Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1304
Views
0
Helpful
5
Replies

Help with SG300-20 routing to Internet

kelvin0727
Level 1
Level 1

‎03-21-2019 07:21 AM

Would appreciate if someone could help me get my home lab VM to connect to the internet. I've read many discussion from others and did the same but there's something missing I can't out. VLAN internal routing is working as expected and i"m able to ping between vlan. I attached all my settings in the attached. Thanks for helping!

 

1. Verizon Fios ISP connected to my Linksys AC1900 router (dd-wrt firmware). Router IP is 192.168.1.1 and providing DHCP to clients. 

2. Linksys router is connected to my SG300-20 on port 20. SG300-20 interface IP is 192.168.1.2

3. Created Vlan 2 - Vlan 10 on SG300-20. All VLAN are tagged on ports 2-19 on sg300.

4. Created Vlan IP for each Vlan and port Vlan.

5. All ports on SG300-20 configured as trunk

6. All VLAN are member of port 2 - 19 on sg300-20

7.Created a static route to 0.0.0.0 and next hop is 192.168.1.1 (my linksys)

8. Created static route from my Linksys router back to all VLAN on SG300-20 switch with gateway of 192.168.1.2

 

I had to laptops configured with static IP for different vlan and plug them to the my cisco sg300 switch. Both laptop can communicate just fine and was able to ping their subnet gateway as well as the gateway on Linksys (192.168.1.1). However I'm not able to get to the internet. If I change the laptop to VLAN1, Internet works fine.

 

laptop1

192.168.2.100

255.255.255.0

192.168.2.1

 

laptop2 

192.168.3.100

255.255.255.0

192.168.3.1

 

 

cisco-IntSetting.PNGCisco-ip4Interface.PNGCisco-IPv4Route.PNGcisco-PortVlan.PNGcisco-PortVlan2.PNGcisco-PortVlan10.PNGcisco-vlan.PNGcisco-vlanmembers.PNGddwrt_routingtable.PNG

 

 

Labels:
0 Helpful
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎03-21-2019 07:26 AM

Hi there,

If a device in any VLAN can reach the Linksys router inside address (192.168.1.1) then inter-VLAN routing is fine.

 

The next stone to turn would be the NAT setting on the Linksys. I'd wager that it is currently only NAT'ing/ permitting traffic from VLAN1 (192.168.1.0/24)

 

cheers,

Seb.

0 Helpful

kelvin0727
Level 1
Level 1
In response to Seb Rupik

‎03-21-2019 07:50 AM

Hi Seb, thanks for a quick response. That was the last thing I was going to try but when I go to my Linksys router under NAT/Qos I just don't see the NAT feature. It has port forwarding only. Are you familiar with dd-wrt and would kindly show me how to do the Natting?

dd-wrt NAT.PNG

 

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to kelvin0727

‎03-21-2019 08:35 AM

I had a look at the dd-wrt site, but it only talks about bridging the ports on the back of the router to the WAN port:

https://wiki.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet_Access%29

 

...but that doesn't fit your requirement. Since it uses iptables, it should be a case of setting up masquerading. It has been a long time since I looked at iptables but I have come up with (eth0 is the WAN, eth1 and eth2 are internal interfaces. I guess you could change these to VLAN inteface names?):

iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 

...no guarantees that will work. Infact I am not sure where you would enter it on dd-wrt. Does it have a CLI??

 

cheers,

Seb.

 

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-21-2019 07:38 AM

Hello,

 

All other vlan's are allowed on NAT configuration on your LINKSYS?

 

Setting up NAT on Linksys: https://forums.techguy.org/threads/setting-up-nat-on-a-linksys-router.473494/

 

 

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

kelvin0727
Level 1
Level 1
In response to Jaderson Pessoa

‎03-21-2019 07:53 AM

Thanks Jaderson. I don't think other vlans are NAT. The only thing I did was created static route back to my home lab vlan. I'm trying to figure out how to do the natting on linksys dd-wrt. I will look at the link you provide and try.

 

Thanks,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card