cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1132
Views
2
Helpful
17
Replies

Configure internet access on VLAN

GoldHead
Level 1
Level 1

Hello, 

I'm new Cisco user. I have on Cisco 350 Switch. 

I created three VLAN (10, 20, 30). On VLAN 10 I entered IP from subnet of my Internet Router (non CISCO device). If I connect client to this VLAN via CISCO Router, it connects to the Internet (DHCP is running on my Internet router) 

And now, I want also configure the VLAN 20 and VLAN 30 to access internet via same Internet router. On those VLANs DHCP is active. 

How can I do this? How can I "pass the traffic" from VLAN 20 -> 10?? 

Additionally, VLAN 20 should not communicate with VLAN 30

I'm using WEB interface and not "CLI". 

Thank you!

17 Replies 17

GoldHead
Level 1
Level 1

I looked the Video, but still I'm missing Info how VLAN 20 sees VLAN 10.

Maybe I'll explain the whole story.

I have one nonCISCO Modem/Router (ISP Device), with the internal IP 192.168.10.1 --> this is my WAN / should be used as "Gateway" to the Internet

So, I created VLAN 10, with the IP interface 192.168.10.254 / 24
- each Client, connected to the port with VLAN 10 is receiving IP from DCHP on my IPS device, with the Gateway 192.168.10.1

I created also
- VLAN 20 (192.168.20.254 / 24)
- VLAN 30 (192.168.30.254 / 24)

Now, I want to use same "Gateway" 192.168.10.1 as on VLAN 10 OR pass the traffic to VLAN 10 to access the Internet via my ISP Device.

on Switch DHCP service is to be used to provide IP addresses for VLAN 20 and VLAN 30 - and normally, I cannot add "192.168.10.1" as "Default Router IP Address", because it is not in the same Subnet.

Switch is rebooted to factors settings - so, where should I start?
- Adding default Gateway for the switch? --> 192.168.10.1
- Should the port mode for the Cable to the ISP Device be marked as "Trunk"??
- Can I use for the uplink to the IPS Device Combo ports (9/10)

I need https://www.comparitech.com/net-admin/inter-vlan-routing-configuration/, Multilayer Switch Inter-VLAN Routing, 

GoldHead_0-1724318235404.png

but where is Interface Fa0/0 on the switch? Maybe this? 

GoldHead_1-1724318580043.png

how can I do this without wizard? 

Sorry for so many questions @Flavio Miranda 

 

Dont sorry, that´s fine.

Let me recap what you did.

"I have one nonCISCO Modem/Router (ISP Device), with the internal IP 192.168.10.1 --> this is my WAN / should be used as "Gateway" to the Internet"

 

"So, I created VLAN 10, with the IP interface 192.168.10.254 / 24
- each Client, connected to the port with VLAN 10 is receiving IP from DCHP on my IPS device, with the Gateway 192.168.10.1"

I created also
- VLAN 20 (192.168.20.254 / 24)
- VLAN 30 (192.168.30.254 / 24)"

Where did you create those vlan? On the nonCisco router or on the CBS350?

Let me draw the topology

If your nonCisco device have one interface with IP address pointing to your CBS350, and it must be used as your gateway, the CBS350 also need to have one interface with IP address on the same network. You need to create one point-to-point layer3 connection between them and not a trunk.

After doing that, you can create as many vlans as you need on the CBS350  with different IP address from the 192.168.10.x.

After you create all the vlans,  assign to the interfaces and enable intervaln communication, you need to add one default route as follow

0.0.0.0.0  0.0.0.0.0 192.168.10.1

This way all the traffic for all vlans will be send to the nonCisco router.

FlavioMiranda_0-1724323441590.png

 

GoldHead
Level 1
Level 1

Thank you!

Your topology is correct (y)

"Where did you create those vlan? On the nonCisco router or on the CBS350?" --> Yes, the VLANs are created on the CBS350
"default route as follow 0.0.0.0.0  0.0.0.0.0 192.168.10.1" --> this is then the equivalent for 

GoldHead_0-1724331028799.png?

"You need to create one point-to-point layer3 connection between them and not a trunk" --> this means, port G9 as example on CBS350, configured in VLAN with 192.168.10.X and one LAN port in nonCISCO Device. 

I will try the config tomorrow and then post my results.

On the CBS350, you need to create this, change accordingly, this is an example.

 

FlavioMiranda_0-1724337711206.png

and here is where you can add a default (static) route pointing to your nonCisco router.

FlavioMiranda_1-1724337831046.png

 

GoldHead
Level 1
Level 1

Here are the results - and running-config is attached. (i changed 192.168 --> 10.10)

  • VLAN 10 Clients can access Internet (and they can also ping 10.10.10.1 -> nonCISCO Router - Internet)
  • VLAN 20 Clients cannot access Internet and they cannot ping 10.10.10.1, but they can ping VLAN 10 also. And, of course - VLAN 20.

 

in ARP Table we can see the Clients (IPs are manually added on the clients)

GoldHead_0-1724413240349.png

ip default-gateway 10.10.10.1 --> works only for VLAN 10

 

GoldHead_1-1724413420746.png

GoldHead_2-1724413455881.png

 

regardless - if the checkbox is set or not. Client from VLAN 10 can ping also VLAN 20 IP, no behavior change noticed, if this checkbox is on or off. 

Switch was set into factory defaults, then the changes were made. 

 

Can be some setting in port assignment? 

Thank you!

 

GoldHead
Level 1
Level 1

+ my Firmware is 3.2.1.1 - could this be a problem?? 


GoldHead
Level 1
Level 1

my ISP Router ARP

GoldHead_0-1724414967868.png

 

The key thing about accessing the Internet from private IP addresses (192.168.n.n) is Network Address Translation. Clearly your ISP is translating addresses in network 192.168.10.n. And pretty clearly your ISP is not translating addresses in other 192.168 networks. Your CBS350 does not support NAT. So you need to ask your ISP if they would be willing to do translation for other networks.

HTH

Rick

In another words - I need additional Router/Device, which can handle VLAN IP ranges, other as 192.168.10.X.

As following: ISP Router <-> VLAN NAT Router <-> CBS350 @Richard Burts ??

Yes you need a device that can handle the vlan subnets and that can do address translation. A layer 3 switch could handle the vlan subnets, but very few Cisco switches support NAT. So you should be looking into some router as your solution.

HTH

Rick

KJK99
Level 3
Level 3

@GoldHead 

You have an Internet router so I don't think NAT is an issue here. It wouldn't be an Internet router if it did not support NAT. However that router must make it possible to create static routes. If it does, I do not see anything that would prevent you from achieving your goal. However you need to realize a couple of important aspects here.

1. Your Internet router will be no longer suitable for handling DHCP addresses to your client devices. You need to use the switch's DHCP server instead or some over DHCP server that can serve IP addresses for multiple subnets.

2. Your Internet router will be no longer the default gateway for your client devices. Instead, the switch's SVIs will play that role in each subnet.

3. All switch's SVI need to be static. 

4. You must enable IPv4 routing on the switch.

5. You should not use the VLAN used for the connection to the router for anything else but this single purpose. Also, it is a good idea to use in it some other IP address range than the range you use for your client devices. This will simplify the static route setup on the router and future maintenance.

6. The Wi-Fi in your Internet router will become more or less useless. You will need to invest in an AP that supports VLANs.

Get the inter-VLAN routing working first. Then address the Internet access. Again, your Internet router must make it possible to create static routes. Only if it doesn't, you will need another Internet router.

Kris K

Hello 
based on your OP and the topology you have shared @Richard Burts is correct you’ll require a L3 device that supports NAT as  most cisco switchs do not - or ask the ISP if they can tweak their NAT to accommodate your newly created vlans


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

GoldHead
Level 1
Level 1

I found one of those at home WRT3200ACM  --> could this be the HW solution for the "in the middle" Router? 

@paul driver @Richard Burts ??

Review Cisco Networking for a $25 gift card