I am not able ping internet 188.8.131.52 through internet modem huawei hg8245w5 from different vlans on 350 as core switch of small network
I can ping from wan vlanW on 350 to 184.108.40.206
I have connected modem as access port under vlanw for wan with default gateway as modem's ip
I created a static route to internet as 0.0.0.0 /24 (ip address of wan modem)
I am not able to get internet on other vlans of switch as ping failing.
What is the mistake i am doing
Shall i make the 350 port connected to modem as trunk? Will it understand then?
We do not have much detail to work with and that makes it difficult to identify the issue. Based on what we know so far my first guess is that the issue is that you are not doing address translation for the addresses in the other vlans.
The modem has only one subnet that can modified , for example 192.168.100.0/24 with its ip as 192.168.100.1.
So I created on 350 core switch , vlan100 for wan with interface vlan100 as 192.168.100.2 /24 alongwith putting the port from 350 to modem as access and I have made default gateway on core as 192.168.100.1 and static route on internet as 0.0.0.0 /24 192/168.100.1
now 350 is able to ping 192.168.100.1 and the internet 220.127.116.11 but when I ping 18.104.22.168 with source as any of the other local vlans on 350 like wlan 6, the ping is failing.
Is this because of access port from core to lan port of modem? Or is it because of modem having only one subnet and not knowing how to reply back to ping from internal vlans of 350? NAT must be inbuilt in internet modems but it would be only translating the allowed subnet of modem 192.168.100.0/24
What should I do and how to resolve this?
I am assuming the hosts in the other vlans are on a different subnet than the rtr vlan?
if so and you don't have admin access to that rtr then you will need another rtr so to enable the hosts in those other vlans to be able to reach the internet as i don't think your switch would support NAT
if that rtr only allows you to have one local subnet then you won't be able to get those other vlans to work for internet access unless that is you add an additional soho rtr that supports nat then you would be able to accomplish internet access as you can double nat those other vlans
The original poster refers to home router/modem provided by service provider. I am not clear whether the 350 is the home router or whether the service provider did provide some router and the customer chose the 350 as the switch to connect to the router. But if only a single vlan is supported and if there is no option to enable nat then this is the real problem. Services that are needed to support a network with several vlans are not available here.
The original poster has asked several questions that I would address:
- "Shall i make the 350 port connected to modem as trunk?" I do not know the details of the internet modem but it very unlikely that the internet modem would support trunking. So making the connection into a trunk is not likely to help.
- "Is customer's decision to go with home router a mistake?" Assuming that the 350 is what is referred to as home router then yes choosing this was a mistake. From Cisco's perspective this is a switch and not a router. To the customer this is not obvious but there are significant differences in services performed by switches or by routers. And address translation is one of those services that is supported on routers but not on most switches.
350x is the layer3 switch deployed as core for a small network of 8 220 series layer2 access switches.
These switches were deployed by us and all internet network is configured and wirking fine with multiple vlans for admin,voice,wifi,guest,tv etc
But, now the customer has purchased a 200mb monthly internet subscription alongwith inter router/modem of Huawei- hg8245w5 which he wants us to use as a internet router to provide internet access to internal network
This router is connected to 350core switch using access port under vlan x for wan and 350 default gateway and route set to router ip of 1192.168.x.1
I am able to ping amd trace 22.214.171.124 from 350 through router but when i ping using source as any other vlan on 350 - the ping fails.
So i am confused about what to do as there is configurable feature available on router to create static route to teach router the route to local vlans through 350 nor is there nat.
So now i am left with only option of telling customer to provide router with staic route and nat feature.
Pls advise Is there any thing i can check before changing router
Thanks for the additional information. I am interested in your explanation that you had the 350 working as core switch with a group of 220 access switches and it was working fine. Did that implementation has Internet access? Or was it working only as a private internal network without Internet access?
If it was working and did have Internet access then what was providing address translation?
Presently only internal network with all layer3 switching at 350 core is working.
But still no internet access as the internet modem router-huawei hg8245w5 which is connected from 350 through access port under vlan 80.
350 switch can ping and trace to 126.96.36.199 through modem but when i I ping using source as other vlan ip on core then ping fails.
That means only from vlan 80 on 350 the ping and trace to 188.8.131.52 is working.
I have concluded that below must be the reasons for no internet access on other vlans on 350.
1. No feature on internet router to create static route fo creating a route to core 350 for return traffic from internet
2. No nat configurable available on router so as i can nat all internal traffic
3.Access port to modem to be changed to trunk port allowing all vlans as advised by tac
Thanks for confirming that what was working was internal networking and not access to Internet. Here is my response to the 3 points that you make:
1) If there is no feature on the Internet router to create static routes for the networks created in the internal network then this is a serious problem. The way to solve the problem would be to obtain and install another router that would connect between the Internet router and the 350 and would provide address translation for the addresses used in the internal network. This would mean that the Internet router would see all traffic as coming from its connected network.
2) If there is no way to configure address translation on the Internet router then that also is a serious problem. The solution to this is the same as in 1) - to obtain and install another router that would connect between the Internet router and the 350 and would provide address translation.
3) If tac advised changing the 350 interface into a trunk then it seems to me that tac did not have a good understanding of your environment. If the Internet router is so limited that it does not provide a way to create static routes or to configure address translation for extra networks, then I would be very surprised if the Internet router supported trunking on its interface. (And even if it did support trunking then the traffic coming to the Internet router would be from multiple networks and if you can not configure address translation then how would this work?)
Even though I do not think it will work, it might be worth while to configure the 350 interface as a trunk. This would allow you to test it and to inform tac that you did try their solution and that it did not work.