cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


993
Views
0
Helpful
8
Replies
Highlighted
Beginner

SG350 - VLAN cannot access the Internet

Hello,

 

I configured 3 VLAN on a SG350-28P :

 

                                                                               VLAN 1 (192.168.1.0 /24)

                                                                         +------------------------------------

                                      VLAN 100                   +                                          

[NAT Router] ---------------------- [Switch SG350]

VLAN 100 : 10.0.0.1 /24               10.0.0.2 /24  +

                                                                          +----------------------------------

                                                                                 VLAN 10 (192.168.10.0 /24)

 

From VLAN 100 : I can access Internet, VLAN 1 and VLAN 10

From VLAN 10, I can access VLAN 1, VLAN 100 and ping 10.0.0.1

From VLAN 1, I can access VLAN 10, VLAN 100 and ping 10.0.0.1

 

But... from VLAN 1 and 10, I cannot access the Internet.

The SG350 itself can access the Internet, but from Interface 10.0.0.2 only.

All requests are correctly routed to the NAT router 10.0.0.1 and then... nothing.

 

 

Even from networks behind the router 10.0.0.1 (I have an intermediate 10.0.10.0 network before the Internet), I can access VLAN 1 and VLAN 10.

 

The request are routed to the gtw 10.0.0.1 but no further.

 

Do you have any idea to solve this issue ?

 

Thanks in advance for your help.

8 REPLIES 8
VIP Advisor

Re: SG350 - VLAN cannot access the Internet

Hi there,

How is NAT configured on the router? Do you have an ACL or route-map confgured to determine which 'inside' subnets will be translated.

 

Can you provide us with the NAT statements from the router?

 

cheers,

Seb. 

Beginner

Re: SG350 - VLAN cannot access the Internet

Hi,

 

Thanks for the answer.

 

There is Static routing defined in the NAT router :

- Destination 192.168.10.0 - Gateway 10.0.10.2 - Interface LAN

- Destination 192.168.1.0 - Gateway 10.0.10.2 - Interface LAN

 

And from behind the NAT, I can access VLAN 1 and VLAN 10 (even 2 hops behind).

 

 

VIP Advisor

Re: SG350 - VLAN cannot access the Internet

You misunderstand. The NAT process running on the router will typically be configured to translate traffic from a single 'inside' subnet and translate it using dynamic NAT to the 'outside' interface. On anything but the most basic router this NAT process can be configured, for example to specify a list of 'inside' subnets which can be translated to the outside interface.

 

This has nothing to do with routing, and would explain why internal hosts cannot communicate past the router.

 

cheers,

Seb.

Beginner

Re: SG350 - VLAN cannot access the Internet

You are probaly right.

This problem occured in my config environment, using a very basic router.

 

The switch will be deployed in the customer environment on thursday, connected to a true router.

 

I hope this will solve the issue.

VIP Advisor

Re: SG350 - VLAN cannot access the Internet

Do you have the config of the production router so we can take a look at the NAT statements?

Beginner

Re: SG350 - VLAN cannot access the Internet

We have essentially the same architecture (4 VLAN). It seems our prosumer router is not up the job. What feature in the router will get the job done? We have no need for PTP or VPNs. Just a single public IP on the WAN side currently. Will a RV130 get the job done?

VIP Advisor

Re: SG350 - VLAN cannot access the Internet

Hi there,

Looking at the datasheet, the RV130 supports up to 5 VLANs, so it would support your requirements.

https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/datasheet-c78-731521.html

 

cheers,

Seb.

Beginner

Re: SG350 - VLAN cannot access the Internet

I think you have no route to internet

For fix this enter commands in SG350 CLI:

#conf t
#default-router 10.0.0.1
#ip route 0.0.0.0 /0 10.0.0.1 metric 1
#do write
#exit

If you already do route to 0.0.0.0 then show result from command:

#show ip route