cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1245
Views
2
Helpful
12
Replies

CBS350, vlan2 cannot access internet but can access other vlan

iewhf02i
Level 1
Level 1

I am totally new to cisco and networking in general. I am using a CBS350-16T-2G. I got it because my ISP's ONR HG8240T5 is horrible, it only lets me assign 16 ip addresses using mac addresses and does not let me create subnets/vlans. It also does not allow me to go into bridge mode so I can't use a router. I figure the CBS350 as a dhcp server and creating vlans would be perfect.

My network is designed like this.

  • ISP Router is plugged into port 16, vlan1.
  • I created vlan2, and assigned it to port 2. The rest of the ports are vlan1 for now.
  • I created an address pool 192.168.2.1-192.168.2.253 and an ipv4 interface at 192.168.2.254.
  • I added a static route destination 0.0.0.0 -> next hop at 192.168.1.254 where my ONR router is.
  • I created a static host which assigns the ip address 192.168.2.108 to my device based on its mac address.

PROBLEM

When the devices are on vlan1, I can do everything fine, I can connect to the internet and communicate with other devices on the vlan1 using ssh.

When I put my laptop on vlan2 and assigned it 192.168.2.108, my device from vlan1 with the address 192.168.1.99 can access it and vice versa. However, my device on vlan2 is not able to access the internet. How can I make sure that all my devices on all the vlans are able to access the internet?

1 Accepted Solution

Accepted Solutions

If I am understanding the discussion correctly vlan 1 and vlan 2 were able to communicate but the issue was that vlan 2 did not have Internet access. This would be because the ISP is doing Network Address Translation for vlan 1 but not for vlan 2. I am guessing that you are not able to get the ISP to do NAT for vlan 2. For you to be able to do your own NAT you need a router and I believe that your c921 should be able to do the NAT.

HTH

Rick

View solution in original post

12 Replies 12

Hello,

 In order to communicate between vlan you need to enable IP routing on the CBS350.

If you are using web interface for config, you need to come here

FlavioMiranda_0-1684277527216.png

 To allow all vlans to go to the internet, change the way you are communicating with the ISP. Setup one interface as Layer3 on your switch on the same network as the ISP device.

 Example.

FlavioMiranda_2-1684278314921.png

Plug the interface you just configured to the ISP device. Keep you default route to ISP device.

 

 

Hi @Flavio Miranda if I do this, can I still assign a static IP to the switch from the interface table so that I can activate the DHCP server to assign my own IP addresses?

Yes you can. The IP I was mentioning is to communicate with ISP. But you can/should create an interface vlan for Lan and use it as default gateway for your host.

 

Not sure why people keep telling me I need a router so that I can do router
on a stick, but I will try your method tonight. Hope it works. Thanks.

But this device you have is also a base router as if permit intervlan routing and layer 3 interface. It can be considered a layer3 switch

KJK99
Level 1
Level 1

@iewhf02i 

If you have a CBS350 switch, you do not need a router-on-a-stick since any CBS350 switch is a routing switch. However, you still need an Internet router that allows you to set up static routes if you have VLANs.

Kris K

I do need my vlans to have access to the internet. I just got a c921-4p
router anyway and I’m still trying to figure out how to get it to work.

If I am understanding the discussion correctly vlan 1 and vlan 2 were able to communicate but the issue was that vlan 2 did not have Internet access. This would be because the ISP is doing Network Address Translation for vlan 1 but not for vlan 2. I am guessing that you are not able to get the ISP to do NAT for vlan 2. For you to be able to do your own NAT you need a router and I believe that your c921 should be able to do the NAT.

HTH

Rick

KJK99
Level 1
Level 1

@iewhf02i 

Re. DHCP

You should use the DHCP sever provided by your CBS350 switch. That's for your client devices, but you should assign a static IP address to the switch.  

Kris K

iewhf02i
Level 1
Level 1

I have posted another question https://community.cisco.com/t5/switching/configure-this-structure-behind-isp-onr-vlan-port-forward-dhcp/m-p/4840195#M544644 which is an extension of this one. Thanks for all the feedback.

You are welcome. I am glad that we have identified the initial part of the issue. Now let us see what we can do to help with your new post.

HTH

Rick

@Richard Burtswere you able to see the post?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: