Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2386
Views
0
Helpful
17
Replies

Can't access the internet from a guest wireless VLAN on a SG300

Go to solution
chimera
Level 1
Level 1

‎10-06-2018 01:08 AM - edited ‎03-08-2019 04:19 PM

I need a little assistance with this issue please.

 

I have a SG300-10. (10.7.0.32) I have 3 VLANS setup.

1 - LAN

20 - Guest WIFI

30 - Servers

 

On port 7 of the switch is a Ruckus WIFI AP. It has two SSID's one for private WIFI VLAN 1 and another for guest WIFI VLAN 20.

PORT 3 has a server attached and it is untagged on VLAN 30.

Port 10 has a Cyberoam switch with three static routes setup to forward back to the switch:

with the following VLANS: 1Untagged, 20 Tagged, 30 Tagged.

 

10.8.0.0 / 255.255.255.0    10.7.0.32
10.9.0.0 / 255.255.255.0    10.7.0.32
10.77.0.0 / 255.255.255.0    10.7.0.32

 

VLAN30 works well and all of the routing between VLANS is fine. The servers can get access to the internet without issue.

The private WIFI works well.

The Guest wifi allows access to the VLAN1 and 30 via the switch no problem. It will not forward packets to the router however. Despite the default route being in place. I have setup NAT for the Guest WIFI on the router but the packets never make it there from the switch so that is not the issue.

I'm pretty sure this is not an ACL issue as I've specified a permit any to any scenario and still the same issue.

If someone could please provide some assistance as to where to troubleshoot from here it would be really appreciated.

 

Switch config below:

config-file-header
switch5e8af7
v1.4.9.4 / R800_NIK_1_4_205_011
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
time-range Allways
time-range DaytimeWifi
absolute start 22:00 16 nov 2016
absolute end 04:58 17 nov 2069
periodic mon 04:58 to mon 22:30
periodic tue 04:58 to tue 22:30
periodic wed 04:58 to wed 22:30
periodic thu 04:58 to thu 22:30
periodic fri 04:58 to fri 22:30
periodic sat 04:58 to sat 22:30
periodic sun 04:58 to sun 22:30
exit
vlan database
vlan 10,20,30
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.7.0.18
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
ip access-list extended "Allow Guest out"
permit ip any any ace-priority 1
exit
ip access-list extended Firewall
permit ip any 10.9.0.0 255.255.255.0 ace-priority 1
exit
hostname switch5e8af7
username ** password encrypted *** privilege 15
ip ssh server
no ip http server
ip http secure-server
clock timezone *** +10
clock summer-time web recurring first sun dec 03:00 first sun jul 03:00
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 132.163.96.1 poll
ip name-server  8.8.8.8
!
interface vlan 1
 ip address 10.7.0.32 255.255.255.0
 no ip address dhcp
 service-acl input Firewall default-action permit-any
!
interface vlan 10
 name Test
 ip address 10.8.0.32 255.255.255.0
!
interface vlan 20
 name Test
 ip address 10.9.0.32 255.255.255.0
 ip dhcp relay enable
 service-acl input "Allow Guest out" default-action permit-any
!
interface vlan 30
 name Servers
 ip address 10.77.0.32 255.255.255.0
!
interface gigabitethernet1
 description Test
!
interface gigabitethernet2
 description Unused
 power inline never
!
interface gigabitethernet3
 description "Test"
 switchport trunk native vlan 30
!
interface gigabitethernet4
 description Test
 switchport trunk native vlan 30
!
interface gigabitethernet5
 description Test
 switchport trunk native vlan 30
!
interface gigabitethernet6
 description Test
!
interface gigabitethernet7
 description WIFI
 switchport trunk allowed vlan add 20
!
interface gigabitethernet8
 description "Test"
!
interface gigabitethernet9
 description Test
!
interface gigabitethernet10
 description "Router UplinkPort"
 switchport trunk allowed vlan add 20,30
!
exit
ip default-gateway 10.7.0.1

Labels:
0 Helpful
17 Replies 17

Go to solution
chimera
Level 1
Level 1
In response to Georg Pauwen

‎10-07-2018 01:54 PM

Yes on the Ruckus. The switch was configured correctly all the time.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to chimera

‎10-07-2018 02:13 PM

Good stuff. Thanks for the info...:)

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to paul driver

‎10-07-2018 02:10 AM - edited ‎10-07-2018 02:20 AM

Hello 

You say you cannot ping the rtr but the rtr has a route back towards vlan 20? 

However looking at your topology your rtr has 10.8.0.0/24 vlan 10 and not vlan 20 and your switch had vlan 10 and vlan 20

10.8.0.32

10.9.0.32

 

in theory your router or switch should be performing the inter-vlan routing not both 

 

So to tidy this up suggest let your router  do the inter- vlan routing and just have a default static route on your switch pointing to the rrtr via the trunk interface you already have setup  then remove the L3 interfaces off the switch then test again 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card