09-24-2018 06:27 AM - edited 09-24-2018 06:32 AM
Hello,
I configured 3 VLAN on a SG350-28P :
VLAN 1 (192.168.1.0 /24)
+------------------------------------
VLAN 100 +
[NAT Router] ---------------------- [Switch SG350]
VLAN 100 : 10.0.0.1 /24 10.0.0.2 /24 +
+----------------------------------
VLAN 10 (192.168.10.0 /24)
From VLAN 100 : I can access Internet, VLAN 1 and VLAN 10
From VLAN 10, I can access VLAN 1, VLAN 100 and ping 10.0.0.1
From VLAN 1, I can access VLAN 10, VLAN 100 and ping 10.0.0.1
But... from VLAN 1 and 10, I cannot access the Internet.
The SG350 itself can access the Internet, but from Interface 10.0.0.2 only.
All requests are correctly routed to the NAT router 10.0.0.1 and then... nothing.
Even from networks behind the router 10.0.0.1 (I have an intermediate 10.0.10.0 network before the Internet), I can access VLAN 1 and VLAN 10.
The request are routed to the gtw 10.0.0.1 but no further.
Do you have any idea to solve this issue ?
Thanks in advance for your help.
09-24-2018 06:32 AM
Hi there,
How is NAT configured on the router? Do you have an ACL or route-map confgured to determine which 'inside' subnets will be translated.
Can you provide us with the NAT statements from the router?
cheers,
Seb.
09-24-2018 06:37 AM
Hi,
Thanks for the answer.
There is Static routing defined in the NAT router :
- Destination 192.168.10.0 - Gateway 10.0.10.2 - Interface LAN
- Destination 192.168.1.0 - Gateway 10.0.10.2 - Interface LAN
And from behind the NAT, I can access VLAN 1 and VLAN 10 (even 2 hops behind).
09-24-2018 06:42 AM
You misunderstand. The NAT process running on the router will typically be configured to translate traffic from a single 'inside' subnet and translate it using dynamic NAT to the 'outside' interface. On anything but the most basic router this NAT process can be configured, for example to specify a list of 'inside' subnets which can be translated to the outside interface.
This has nothing to do with routing, and would explain why internal hosts cannot communicate past the router.
cheers,
Seb.
09-24-2018 07:58 AM
You are probaly right.
This problem occured in my config environment, using a very basic router.
The switch will be deployed in the customer environment on thursday, connected to a true router.
I hope this will solve the issue.
09-24-2018 07:59 AM
Do you have the config of the production router so we can take a look at the NAT statements?
08-12-2019 08:39 AM
We have essentially the same architecture (4 VLAN). It seems our prosumer router is not up the job. What feature in the router will get the job done? We have no need for PTP or VPNs. Just a single public IP on the WAN side currently. Will a RV130 get the job done?
08-12-2019 11:58 PM
Hi there,
Looking at the datasheet, the RV130 supports up to 5 VLANs, so it would support your requirements.
cheers,
Seb.
08-15-2019 01:24 AM
I think you have no route to internet
For fix this enter commands in SG350 CLI:
#conf t #default-router 10.0.0.1 #ip route 0.0.0.0 /0 10.0.0.1 metric 1 #do write #exit
If you already do route to 0.0.0.0 then show result from command:
#show ip route
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide