Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
22352
Views
30
Helpful
40
Replies

Inter vlan routing on a Cisco SF 300-24 port switch No internet except when scanning with wireshark

Go to solution
richley1980
Beginner
Beginner

‎06-01-2012 07:07 AM

Hi,

I am trying get inter vlan routing to work on a DF 300 - 24 port switch.    I have an existing company network on 192.168.111.0 and want to create a vlan on 192.168.1.1 that can talk to 192.168.111.0.    I have enabled layer 3 routing on the switch via console and also provided the ip routing command. I have the following VLAN's:

VLAN1 - Default 192.168.111.0

VLAN2 - 192.168.1.0

I have enabled DNS and provided my two DNS servers 192.168.111.82 & 192.168.111.212.  

I have set the VLAN1 interface to 192.168.111.217 and VLAN2 interface to 192.168.1.1.

Ports FE1 - FE15 are set to access ports and assigned to VLAN1 (untagged)

Ports FE16 - FE24 are set to access ports and assigned to VLAN2 (untagged)

I have set a default route for the switch to 0.0.0.0 0.0.0.0 192.168.111.254 (Draytek 2600 router). I have connected a computer (A) to VLAN1 port FE3 and a computer (B) to VLAN2 port FE16.   I have set Computer A default gateway to 192.168.111.217 and its IP address to 192.168.111.94.    I have set Computer B default gateway to 192.168.1.1 and IP to 192.168.1.2.   

Computer A has access to Mdaemon, file server via network drives but no internet (cannot ping google) and can ping computer B and RDP onto computer B.

Computer B can ping computer A and RDP onto computer A but does not have access to the company network i.e MDaemon, file server etc.   It also cannot access the internet.

From the console I can ping www.google.co.uk and all ip addresses in the company network i.e. 192.168.111.82 (DNS server).   I dont understand what i am doing wrong and have been banging my head for days just staretd a new job and desperatly need to get it working so any help would be greatly appreciated

If I scan computer A wirh wireshark the internet starts working wheird!

Configuration show below:

switch7c0a71#show run

vlan database

vlan 2

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 2

ip address 192.168.1.1 255.255.255.0

exit

interface vlan 1

ip address 192.168.111.217 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 192.168.111.254

interface vlan 1

no ip address dhcp

exit

bonjour interface range vlan 1

hostname switch7c0a71

no passwords complexity enable

no snmp-server server

interface fastethernet1

switchport mode access

exit

interface fastethernet2

switchport mode access

exit

interface fastethernet3

switchport mode access

exit

interface fastethernet4

switchport mode access

exit

interface fastethernet5

switchport mode access

exit

interface fastethernet6

switchport mode access

exit

interface fastethernet7

switchport mode access

exit

interface fastethernet8

switchport mode access

exit

interface fastethernet9

switchport mode access

exit

interface fastethernet10

switchport mode access

exit

interface fastethernet11

switchport mode access

exit

interface fastethernet12

switchport mode access

exit

interface fastethernet13

switchport mode access

exit

interface fastethernet14

switchport mode access

exit

interface fastethernet15

switchport mode access

exit

interface fastethernet16

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet17

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet18

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet19

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet20

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet21

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet22

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet23

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface fastethernet24

switchport mode general

switchport general allowed vlan add 2 untagged

exit

interface vlan 2

name Development

exit

2 people had this problem
Labels:
0 Helpful
40 Replies 40

Go to solution
rocater
Participant
Participant
In response to richley1980

‎06-18-2012 06:32 AM

Can you ping 8.8.8.8? If not, i recommend a tracert to 8.8.8.8 to see how far you can get.

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to rocater

‎06-18-2012 07:02 AM

Hi Robert,

I have run a tracert on 8.8.8.8 and I get the following:

1      *     *     * request timed out

2     *     *     * request timed out

3     *     *     * request timed out

etc

Kind Regards

Richard

0 Helpful

Go to solution
Davidwagman1
Rising star
Rising star
In response to richley1980

‎06-18-2012 07:06 AM

Hi Richard,

What IP from your ISP are you pinging thats working?

Since you're able to ping the draytek from the vlan 4 computer, and the reverse (and access the LAN), I think your switch is config'd properly at this point, and its something with the draytek.

Best,

David

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to Davidwagman1

‎06-18-2012 07:22 AM

Hi David,

I have taken the WAN IP address from the WAN status page of the router, I dont want to post the IP address though for obvious reasons.

Kind Regards

Richard

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to richley1980

‎06-18-2012 07:26 AM

Hi David,

I did a tracert on the ISP IP address and got the following:

1     *          *               *               Request timed out.

2     <1 ms   <1 ms      <1 ms       ISP IP ADDRESS   

regards

Richard

0 Helpful

Go to solution
Davidwagman1
Rising star
Rising star
In response to richley1980

‎06-18-2012 07:28 AM

Thats your public ip, correct? can you ping your ISP's default gateway?

Best,

David

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to Davidwagman1

‎06-18-2012 07:32 AM

Hi David,

How do I find out the ISP's default gateway.

Kund Regards

Richard

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to richley1980

‎06-18-2012 07:34 AM

Hi David,

Just found it, I am unable to ping the GW IP Addr  displayed on the router status page.

Regards

Richard

0 Helpful

Go to solution
richley1980
Beginner
Beginner
In response to richley1980

‎06-18-2012 07:35 AM

Hi David,

I also cannot ping the primary and secondary dns servers for the ISP.

Regards

Richard

0 Helpful

Go to solution
Davidwagman1
Rising star
Rising star
In response to richley1980

‎06-18-2012 08:17 AM

Richard,

I think that you should try and get in touch with Draytek support or follow up on that end.

Check out this thread:

http://www.network-builders.com/draytek-vigor-2600-multi-nat-dmz-vlan-question-t34149.html

I emailed Draytek directly and got the following response:
 a. The Vigor can only deal with one subnet. You could still use the
 Vigor VLAN facility to separate the ports but you'd need two more
 devices to act as the gateway for the other two subnets.

My suggestion prior to reading that would be to set up the subnet on the draytek (if the draytek has multiple interfaces) or use the draytek router to create the vlan, but you may be running into the limits of the router.

Best,

David

Go to solution
richley1980
Beginner
Beginner
In response to Davidwagman1

‎06-18-2012 08:34 AM

Hi David,

I have found this on the draytek router: