Solved: CBS350 VLAN without internet access - Page 2

zgtc · ‎03-09-2021

Hi,

I am new to cisco, and networking whatsoever. I bought a CBS350-16T-E-2G 16-Port and intend to use it as an L3 switch, if I understood correctly, I would be able to create VLANs and those would live in their own net, hidden from the other VLANs but able to connect other devices on the same VLAN directly though the switch, without going to/from the ISP router.

For now, I am using a very basic network:

ISP router is plugged to port 1, so default VLAN 1.
I have configured a VLAN 20 and a 192.168.20.1 IP, then assigned it to ports 5 and 9 as access.
Then I have plugged two raspberry pi to these ports, and assigned static IPs 192.168.20.10 and 11.
If I plug a computer into any other port it just gets a .1.x IP and has internet access.

PROBLEM

I can ping both rpi from the switch, and the rpi can ping each other and also the switch at 192.168.20.1, but they cannot access the internet.

Here is my current config:

switche44faf#show running-config
config-file-header
switche44faf
v3.0.0.69 / RCBS3.0_930_770_008
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 00096e Avaya
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone
voice vlan oui-table add 00e075 Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
bonjour interface range vlan 1
hostname switche44faf
(username and user-key removed)
exit
exit
!
interface vlan 1
ip address 192.168.1.167 255.255.255.0
no ip address dhcp
!
interface vlan 20
name teen
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet5
switchport access vlan 20
!
interface GigabitEthernet9
switchport access vlan 20
!
exit
ip default-gateway 192.168.1.1

It is probably a very basic question, but how do I get the VLAN 20 to have internet access?

Thank you for your help
Sergi

balaji.bandi · ‎03-10-2021

sure or you can use raspberry pi with pfsense.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

zgtc · ‎04-05-2021

Hi again, I am back. Sorry, it took me a bit longer than expected, but following your advice, I finally swapped my router into a pfsense router. I also created a simple test scenario with a VLAN 10.

1. From the router itself I can ping from both VLAN 1 and 10 to the internet (both DNS and real site pings).

2. I can also make this VLAN 10 see the internet if I use an Unifi managed switch as access port (only 10 on a specific port).

3. But I still cannot make this VLAN 10 see the internet on my CBS350 switch, no matter what I try. I cannot even get a DHCP address when plugging a cable to the access port on the Cisco switch. Neither can I get it to work on a trunk port even if manually setting the IP of the plugged mac mini. I have tried leaving a trunk port, using an access port, also setting a fix IP on the VLAN or setting a DHCP relay.

Any help would be really appreciated since I am really lost.

Sergi

zgtc · ‎04-06-2021

To give more info. I reset the switch to factory, then add the VLAN and assign it to a port as access. My mac mini simply doesn't know what IP to give it and assigns one out of the VLAN range:

zgtc · ‎04-06-2021

More info on the port I am trying to use for vlan 20:

switche44faf#show interfaces switchport gi9
S-VLAN Ethernet Type:  0x8100 (802.1q)
VLAN Mapping Tunnel L2 protocols Global CoS: 5
Name: gi9
Switchport: enable
Administrative Mode: access
Operational Mode: down
Access Mode VLAN: 20
Access Multicast TV VLAN: none
Trunking Native Mode VLAN: 1
Trunking VLANs: 1,20
                        2-19,21-4094 (Inactive)
General PVID: 1
General VLANs: none
General Egress Tagged VLANs: none
General Forbidden VLANs: none
General Ingress Filtering: enabled
General Acceptable Frame Type: all
General GVRP status: disabled
Customer Mode VLAN: none
Customer Multicast TV VLANs: none
Private-vlan promiscuous-association primary VLAN: none
Private-vlan promiscuous-association Secondary VLANs: none
Private-vlan host-association primary VLAN: none      
Private-vlan host-association Secondary VLAN: none

VLAN Mapping Tunnel - no resources

VLAN Mapping One-To-One - no resources

zgtc · ‎04-06-2021

As a reminder, my other managed switch (Unifi) works perfectly and has internet access on that VLAN20. The VLAN 20 IPv4 and DHCP is managed by the pfsense router. More info on the routes as seen from the cisco switch, in case it helps:

show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


D   0.0.0.0/0 [1/8] via 192.168.1.1, 03:18:21, vlan 1                      
C   192.168.1.0/24 is directly connected, vlan 1

zgtc · ‎04-07-2021

I also updated the firmware to the latest 3.1.0.57. Still same issue, VLAN has no internet connection

zgtc · ‎04-11-2021

Part 1 of the problem was indeed the ISP router, so I used a new computer and installed pfsense v2.5.0. That allowed me to ping (IP and name, from native vlan and new vlan, to the internet) from the new router but still had the problem with the switch.

Then, don't ask me why, but pfsense 2.4.5.p1 did not have any problem at all. Yes, I had reinstalled pfsense v2.5.0 and also tried OPNsense v21.1 as well, both had the same issue not letting me access internet from a Cisco port as access (VLAN x), but once I installed the old pfsense 2.4.5.p1 it all went ok from the beginning.