Unable To Access Internet From Multiple VLANs

mkeefe226-1 · ‎01-19-2022

I recently acquired a 10 port SG350 and was looking to add it to my home network. My home network consists of a Comcast router, this SG350, and a mesh wireless network (Deco). My goal is to connect the Deco wireless and wired networks to the SG350 with different VLANs and have the SG350 connect to the Comcast router (internet). I setup two VLANs on the SG350, VLAN10 (wired) and VLAN20 (wireless). I configured each VLAN with a static IP, DHCP pools for each, and a static route pointing to the Comcast router (10.0.1.1). I’m able to get a DHCP address on devices in the different VLANs. I only had one machine that was able to ping a machine in a different VLAN but I suspect that might be a firewall issue on the machine itself. I was not able to access the internet from any device and could not ping the Comcast router from any device.

The next thing I tried was using the default VLAN 1 that was already on the SG350 and configured the VLAN IP in the same subnet as the Comcast router.

VLAN 1 IP: 10.0.1.2/24

Comcast router: 10.0.1.1/24

Static Route: 0.0.0.0 - 10.0.1.1

When I did that I was able to access the internet. So, it works if I assign an IP within the same subnet on VLAN 1 only. I tried using the same settings in different VLANs but cannot reach the internet.

When I first started setting this up the instructions said you could put it in layer 3 mode. I do not see that setting. I do have the ability to set ports to either layer 2 or layer 3 and configure as access, trunk, etc.

I have read similar threads where the person is advised to put the Comcast router in bridge mode. When I did that nothing worked. I’m sure I could be missing some steps but I’m not sure what those might be. Comcast advises it’s not necessary for what I’m doing?

https://www.xfinity.com/support/articles/wireless-gateway-enable-disable-bridge-mode

The only thing I can think that the issue might be is not having a router back to the SG350 from the Comcast router for the other networks VLAN10 and VLAN20. It works when I configure a network in the same subnet as the Comcast router but nothing else. If that’s the case I may need to replace the Comcast router with something that has routing capability although I thought that’s what I’d be able to do with this SG350

Here is the current config file the way I had originally intended to set this up:

config-file-header

SG350

v2.5.8.15 / RCBS3.1_930_871_084

CLI v1.0

file SSD indicator excluded

@

!

unit-type-control-start

unit-type unit 1 network gi uplink none

unit-type-control-end

!

vlan database

vlan 10,20

exit

voice vlan state auto-triggered

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp server

ip dhcp pool network Wired

address low 10.0.1.50 high 10.0.1.100 255.255.255.0

lease 7

default-router 10.0.1.1

dns-server 8.8.8.8

exit

ip dhcp pool network Wireless

address low 10.0.2.50 high 10.0.2.100 255.255.255.0

lease 7

dns-server 8.8.8.8

exit

bonjour interface range vlan 1

hostname SG350

clock timezone EST -5

ip name-server 8.8.8.8 75.75.75.75

!

interface vlan 1

name "VLAN1"

ip address 192.168.1.254 255.255.255.0

no ip address dhcp

!

interface vlan 10

name Wired_Net

ip address 10.0.1.2 255.255.255.0

!

interface vlan 20

name Wireless_Net

ip address 10.0.2.1 255.255.255.0

!

interface GigabitEthernet1

switchport access vlan 10

switchport general pvid 10

switchport trunk native vlan 10

!

interface GigabitEthernet2

switchport access vlan 20

switchport general pvid 20

switchport trunk native vlan 20

!

exit

macro auto controlled

ip default-gateway 10.0.1.1

balaji.bandi · ‎01-19-2022

This is only a switch- this can not do any NAT, yes you can make Layer 3 router, but you need do NAT for the rest of the IP range, are you able to NAT on Comcast router, other than - the Comcast router: 10.0.1.1/24 range?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mkeefe226-1 · ‎01-19-2022

Thanks for the quick response. I just checked and I don't see way to do NAT on the Comcast router. There are options for port forwarding but not NAT as you describe above. I assume if that's the case I will need to replace it with something else. Any suggestions on what to get to make this work?

balaji.bandi · ‎01-19-2022

SG350

this is a switch, it can work for you 10.0.1.1/24 ( as long as all the devices in this network)

if you need more VLAN and more network to work in the Lan (if your ISP Router can not do more NAT )

then look at other Options like RV Models ( based on that thinking this is for home) - look the specification before buy.

https://www.cisco.com/c/en/us/support/routers/small-business-rv-series-routers/series.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mkeefe226-1 · ‎01-19-2022

This is for my home network. The other thing I wanted to accomplish was have pc's and laptops on a wired network communicate with wireless devices. For example, I have a wireless printer that receives a DHCP address from the DECO. That wireless network is a different subnet than my wired network then the Comcast router. I was looking to be able to print something from a laptop on the 10.0.1.1/24 network to the printer on the 192.168.68.1/22 network. Is that possible?

balaji.bandi · ‎01-19-2022

You can consolidate it all into one network, do you have any small network diagram of how it is connected to suggest better.

not sure what is DECO. if all the devices use 1 RV example for Wired and Wireless you can seamlessly connect each other.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mkeefe226-1 · ‎01-19-2022

DECO is a mesh wireless solution form TP-Link. It gets a dynamic IP 10.0.1.90/24 form the Comcast router and then runs its own DHCP server in the 192.168.68.1/22 network. So all wireless devices connect to the DECO and get an IP address of 192.168.68.X. I don't have a diagram but I can make one if that would help. I only have the Comcast router, the DECO wireless router, and the Cisco SG350.

Squozen_EU · ‎01-26-2022

The reason the new networks aren't reaching out to the internet is that the DECO router has no route back to the networks behind the switch. If you cannot add static routes to the DECO router you will need to replace it with something more advanced.

edit: absolutely misread the original post. IGNORE.

cyberconsultants · ‎01-26-2022

The Comcast router should allow OP to configure a static route/s for the LANs configured on, and back to, the switch.

Squozen_EU · ‎01-26-2022

You are correct, I had read the OP as having the DECO router behind the Comcast router and double-NATting. If the Comcast router can do this, fantastic. This fixes the problem.

Squozen_EU · ‎01-26-2022

If you can ping the printer from the 10.0.1.0/24 network you should be able to add it manually to your laptop. If you can't ping it, check that the DECO doesn't have a firewall running on the WAN interface.