cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1935
Views
10
Helpful
13
Replies

3750 inter vlan ok but no internet

malakipaa
Level 1
Level 1

Hello everyone,

I have pretty basic setup. I'm desperate here and need assistance.  My 3750 is ipbase ios 12.2. I have been trying to find solution for a week now.

I got 2 vlans 10 and 20 and one layer 3 port 10.1.10.254 connected to internet router 10.1.10.1.

My issue is I can't ping 10.1.10.1. I can ping svi and clients on vlans.

I've read one user here to erase start-up config to start fresh but didn't work for me.

Also one user  solve this but didn't really mention the exact solution but it was something to do not routing to 10.1.10.1.

I've access-list at 10.1.10.254 in and out to any any.

Any help or ideas would be appreciated. Thank you!

2 Accepted Solutions

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

your router needs a route for vlan 10 and vlan 20 subnets and if you want to go to internet you have to nat these subnets on the router.

example: vlan 10 192.168.10.0/24 and vlan 20 192.168.20.0/24

on the router:

ip route 192.168.10.0255.255.255.0 10.1.10.254

ip route 192.168.20.0 255.255.255.0 10.1.10.254

for nat

access-list 50 permit 192.168.10.0 0.0.0.255

access-list 50 permit 192.168.20.0 0.0.0.255

ip nat inside source list 50 interface x/x   where int x/x is the WAN interface

int x/x

ip address 10.1.10.1

ip nat inside

int x/x   WAN interface

ip nat outside

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

ok then do static binding for the cisco router external interface configured as dhcp client on the consumer router or exclude this IP and make it static on Cisco router.

use same IP as of now so you don't have to change the port forwarding config on consumer router and do port forwarding on cisco like this:

ip nat inside source static tcp x.x.x.x 80 interface x/x 80

this will port forward web traffic from external interface x/x to inside host x.x.x.x

change accordingly to the port forwarding you want to achieve.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

13 Replies 13

cadet alain
VIP Alumni
VIP Alumni

Hi,

your router needs a route for vlan 10 and vlan 20 subnets and if you want to go to internet you have to nat these subnets on the router.

example: vlan 10 192.168.10.0/24 and vlan 20 192.168.20.0/24

on the router:

ip route 192.168.10.0255.255.255.0 10.1.10.254

ip route 192.168.20.0 255.255.255.0 10.1.10.254

for nat

access-list 50 permit 192.168.10.0 0.0.0.255

access-list 50 permit 192.168.20.0 0.0.0.255

ip nat inside source list 50 interface x/x   where int x/x is the WAN interface

int x/x

ip address 10.1.10.1

ip nat inside

int x/x   WAN interface

ip nat outside

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Cadet,

Thank you for your help. I haven't tried this yet but want to ask you more question.

Also I am just in the process in learning more about cisco switching and routing in turn I will go for CCNA. Many things are not so clear to me yet.

Since I have a default route of 0.0.0.0 0.0.0.0 10.1.10.1 at my switch.

Shouldn't the switch forward the frame anything that doesn't belong to  Vlan 10 and 20 subnets automatically to 10.1.10.1 router? Then the router will forward it to WAN?

My setup is like this     switch L3 port 10.1.10.254 --------------------------> 10.1.10.1    (Router)       WAN ip

Cadet,

I forgot to mention why is that on the switch CLI I can ping 10.1.10.1 and public IPs?

And the client pc connected to VLANs can only ping 10.1.10.254 ?  Thanks.

Hi,

The switch can ping the router because it is directly connected,it can ping public IPs because you are natting the connected subnet of the router and the switch is sourcing its traffic from this connected interface so the trafic is natted.

Now when you ping your router from a vlan subnet the router doesn't have a route back to this subnet and it can't reply,if you ping public ip from this vlan it must be natted by the router.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Cadet,

I understand now. It looks like I have no choice but to use cisco router 2621 for this. I don't think my consumer grade router can do local natting.

If it's not too much for you.

Can you please give me the complete  commands on the 2621 router to be able to dial to my ISP PPPoe ADSL2 connection that includes the NAT inside and outside commands with my current setup? I would really appreciate this. Thank you!

Hi,

just use the cisco router as nat device if your router can't nat non directed networks.

it will be easier than putting your consumer router in bridge mode and doing the PPPoE on the cisco one.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

That's the thing, my consumer grade router can't do bridge mode and local custom routing.

And I tried doing PPPoE with 2621 before but no success using different sources for commands.

Can you please help me with the 2621 commands. Thanks.

Hi,

if it can't do bridge mode then no need for PPPoE on the cisco side.

just do nat like I explained above,connect switch to cisco and cisco to consumer.

1) change ip addressing on switch port to cisco router internal facing  port

2)connect other cisco port to consumer router and act as dhcp client:

int x/x

ip address dhcp

3) tell cisco router to use the mac address of this interface as client-id for dhcp requests:

ip dhcp client client-id x/x

4) use dhcp gateway :

  ip route 0.0.0.0 0.0.0.0 dhcp

5) do the nat config with internal as nat inside and external as nat outside like I explained above

You should be able to connect to Internet after that.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

ok. I'll try this.

Is there a speed advantage for using cisco router as the PPPoe dialer anyway?

Hi,

to my best knowledge no.the speed is contracted with the provider and dependent of the distance to the adsl LEX

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Oh yes. I forgot to mention. My consumer router is doing port forwarding as well for hosting a website that's why I thought it would be better if 2621 would be PPPoe dialer and I also have a block of public IP. I figured 2621 would be a good solution in the long run. Since the consumer is doing port forwarding, it sounds like I might lose this functionality since I'm planning to put my server on Vlan 10 with different subnet as of my consumer router.

Hi,

ok then do static binding for the cisco router external interface configured as dhcp client on the consumer router or exclude this IP and make it static on Cisco router.

use same IP as of now so you don't have to change the port forwarding config on consumer router and do port forwarding on cisco like this:

ip nat inside source static tcp x.x.x.x 80 interface x/x 80

this will port forward web traffic from external interface x/x to inside host x.x.x.x

change accordingly to the port forwarding you want to achieve.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Cadet,

Your suggestion works and I can now access internet. However, what I just set up a good practice in real world?

Should I just be better off removing the consumer router out of the picture and use 2621 over it?

What are the advantages  and disadvantages of using consumer router and 2621 together?

What are the advantages and disadvantages of removing consumer router and just use 2621 to do the PPPoe and routing?

Thank you for all your help.

Review Cisco Networking for a $25 gift card