Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3446
Views
0
Helpful
8
Replies

SG350 - VLAN cannot access the Internet

Athena1390
Level 1
Level 1

‎09-24-2018 06:27 AM - edited ‎09-24-2018 06:32 AM

Hello,

 

I configured 3 VLAN on a SG350-28P :

 

                                                                               VLAN 1 (192.168.1.0 /24)

                                                                         +------------------------------------

                                      VLAN 100                   +                                          

[NAT Router] ---------------------- [Switch SG350]

VLAN 100 : 10.0.0.1 /24               10.0.0.2 /24  +

                                                                          +----------------------------------

                                                                                 VLAN 10 (192.168.10.0 /24)

 

From VLAN 100 : I can access Internet, VLAN 1 and VLAN 10

From VLAN 10, I can access VLAN 1, VLAN 100 and ping 10.0.0.1

From VLAN 1, I can access VLAN 10, VLAN 100 and ping 10.0.0.1

 

But... from VLAN 1 and 10, I cannot access the Internet.

The SG350 itself can access the Internet, but from Interface 10.0.0.2 only.

All requests are correctly routed to the NAT router 10.0.0.1 and then... nothing.

 

 

Even from networks behind the router 10.0.0.1 (I have an intermediate 10.0.10.0 network before the Internet), I can access VLAN 1 and VLAN 10.

 

The request are routed to the gtw 10.0.0.1 but no further.

 

Do you have any idea to solve this issue ?

 

Thanks in advance for your help.

3 people had this problem
Labels:
0 Helpful
8 Replies 8

Seb Rupik
VIP Alumni
VIP Alumni

‎09-24-2018 06:32 AM

Hi there,

How is NAT configured on the router? Do you have an ACL or route-map confgured to determine which 'inside' subnets will be translated.

 

Can you provide us with the NAT statements from the router?

 

cheers,

Seb. 

0 Helpful

Athena1390
Level 1
Level 1
In response to Seb Rupik

‎09-24-2018 06:37 AM

Hi,

 

Thanks for the answer.

 

There is Static routing defined in the NAT router :

- Destination 192.168.10.0 - Gateway 10.0.10.2 - Interface LAN

- Destination 192.168.1.0 - Gateway 10.0.10.2 - Interface LAN

 

And from behind the NAT, I can access VLAN 1 and VLAN 10 (even 2 hops behind).

 

 

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Athena1390

‎09-24-2018 06:42 AM

You misunderstand. The NAT process running on the router will typically be configured to translate traffic from a single 'inside' subnet and translate it using dynamic NAT to the 'outside' interface. On anything but the most basic router this NAT process can be configured, for example to specify a list of 'inside' subnets which can be translated to the outside interface.

 

This has nothing to do with routing, and would explain why internal hosts cannot communicate past the router.

 

cheers,

Seb.

0 Helpful

Athena1390
Level 1
Level 1
In response to Seb Rupik

‎09-24-2018 07:58 AM

You are probaly right.

This problem occured in my config environment, using a very basic router.

 

The switch will be deployed in the customer environment on thursday, connected to a true router.

 

I hope this will solve the issue.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Athena1390

‎09-24-2018 07:59 AM

Do you have the config of the production router so we can take a look at the NAT statements?

0 Helpful

Brent6493
Level 1
Level 1
In response to Seb Rupik

‎08-12-2019 08:39 AM

We have essentially the same architecture (4 VLAN). It seems our prosumer router is not up the job. What feature in the router will get the job done? We have no need for PTP or VPNs. Just a single public IP on the WAN side currently. Will a RV130 get the job done?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Brent6493

‎08-12-2019 11:58 PM

Hi there,

Looking at the datasheet, the RV130 supports up to 5 VLANs, so it would support your requirements.

https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/datasheet-c78-731521.html

 

cheers,

Seb.

0 Helpful

AlKor
Spotlight
Spotlight

‎08-15-2019 01:24 AM

I think you have no route to internet

For fix this enter commands in SG350 CLI:

#conf t
#default-router 10.0.0.1
#ip route 0.0.0.0 /0 10.0.0.1 metric 1
#do write
#exit

If you already do route to 0.0.0.0 then show result from command:

#show ip route
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents