i've removed the 'ip default-gateway 172.16.10.1 and given vlan 1 static ip

still can't ping 8.8.8.8 from laptop pluged into port 1.

I wonder if this is a routing problem?

switch can ping 8.8.8.8

Default VLAN 1 can ping 8.8.8.8 - gets IP address from dray router 172.16.10.X

VLAN 10 can not ping 8.8.8.8

latest cisco running-config attached

whilst on vlan 10 and giving myself an ip from VLAN1 i can't ping 8.8.8.8

When on VLAN 10 with 192.168.10.X address i can't ping draytek router 172.16.10.1, i'm guessing i need to get to 172.16.10.1 before i can get to do any NAT ? Also this doesn't explain why ip helper isn't working ? does the config on switch look right?

Switch#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.10.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan10
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.10.0 is directly connected, Vlan1
C    192.168.20.0/24 is directly connected, Vlan20
S*   0.0.0.0/0 [1/0] via 172.16.10.1

Hello,

I labbed this, and I think you have to configure the GigabitEthernet0/1 uplink port as a layer 3 port:

interface GigabitEthernet0/1
no switchport
ip address 172.16.10.2 255.255.255.0

thanks for your tips, I am new to the world of cisco and networking i think i'm missing a trick here, i was working through a CBT training video etc and can setup vlans on swithces and have them trunked so they all talk to each other but i'm guessing something had to be done on the router before it will speak to the outside world, just a gateway isn't sufficient.

lets say if my router was a cisco what extra config would be needed on router for each vlan to talk to the outside world?

Hello,

in a purely Cisco world, your Cisco switch would not need any Vlan interfaces, you would just create the Vlans and then trunk them to a Cisco router. The router would do the rest (inter-Vlan routing, NAT, and routing to the Internet).

The setup is called 'router on a stick', you can google it and it will give you plenty of configuration examples.

In your case, you have effectively configured your Cisco switch as a router (by enabling 'ip routing'). 

Can you try the following:

interface GigabitEthernet0/1
no switchport
ip address dhcp

As stated, I am not sure how the Draytek assigns IP addresses, but with that configuration, the router would just be a host connected to the Draytek, and the Draytek should give out an IP address and make the Cisco router reachable...

Let's work on to ping the 172.16.10.1 

i believe 10.1 is router / firewall -  From that firewall can you verify the route to 192.168.10.X

192.168.20.X 

Route should point to 172.16.10.1 please verify and confirm 

Hello,

I read the manual for your Draytek, and there are quite a few configuration options with regards to port based and tag based Vlans.

If configuring the uplink port as a layer 3 port doesn't work, try and add the following to the configuration:

interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk

switchport trunk allowed vlan 1,10,20

its working ! :-)

you was right the issue was at draytek, just didn't know what i was doing and being new to vlans etc all a big learning curve for me, i found a useful guilde online to help

https://www.draytek.co.uk/archive/kb/kb_vigor_8021qvlan.html

I have my computers on VLAN 10 and Telephones on VLAN 20

I had to enable LLDP on the switch for phones to automatically go into VLAN 20

DHCP is working from the draytek router, now its time to work on the helper-address :-)

Hello

Is the router or the switch performing the routing? If the switch then the port connecting to the router should be an access port in vlan 1 and not a trunk and then any port in this vlan should be able to ping google and the internel dhcp server

remove the additional static route as the defaultroute would be applicable for both.

if the router is doing the routing then ip routing should be disabled on the switch and default gateway applied  and also the data and voice L3 interfaces removed and the switch interface connecting to the router should be a trunk

lastly regards NAT it seems it is enabled for vlan 1 to work so it should be a matter of amending a listing to incorporate the data vlan on the router

res

paul