Solved: Re: Beginner - InterVlan Routing but no internet access with Catalyst

Diogo Figueiredo · ‎01-04-2023

Hi all,

I am facing a little problem here, first let me introduce that I am a beginner in networking studying for my CCNA, I recentely bought a Catalyst 1000 to have some fun testing stuff and I now would like to use it as home switch.

What I am trying to do:

Separate my home network in 3 VLANS, VLAN10 as Guests Network, VLAN20 only for my gaming PC and VLAN30 for a mini server I use for virtualisation.

I created all VLAN on the switch, interVlan routing is working like a charm, the problem is I can't access the internet. I have port one of the switch connected to a Cisco1921 router, port one of the switch is configured as no switchport and with and ip address in the same subnet as my LAN interface of the router.

I've configured a gateway of last resort on the switch pointing to my router LAN interface IP. I guess I am facing some NATing problems, I did not configure somethink with nat inside my switch cause I did not yet studied much about configuring NAT and I do not really understand how it works. I have ip nat inside configured in my router LAN interface if I connect my pc to the router no problem I have internet access, as soon as I connect the pc to a switch port in one of the VLANs it doesn't work. Note that with the console if I ping google directly from the switch it works.

I tried to add ip nat inside in the vlans interfaces to try even if I don't really know what it really does but didn't work as well. Can maybe someone help me to sort this one out?

Here my switch config:

Current configuration : 5635 bytes
!
! Last configuration change at 09:42:16 CET Wed Jan 4 2023
!
version 15.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname SW1-Diogo
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Jc4o$Qq9MAsVmEj9O1sOPUKkPA1
!
username argentLamming password 7 00273028256459565D73
no aaa new-model
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
switch 1 provision c1000-8t-2g-l
system mtu routing 1500
ip routing
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 10.0.20.1 10.0.20.10
ip dhcp excluded-address 10.0.30.1 10.0.30.10
!
ip dhcp pool GUEST-NETWORK
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8 1.1.1.1
!
ip dhcp pool ADMIN-NETWORK
network 10.0.20.0 255.255.255.0
default-router 10.0.20.1
dns-server 8.8.8.8 1.1.1.1
!
ip dhcp pool SERVER
network 10.0.30.0 255.255.255.0
default-router 10.0.30.1
dns-server 8.8.8.8 1.1.1.1
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3507063424
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3507063424
revocation-check none
rsakeypair TP-self-signed-3507063424
!
!
crypto pki certificate chain TP-self-signed-3507063424
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353037 30363334 3234301E 170D3233 30313034 30373333
31345A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35303730
36333432 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810096C2 B3390561 F2378F9C ACC70BE4 5788BF17 D7243EAF 535741F3 E2B445E1
9774C94D DA9E464F 0BCF0425 56A1885E 82BCF544 686268E0 9F78AB9B 2103A338
4D70494E 2FD89D95 EB6CD744 62A29243 418ABC8C 0FB29575 192017F6 AB5EEAB9
1E3E7D53 4A0883D2 B37A401C 79BA9005 385704DB ECD7DA33 A7AFDE5F 41ACE92A
52BD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E9B6D1 6A0912FA 25C89CF0 388FEAD4 5AF02EAB 9D301D06
03551D0E 04160414 E9B6D16A 0912FA25 C89CF038 8FEAD45A F02EAB9D 300D0609
2A864886 F70D0101 05050003 8181002E C1C57517 6E3D8B42 B10B0392 6C801A65
CEFF7A15 9C8B58D8 62307C2B 2196E5B2 C013EFEF BEFDC6AA 387962D5 A6FA85A7
ACCCBAF2 1F7A4D20 F5882D15 4DA25CE7 088ABAB1 37EA1FE2 0DBE526A 5BD6D296
95979D6D 72DFD0DF E65B768D 6984DF8A B3DC5993 FB1422E0 5438BE65 DF416E60
4C6DDB03 ABC023B5 22B05CD0 BFF560
quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet1/0/1
description WAN INTERFACE
no switchport
ip address 10.0.17.2 255.255.255.252
!
interface GigabitEthernet1/0/2
description GUEST NETWORK
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
description ADMIN NETWORK
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
description SERVER
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface Vlan1
ip dhcp client client-id ascii PSZ25521H4A
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 10.0.20.1 255.255.255.0
!
interface Vlan30
ip address 10.0.30.1 255.255.255.0
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.0.17.1
!
access-list 1 permit 10.0.17.0 0.0.0.255
access-list 100 permit ip 10.0.17.0 0.0.0.255 any
!
!
banner motd ^CC

********** ** ** ** **** **** ** ** **** **
/////**/// /** // /** /**/** **/** ** ** /** **** /**/** /**
/** /** ** ****** /** ****** /**//** ** /** //** ** /** **//** /**//** /**
/** /****** /** **//// /** **//// /** //*** /** //*** /** ** //** /** //** /**
/** /**///**/**//***** /**//***** /** //* /** /** /** **********/** //**/**
/** /** /**/** /////** /** /////** /** / /** ** /** /**//////**/** //****
/** /** /**/** ****** /** ****** /** /** ** /********/** /**/** //***
// // // // ////// // ////// // // // //////// // // // ///

__________________________________________________________________________________________________________________________________________

Warning! Your data will be saved!

Please log out immediately if you are not an authorized administrator!
___________________________________________________________________________________________________________________________________________

^C
!
line con 0
exec-timeout 5 0
password 7 022B054F020A0B24731F50495C
login local
line vty 0
access-class 1 in
exec-timeout 5 0
login local
transport input telnet
line vty 1
access-class 1 in
exec-timeout 5 0
login local
no exec
transport preferred none
transport input telnet
stopbits 1
line vty 2 4
access-class 1 in
exec-timeout 5 0
login local
transport input telnet
line vty 5 15
access-class 1 in
login
transport input none
!
end

Thanks in advance,

Diogo Figueiredo

balaji.bandi · ‎01-04-2023

Couple of things you need to do on Router which is connected to Internet

add route back to switch

IP route 192.168.10.1 255.255.255.0 10.0.17.2

IP route 10.0.20.0 255.255.255.0 10.0.17.2

IP route 10.0.30.0 255.255.255.0 10.0.17.2

Also on Router NAT ACL add below range in ACL (change 1 to as per your config in router)

access-list 1 permit 192.168.10.0 0.0.0.255 any

access-list 1 permit 10.0.20.0 0.0.0.255 any

access-list 1 permit 10.0.30.0 0.0.0.255 any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

chrihussey · ‎01-04-2023

Hello,

Do you have static routes in the router pointing to the switch's G1/0/1 interface for the subnets you created on the switch?

MHM Cisco World · ‎01-04-2023

friend

you missing
ip nat inside and ip nat outside in your config
and
ip nat inside source list 1 interface <ISP> overload
!
ip access-list standard 1
permit <your LAN?>

balaji.bandi · ‎01-04-2023