Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
4
Replies

How to give internet access on member node of VLAN over SVI(L3)

Go to solution
robertshetty
Level 1
Level 1

‎09-24-2022 11:26 AM

I have set 3 VLAN on L3 switch (by following switch virtual interface method).

VLAN 10 IT, Contains storage, pfsense & AD(domain controller)

VLAN 20 ACC, contains desktops clients

VLAN 30 HR, contains desktops clients

Gateway for every nodes is set to relative IP of layer-3 interfaces (SVIs). Now tell me how can I give internet access to members of ACC & HR VLAN ? Also how to set AD(DC) as DNS ?

 

 

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎09-24-2022 11:39 AM

We do not know anything about your connection to the Internet or what services are provided for that connection. This complicates our effort to give good advice. There are two things that you certainly will need to do, but how to do them may depend on details of your Internet connection.

1) You need appropriate routing information. In particular you will need a default route which will allow forwarding of outbound traffic to the Internet. If you are learning the IP address on your outbound interface using DHCP it might be possible that you are also learning a default route. If not you might run a dynamic routing protocol with the Internet provider (that might be one of the services provided). If not you will configure a static default route.

2) You will need Address Translation to translate the Private addresses used inside your network to a Public address that can access the Internet. It might be possible that the Internet provider provides that service to you. If not you will need to configure your own NAT. The challenge in that is that it sounds like you are doing the routing on a Layer 3 switch, and very few L3 switches support doing NAT. So you may need to obtain a router.

HTH

Rick

View solution in original post

0 Helpful

Go to solution
KJK99
Level 1
Level 1

‎09-24-2022 02:40 PM - edited ‎09-24-2022 02:45 PM

@robertshetty 

As minimum,

  1. Make sure IPv4 Routing is enabled on the switch.
  2. Create a default route on the switch with the Pfsense LAN as the gateway.
  3. Create two static routes on the Pfsense LAN, one for the VLAN 20 subnet and the other for the VLAN 30 subnet. Use the VLAN 10 SVI as the gateway on them.
  4. Use AD for DNS as before.
Kris K

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎09-24-2022 11:39 AM

We do not know anything about your connection to the Internet or what services are provided for that connection. This complicates our effort to give good advice. There are two things that you certainly will need to do, but how to do them may depend on details of your Internet connection.

1) You need appropriate routing information. In particular you will need a default route which will allow forwarding of outbound traffic to the Internet. If you are learning the IP address on your outbound interface using DHCP it might be possible that you are also learning a default route. If not you might run a dynamic routing protocol with the Internet provider (that might be one of the services provided). If not you will configure a static default route.

2) You will need Address Translation to translate the Private addresses used inside your network to a Public address that can access the Internet. It might be possible that the Internet provider provides that service to you. If not you will need to configure your own NAT. The challenge in that is that it sounds like you are doing the routing on a Layer 3 switch, and very few L3 switches support doing NAT. So you may need to obtain a router.

HTH

Rick
0 Helpful

Go to solution
robertshetty
Level 1
Level 1
In response to Richard Burts

‎09-24-2022 12:13 PM

Both WAN & LAN port on pfsense is having static IP, DHCP is disabled. And before creating VLAN, every node is able to access internet (if i set LAN IP of pfsense as default gateway & DC as DNS to node). But as soon as I separate nodes by creating VLAN, then internet is not reachable.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to robertshetty

‎09-24-2022 12:29 PM

Thank you for the additional information. It is helpful to know that when there was a single vlan, and when all devices had their default gateway as the pfsense interface that Internet access worked. In that case the routing information part of what I suggested in my previous response would be to configure on the switch a static default route with the pfsense inside interface address as the next hop. I assume that pfsense is doing address translation for the devices in the original subnet. To provide Internet for ACC and HR you would configure pfsense to also do address translation for those subnets.

HTH

Rick
0 Helpful

Go to solution
KJK99
Level 1
Level 1

‎09-24-2022 02:40 PM - edited ‎09-24-2022 02:45 PM

@robertshetty 

As minimum,

  1. Make sure IPv4 Routing is enabled on the switch.
  2. Create a default route on the switch with the Pfsense LAN as the gateway.
  3. Create two static routes on the Pfsense LAN, one for the VLAN 20 subnet and the other for the VLAN 30 subnet. Use the VLAN 10 SVI as the gateway on them.
  4. Use AD for DNS as before.
Kris K
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card