Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
2
Helpful
12
Replies

CBS350, vlan2 cannot access internet but can access other vlan

Go to solution
iewhf02i
Level 1
Level 1

‎05-16-2023 01:20 PM - edited ‎05-16-2023 01:29 PM

I am totally new to cisco and networking in general. I am using a CBS350-16T-2G. I got it because my ISP's ONR HG8240T5 is horrible, it only lets me assign 16 ip addresses using mac addresses and does not let me create subnets/vlans. It also does not allow me to go into bridge mode so I can't use a router. I figure the CBS350 as a dhcp server and creating vlans would be perfect.

My network is designed like this.

  • ISP Router is plugged into port 16, vlan1.
  • I created vlan2, and assigned it to port 2. The rest of the ports are vlan1 for now.
  • I created an address pool 192.168.2.1-192.168.2.253 and an ipv4 interface at 192.168.2.254.
  • I added a static route destination 0.0.0.0 -> next hop at 192.168.1.254 where my ONR router is.
  • I created a static host which assigns the ip address 192.168.2.108 to my device based on its mac address.

PROBLEM

When the devices are on vlan1, I can do everything fine, I can connect to the internet and communicate with other devices on the vlan1 using ssh.

When I put my laptop on vlan2 and assigned it 192.168.2.108, my device from vlan1 with the address 192.168.1.99 can access it and vice versa. However, my device on vlan2 is not able to access the internet. How can I make sure that all my devices on all the vlans are able to access the internet?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to iewhf02i

‎05-22-2023 12:40 AM

If I am understanding the discussion correctly vlan 1 and vlan 2 were able to communicate but the issue was that vlan 2 did not have Internet access. This would be because the ISP is doing Network Address Translation for vlan 1 but not for vlan 2. I am guessing that you are not able to get the ISP to do NAT for vlan 2. For you to be able to do your own NAT you need a router and I believe that your c921 should be able to do the NAT.

HTH

Rick

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Flavio Miranda
VIP
VIP

‎05-16-2023 04:06 PM

Hello,

 In order to communicate between vlan you need to enable IP routing on the CBS350.

If you are using web interface for config, you need to come here

FlavioMiranda_0-1684277527216.png

 To allow all vlans to go to the internet, change the way you are communicating with the ISP. Setup one interface as Layer3 on your switch on the same network as the ISP device.

 Example.

FlavioMiranda_2-1684278314921.png

Plug the interface you just configured to the ISP device. Keep you default route to ISP device.

 

 

Go to solution
iewhf02i
Level 1
Level 1
In response to Flavio Miranda

‎05-21-2023 11:28 AM

Hi @Flavio Miranda if I do this, can I still assign a static IP to the switch from the interface table so that I can activate the DHCP server to assign my own IP addresses?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to iewhf02i

‎05-21-2023 12:49 PM

Yes you can. The IP I was mentioning is to communicate with ISP. But you can/should create an interface vlan for Lan and use it as default gateway for your host.

 

0 Helpful

Go to solution
iewhf02i
Level 1
Level 1
In response to Flavio Miranda

‎05-21-2023 12:59 PM

Not sure why people keep telling me I need a router so that I can do router
on a stick, but I will try your method tonight. Hope it works. Thanks.
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to iewhf02i

‎05-21-2023 01:30 PM

But this device you have is also a base router as if permit intervlan routing and layer 3 interface. It can be considered a layer3 switch

0 Helpful

Go to solution
KJK99
Level 3
Level 3

‎05-21-2023 01:39 PM

@iewhf02i 

If you have a CBS350 switch, you do not need a router-on-a-stick since any CBS350 switch is a routing switch. However, you still need an Internet router that allows you to set up static routes if you have VLANs.

Kris K
0 Helpful

Go to solution
iewhf02i
Level 1
Level 1
In response to KJK99

‎05-21-2023 01:55 PM

I do need my vlans to have access to the internet. I just got a c921-4p
router anyway and I’m still trying to figure out how to get it to work.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to iewhf02i

‎05-22-2023 12:40 AM

If I am understanding the discussion correctly vlan 1 and vlan 2 were able to communicate but the issue was that vlan 2 did not have Internet access. This would be because the ISP is doing Network Address Translation for vlan 1 but not for vlan 2. I am guessing that you are not able to get the ISP to do NAT for vlan 2. For you to be able to do your own NAT you need a router and I believe that your c921 should be able to do the NAT.

HTH

Rick
0 Helpful

Go to solution
KJK99
Level 3
Level 3

‎05-21-2023 01:44 PM

@iewhf02i 

Re. DHCP

You should use the DHCP sever provided by your CBS350 switch. That's for your client devices, but you should assign a static IP address to the switch.  

Kris K
0 Helpful

Go to solution
iewhf02i
Level 1
Level 1

‎05-22-2023 04:47 AM

I have posted another question https://community.cisco.com/t5/switching/configure-this-structure-behind-isp-onr-vlan-port-forward-dhcp/m-p/4840195#M544644 which is an extension of this one. Thanks for all the feedback.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to iewhf02i

‎05-22-2023 11:46 AM

You are welcome. I am glad that we have identified the initial part of the issue. Now let us see what we can do to help with your new post.

HTH

Rick
0 Helpful

Go to solution
iewhf02i
Level 1
Level 1
In response to Richard Burts

‎05-23-2023 11:49 PM

@Richard Burtswere you able to see the post?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card