01-25-2017 02:53 AM - edited 03-08-2019 09:03 AM
Hello Community,
We have this network diagram below.
We have existing VLAN 1 - 192.168.1.X /24 and works fine. All workstation can connect to internet. I have added new VLAN 40 on SG500 switch but not getting internet connection.
Here is my config on the SG500 switch:
For VLAN:
switchd3d0b3#sh vlan
Vlan Name Ports Type Authorization
---- ----------------- --------------------------- ------------ -------------
1 1 gi1/1/1-48,te1/1/1-4, Default Required
gi2/1/1-48,te2/1/1-4,
gi3/1/1-48,te3/1/1-4,
gi4/1/1-48,te4/1/1-4,
gi5/1/1-48,te5/1/1-4,
gi6/1/1-48,te6/1/1-4,
gi7/1/1-48,te7/1/1-4,
gi8/1/1-48,te8/1/1-4,Po1-32
40 40 gi2/1/24,gi3/1/48 static Required
switchd3d0b3#sh ip int vlan 1
IP Address Type Directed Precedence Status
Broadcast
------------------- ----------- ---------- ---------- -----------
192.168.1.250/24 Static disable No Valid
switchd3d0b3#sh ip int vlan 40
IP Address Type Directed Precedence Status
Broadcast
------------------- ----------- ---------- ---------- -----------
10.2.11.1/24 Static disable No Valid
From the SG500 switch i can ping the interface VLAN 1 and 40:
switchd3d0b3#ping 10.2.11.1
Pinging 10.2.11.1 with 18 bytes of data:
18 bytes from 10.2.11.1: icmp_seq=1. time=0 ms
18 bytes from 10.2.11.1: icmp_seq=2. time=0 ms
18 bytes from 10.2.11.1: icmp_seq=3. time=0 ms
18 bytes from 10.2.11.1: icmp_seq=4. time=0 ms
switchd3d0b3#ping 192.168.1.1
Pinging 192.168.1.1 with 18 bytes of data:
18 bytes from 192.168.1.1: icmp_seq=1. time=0 ms
18 bytes from 192.168.1.1: icmp_seq=2. time=0 ms
18 bytes from 192.168.1.1: icmp_seq=3. time=0 ms
18 bytes from 192.168.1.1: icmp_seq=4. time=0 ms
From SG500 switch can ping the IP address of the PC on VLAN 1 - 192.168.1.165
switchd3d0b3#ping 192.168.1.165
Pinging 192.168.1.165 with 18 bytes of data:
18 bytes from 192.168.1.165: icmp_seq=1. time=0 ms
18 bytes from 192.168.1.165: icmp_seq=2. time=0 ms
18 bytes from 192.168.1.165: icmp_seq=3. time=0 ms
18 bytes from 192.168.1.165: icmp_seq=4. time=0 ms
But cannot ping the IP address of the PC on VLAN 40 - 10.2.11.20
switchd3d0b3#ping 10.2.11.20
Pinging 10.2.11.20 with 18 bytes of data:
PING: no reply from 10.2.11.20
PING: timeout
PING: no reply from 10.2.11.20
PING: timeout
PING: no reply from 10.2.11.20
PING: timeout
PING: no reply from 10.2.11.20
PING: timeout
No internet access on PC on VLAN 40.
I assigned IP static address on the PC:
IP- 10.2.11.20
Subnet - 255.255.255.0
GW - 10.2.11.1
DNS IP address is same as on VLAN 1 workstations that have internet.
IP routing is enabled on the SG500 switch. What need to be checked?
Thank you.
Solved! Go to Solution.
01-26-2017 06:39 AM
The router is correct I don't see any issue with that config and we were able to rule it out by connecting direct to it and setting an access port to the vlan and then breaking out to the internet as it has its own switch module in built , the problem is on the actual switch side , your trunk is correct on the router side to
maybe try set the port as general like this doc see if it works
http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=07e54124d9be46b48d6f008a306da82d_Creating_Access_Ports_on_Cisco_Managed_Switches.xml&pid=2&converted=0
01-26-2017 07:26 AM
Hi Mark,
I configured the port as what on the document you provided but same issue i cannot obtain IP address (169.X.X.X).
But if the port was set to trunk and I have internet but my IP is on VLAN1.
01-27-2017 12:34 AM
is the dhcp auto configuration enabled under the administration- file management tab
01-30-2017 10:18 AM
Hi Mark,
My issue have been resolved.
Solution:
1. Configure port gi2/1/24 on SG500 switch as access port and not trunk
2. Set gi2/1/24 as untagged member on VLAN 40
3. On the uplink port of the SG500 switch facing SG200 switch, configure as trunk and tagged VLAN40 and untagged VLAN1.
Thank you for your help.
01-25-2017 03:04 AM
where is the gateway configured?
01-25-2017 04:00 AM
Hello
Looking at your topology - Now you have extended to multiple subnets, The rtrs lan interface will need to have addressing for vlan1 and vlan 40, As mark suggest via sub-interfaces wtih nat enabled on both of them.
Also the SG200 switch would required a trunked interfaces into the rtr and between the other switch to carry both vlans.
Lastly you need to propagate the L2 vlans to both switches for the access ports to be assigned
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide