higher AD value. 

I want to know what is IP on the Eth0 on the router? Is it 192.168.1.1?

You had configured static routes on the Router which is also looking some confusion: static route.png

 

 

Static route: 172.16.0.0 /16

and to two more routes as: 172.16.2.0/24, and 172.16.3.0/24

There will no issue but looking at incorrect entry.

 

One issue I found with RIP configuration on the switch as:

 

router rip
 version 2
 network 10.0.0.0
 network 172.16.0.0
 network 192.168.1.0

Network 10.0.0.0 is directly connected to the router so it must be removed from the switch configuration and new configuration

 

router rip
 version 2
 network 172.16.0.0
 network 192.168.1.0

and you have selected "Gateway" on the router configuration so I am assuming that router is redistributing default route in the RIP. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

thanks for your help

 

The configuration is looking good but you are using two routings as static/default and RIP.  Here, Static/Default routing is taking over the RIP due to higher AD value. 

Do you think and recommend that I delete the static routes and let the RIP protocol do the job?

 

I want to know what is IP on the Eth0 on the router? Is it 192.168.1.1?

if you mean my gateway? yes, it's my gateway 192.168.1.1

on my WAN1 is the IP 10.0.0.2 and my WAN1 gateway is 10.0.0.1

 

You had configured static routes on the Router which is also looking some confusion:static route.png

 

 

Static route: 172.16.0.0 /16

and to two more routes as: 172.16.2.0/24, and 172.16.3.0/24

There will no issue but looking at incorrect entry.

I did this because I wanted to redirect the IP addresses to my internal networks via 192.168.1.101 which is the port of my gi0 / 9 switch, did I do it correctly? but if I'm wrong, please don't hesitate to tell me

 

and about the switch I already made the corrections, that if indeed it was wrong. just a question:

and you have selected "Gateway" on the router configuration so I am assuming that router is redistributing default route in the RIP. 

Do you recommend that I continue on "working mode: gateway" or "working mode: router"?

 

 

I add some additional information

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.2.1

PING 172.16.2.1 (172.16.2.1): 56 data bytes

64 bytes from 172.16.2.1: icmp_seq=0 ttl=255 time=2.356 ms

64 bytes from 172.16.2.1: icmp_seq=1 ttl=255 time=3.383 ms

64 bytes from 172.16.2.1: icmp_seq=2 ttl=255 time=2.990 ms

64 bytes from 172.16.2.1: icmp_seq=3 ttl=255 time=4.156 ms

64 bytes from 172.16.2.1: icmp_seq=4 ttl=255 time=2.490 ms

64 bytes from 172.16.2.1: icmp_seq=5 ttl=255 time=3.375 ms

^C

--- 172.16.2.1 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.356/3.125/4.156/0.606 ms

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.2.4

PING 172.16.2.4 (172.16.2.4): 56 data bytes

64 bytes from 172.16.2.4: icmp_seq=0 ttl=64 time=35.676 ms

64 bytes from 172.16.2.4: icmp_seq=1 ttl=64 time=58.862 ms

64 bytes from 172.16.2.4: icmp_seq=2 ttl=64 time=77.678 ms

64 bytes from 172.16.2.4: icmp_seq=3 ttl=64 time=100.598 ms

64 bytes from 172.16.2.4: icmp_seq=4 ttl=64 time=18.140 ms

^C

--- 172.16.2.4 ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 18.140/58.191/100.598/29.290 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.3.1

PING 172.16.3.1 (172.16.3.1): 56 data bytes

64 bytes from 172.16.3.1: icmp_seq=0 ttl=255 time=2.549 ms

64 bytes from 172.16.3.1: icmp_seq=1 ttl=255 time=2.634 ms

64 bytes from 172.16.3.1: icmp_seq=2 ttl=255 time=3.744 ms

64 bytes from 172.16.3.1: icmp_seq=3 ttl=255 time=3.222 ms

64 bytes from 172.16.3.1: icmp_seq=4 ttl=255 time=3.820 ms

64 bytes from 172.16.3.1: icmp_seq=5 ttl=255 time=3.590 ms

^C

--- 172.16.3.1 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.549/3.260/3.820/0.509 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.3.2

PING 172.16.3.2 (172.16.3.2): 56 data bytes

64 bytes from 172.16.3.2: icmp_seq=0 ttl=63 time=1.091 ms

64 bytes from 172.16.3.2: icmp_seq=1 ttl=63 time=2.076 ms

64 bytes from 172.16.3.2: icmp_seq=2 ttl=63 time=1.730 ms

64 bytes from 172.16.3.2: icmp_seq=3 ttl=63 time=2.218 ms

64 bytes from 172.16.3.2: icmp_seq=4 ttl=63 time=2.023 ms

64 bytes from 172.16.3.2: icmp_seq=5 ttl=63 time=1.946 ms

^C

--- 172.16.3.2 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 1.091/1.847/2.218/0.369 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 192.168.1.101

PING 192.168.1.101 (192.168.1.101): 56 data bytes

64 bytes from 192.168.1.101: icmp_seq=0 ttl=255 time=3.603 ms

64 bytes from 192.168.1.101: icmp_seq=1 ttl=255 time=2.484 ms

64 bytes from 192.168.1.101: icmp_seq=2 ttl=255 time=2.752 ms

64 bytes from 192.168.1.101: icmp_seq=3 ttl=255 time=3.506 ms

64 bytes from 192.168.1.101: icmp_seq=4 ttl=255 time=4.275 ms

64 bytes from 192.168.1.101: icmp_seq=5 ttl=255 time=5.880 ms

64 bytes from 192.168.1.101: icmp_seq=6 ttl=255 time=5.118 ms

64 bytes from 192.168.1.101: icmp_seq=7 ttl=255 time=3.626 ms

^C

--- 192.168.1.101 ping statistics ---

8 packets transmitted, 8 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.484/3.905/5.880/1.072 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

Request timeout for icmp_seq 5

^C

--- 192.168.1.1 ping statistics ---

7 packets transmitted, 0 packets received, 100.0% packet loss

Hello,

 

can the clients in Vlan 2 and 3 ping the default gateway on the RV320 (192.168.1.1) ?

no! I can not

 

but from my switch if I can

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.2.1

PING 172.16.2.1 (172.16.2.1): 56 data bytes

64 bytes from 172.16.2.1: icmp_seq=0 ttl=255 time=2.356 ms

64 bytes from 172.16.2.1: icmp_seq=1 ttl=255 time=3.383 ms

64 bytes from 172.16.2.1: icmp_seq=2 ttl=255 time=2.990 ms

64 bytes from 172.16.2.1: icmp_seq=3 ttl=255 time=4.156 ms

64 bytes from 172.16.2.1: icmp_seq=4 ttl=255 time=2.490 ms

64 bytes from 172.16.2.1: icmp_seq=5 ttl=255 time=3.375 ms

^C

--- 172.16.2.1 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.356/3.125/4.156/0.606 ms

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.2.4

PING 172.16.2.4 (172.16.2.4): 56 data bytes

64 bytes from 172.16.2.4: icmp_seq=0 ttl=64 time=35.676 ms

64 bytes from 172.16.2.4: icmp_seq=1 ttl=64 time=58.862 ms

64 bytes from 172.16.2.4: icmp_seq=2 ttl=64 time=77.678 ms

64 bytes from 172.16.2.4: icmp_seq=3 ttl=64 time=100.598 ms

64 bytes from 172.16.2.4: icmp_seq=4 ttl=64 time=18.140 ms

^C

--- 172.16.2.4 ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 18.140/58.191/100.598/29.290 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.3.1

PING 172.16.3.1 (172.16.3.1): 56 data bytes

64 bytes from 172.16.3.1: icmp_seq=0 ttl=255 time=2.549 ms

64 bytes from 172.16.3.1: icmp_seq=1 ttl=255 time=2.634 ms

64 bytes from 172.16.3.1: icmp_seq=2 ttl=255 time=3.744 ms

64 bytes from 172.16.3.1: icmp_seq=3 ttl=255 time=3.222 ms

64 bytes from 172.16.3.1: icmp_seq=4 ttl=255 time=3.820 ms

64 bytes from 172.16.3.1: icmp_seq=5 ttl=255 time=3.590 ms

^C

--- 172.16.3.1 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.549/3.260/3.820/0.509 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 172.16.3.2

PING 172.16.3.2 (172.16.3.2): 56 data bytes

64 bytes from 172.16.3.2: icmp_seq=0 ttl=63 time=1.091 ms

64 bytes from 172.16.3.2: icmp_seq=1 ttl=63 time=2.076 ms

64 bytes from 172.16.3.2: icmp_seq=2 ttl=63 time=1.730 ms

64 bytes from 172.16.3.2: icmp_seq=3 ttl=63 time=2.218 ms

64 bytes from 172.16.3.2: icmp_seq=4 ttl=63 time=2.023 ms

64 bytes from 172.16.3.2: icmp_seq=5 ttl=63 time=1.946 ms

^C

--- 172.16.3.2 ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 1.091/1.847/2.218/0.369 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 192.168.1.101

PING 192.168.1.101 (192.168.1.101): 56 data bytes

64 bytes from 192.168.1.101: icmp_seq=0 ttl=255 time=3.603 ms

64 bytes from 192.168.1.101: icmp_seq=1 ttl=255 time=2.484 ms

64 bytes from 192.168.1.101: icmp_seq=2 ttl=255 time=2.752 ms

64 bytes from 192.168.1.101: icmp_seq=3 ttl=255 time=3.506 ms

64 bytes from 192.168.1.101: icmp_seq=4 ttl=255 time=4.275 ms

64 bytes from 192.168.1.101: icmp_seq=5 ttl=255 time=5.880 ms

64 bytes from 192.168.1.101: icmp_seq=6 ttl=255 time=5.118 ms

64 bytes from 192.168.1.101: icmp_seq=7 ttl=255 time=3.626 ms

^C

--- 192.168.1.101 ping statistics ---

8 packets transmitted, 8 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 2.484/3.905/5.880/1.072 ms

 

 

MacBook-Pro-de-Alejandro:~ Alejandro$ ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

Request timeout for icmp_seq 5

^C

--- 192.168.1.1 ping statistics ---

7 packets transmitted, 0 packets received, 100.0% packet loss

Hi,

First Make some configuration changes on the Switch as:

 

ip dhcp pool Vlan2
network 172.16.2.0 255.255.255.0
default-router 172.16.2.1
no dns-server 172.16.2.1

dns-server 8.8.8.8
!
ip dhcp pool Vlan3
network 172.16.3.0 255.255.255.0
default-router 172.16.3.1
no dns-server 172.16.3.1

dns-server 8.8.8.8
!

Because your switch is not working as a DNS forwarder. 

 

Please share a screenshot of the router Firewall configuration and NATing configuration (Port Address Translation).

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

thank you for helping me

 

At this time I just changed the switch configuration about DNS and attached the images of my router

 

regards

Alejandro

Hi,

Disable the Router firewall and try to ping the firewall address and run a traceroute command from the PC to address 192.168.1.1 and 8.8.8.8

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi,

 

thanks again and sorry for the delay in responding

I have disabled my router's firewall, made the DNS 8.8.8.8 changes and traceroute and this was the results.

 

I'm still with the same problem I don't get internet access in my Vlan

 

thanks for giving me your help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: