Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
5
Replies

Problem with inter-VLAN routing... How to solve it?

Go to solution
Huexxx1977
Level 1
Level 1

‎02-26-2013 04:51 AM

Hi all.

I have a WRVS4400N at my office to have one VPN with our main client and also to manage all the small network.

In two weeks more or less we are going to change our office to another place, merging two offices in one.

At the new place we'll have two different ADSL connections, and we'll keep our separate LAN from the other LAN.

The aim is to interconnect both LANs in order to 'see' the machines from one LAN to the other, but mantaining both LANs with their current configuration, subnet, etc.

In order to get that, I've created a new VLAN on the router and I've attached only port4 to this VLAN.

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

As you can see, main VLAN has its own /24 subnet (10.148.145.0/24) and dhcp enabled (to assign IPs on my LAN) while the new VLAN has its own /24 subnet too (10.0.0.0/24) but with dhcp disabled (is a different LAN with its own DHCP server).

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

http://dl.dropbox.com/u/4629711/VLAN/VLAN01.jpg

VLAN 1 uses ports 1-3 and VLAN 2 uses only port 4.

Of course I've enabled inter-VLAN routing:

http://dl.dropbox.com/u/4629711/VLAN/VLAN03.jpg

To emulate the future scenario, I've connected a router with internet access to port 4 with IP:10.0.0.2, so I have two different LANs.

Well, the reality is the following:

- From my PC connected to VLAN1 I have a correct IP (assigned by my Cisco) and I see all my VLAN and I can see 10.0.0.1 too (the router's IP on VLAN2), but I cannot see anymore (pings to 10.0.0.2 have no response). I can access Cisco router at 10.148.145.97 and 10.0.0.1.

- From my PC connected to VLAN2 I have a correct IP (assigned by the other router on 10.0.0.2), I only can see my VLAN (10.0.0.0/24 IPs). I can access Cisco router only at 10.0.0.1.

How can I do it to allow both VLANs to 'see' the other?

How can I control the access to WAN port? I don't want machines from VLAN2 accessing internet through our router.

Thanks and regards!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Clayton Sill
Level 1
Level 1
In response to Huexxx1977

‎03-01-2013 01:51 PM

Hello Francisco,

      Switch it from gateway mode to router mode will turn off the NAT to the router. Which will allow vlan 2 not to be able to get out to the internet but also vlan 1 as well which isn't what you want. You may be able to create some access rules then and create deny rules to not be able to get out to the internet.. maybe create some default route rules like 0.0.0.0. You might also be able to create internet policys to stop a certain subnet to being able to get out to the internet as well.

As for the vlans talking to each other, everything looks good, the inter-vlan routeing is what allows both VLANS to talk to each other and that is enabled. What are your default gateways set up on the devices you are testing? As long as the default gateways on your PC/Devices are pointing to the routers ip/gateway address you should be good to go at this point.

VLAN 1: default gateway should be 10.148.145.97

VLAN 2: default gateway should be 10.0.0.1

Other than that everything looks to be set up correctly based on the pictures. The vlans you have set up on the ports are correct.

Let me know your devices are set up and will go from there.

Hope this helps,

Thanks,

Clayton Sill

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jonatrod
Level 7
Level 7

‎03-01-2013 05:49 AM

Hi Francisco, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I was studying your case and I could give you an advise, you need to change your router mode from "Gateway" to "Router" I believe this going to fix the error. If you have any question please let me know

I hope you find this answer useful,

*Please mark the question as Answered or rate it so other users can benefit from it"

Greetings,

Johnnatan Rodriguez Miranda.

Cisco Network Support Engineer

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
0 Helpful

Go to solution
Huexxx1977
Level 1
Level 1
In response to jonatrod

‎03-01-2013 06:19 AM

Firstly thanks for your answer!

This is not a solution IMHO because my Cisco WRVS4400N is working as default gateway of my LAN.

If I switch router mode to Router, I'll lost my internet connection.

I'll try again and check it a little bit more...

Is it possible to set it as Router and mantain it as my default gateway to internet?

0 Helpful

Go to solution
Clayton Sill
Level 1
Level 1
In response to Huexxx1977

‎03-01-2013 01:51 PM

Hello Francisco,

      Switch it from gateway mode to router mode will turn off the NAT to the router. Which will allow vlan 2 not to be able to get out to the internet but also vlan 1 as well which isn't what you want. You may be able to create some access rules then and create deny rules to not be able to get out to the internet.. maybe create some default route rules like 0.0.0.0. You might also be able to create internet policys to stop a certain subnet to being able to get out to the internet as well.

As for the vlans talking to each other, everything looks good, the inter-vlan routeing is what allows both VLANS to talk to each other and that is enabled. What are your default gateways set up on the devices you are testing? As long as the default gateways on your PC/Devices are pointing to the routers ip/gateway address you should be good to go at this point.

VLAN 1: default gateway should be 10.148.145.97

VLAN 2: default gateway should be 10.0.0.1

Other than that everything looks to be set up correctly based on the pictures. The vlans you have set up on the ports are correct.

Let me know your devices are set up and will go from there.

Hope this helps,

Thanks,

Clayton Sill

0 Helpful

Go to solution
jonatrod
Level 7
Level 7
In response to Huexxx1977

‎03-04-2013 06:29 AM

I am sorry Francisco I should asked a little more details, you are no able to set and Router and keep going Nat, Could you please provide me your topology? In case you have a switch connected to your Device I will share with you few document regarding Trunk Port Setup http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=67 you need to set your connection between your router and your switch need to be Trunk, also Untagged the access ports. That should guaranteed access between Vlans.

If you want to restrict the access to Internet for Vlan2 you can create an access list from Vlan2 to Wan. I found other document to perform in to your router http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=1124

I hope this information can help you

Greetings,

Johnnatan Rodriguez Miranda.

Cisco Network Support Engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
0 Helpful

Go to solution
Huexxx1977
Level 1
Level 1
In response to jonatrod

‎03-25-2013 03:11 AM

Hi all!

I've solved the issue.

The problem was on the 'other' net... because the pings weren't returned to sender.

I've added a static route on the other net's router to my router and that's all.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents