Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1854
Views
5
Helpful
5
Replies

Multiple VLANS (and DHCP) but single Internet access

Go to solution
Eugene Khoo
Level 1
Level 1

‎11-23-2021 10:25 PM

Hi,

I'm trying to segregate our network due to areas with public access (and WiFi) and physical ports.

To not disrupt things, the base VLAN (1) has internet access via 192.168.101.11.

 

I've created VLAN 20 and 40 (192.168.20.1 and 192.168.40.1) - switch has IPs for each VLAN.

DHCP works, so I get a 192.168.20.52 for example on the VLAN 20 port (Access port, VLAN20 untagged)

 

but I can't get Internet access from either VLAN 20 or 40.

Am I missing some configuration step? Switch is SG300-28PP in L3 mode.

IPv4 routes have 0.0.0.0 listed with the router IP (101.11)

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2021 11:48 PM

There is nothing missing here from the Switch side

 

The things missing on Internet Router NAT for the new IP address range,  192.168.20.X  and 192.168.40.X

 

Please add these IP addresses in the Access List so they get access to internet,

 

Also if you do not like guest  users to access VLAN1, make a Filters to deny access from 192.168.20, X  and 192.168.40.X  to 192.168.101.X

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2021 11:48 PM

There is nothing missing here from the Switch side

 

The things missing on Internet Router NAT for the new IP address range,  192.168.20.X  and 192.168.40.X

 

Please add these IP addresses in the Access List so they get access to internet,

 

Also if you do not like guest  users to access VLAN1, make a Filters to deny access from 192.168.20, X  and 192.168.40.X  to 192.168.101.X

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Eugene Khoo
Level 1
Level 1
In response to balaji.bandi

‎11-24-2021 12:36 AM

Thanks. Realized I've done this before.

Added VLANs and the 20.x and 40.x IPs on the router and all works now.

0 Helpful

Go to solution
davidc_86
Level 1
Level 1

‎09-06-2023 02:18 AM

Hi i don't suppose you could post up your config? Thanks

0 Helpful

Go to solution
Eugene Khoo
Level 1
Level 1
In response to davidc_86

‎09-06-2023 04:40 AM - edited ‎09-06-2023 04:41 AM

Hi David -- like Balaji mentioned above - nothing is wrong on the switch config. Each switch has the VLANs configured (or they're auto added anyway since the SFP ports carry all the VLANs. The config required was on the router to add the required VLAN/NATs... i.e. 192.168.40.11 as the routing address for VLAN40. So it will be NATed by the router to the internet.

Basically, my router needs an IP for the VLANs so that the switches can VLAN route if required or just send straight to the router on the specific VLAN/Router IP and go out to the internet.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to davidc_86

‎09-06-2023 05:16 AM

every config is different, if you are having same issue, suggest to open a new thread giving more information of your issue, so can be handle easily

@Eugene Khoo cheers for the pitch in.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents