cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2289
Views
35
Helpful
15
Replies

How to route traffic from cisco 350 to internet through internet modem

adeebtaqui
Level 4
Level 4

Hi,  

 

 

I am not able ping internet 8.8.8.8 through internet modem huawei hg8245w5 from different vlans on 350 as core switch of small network

 

I can ping from wan vlanW on 350 to 8.8.8.8

 

I have connected modem as access port under vlanw for wan with default gateway as modem's ip

 

I created a static route to internet as 0.0.0.0 /24 (ip address of wan modem)

 

I am not able to get internet on other vlans of switch as ping failing.

 

What is the mistake i am doing

 

 

Shall i make the 350 port connected to modem as trunk? Will it understand then?

 

Pls advise.

1 Accepted Solution

Accepted Solutions

Resolved.

 

The service providers's huawei modems had the feature for full access users to configure static route.

 

So I configured static route on modrms forwarding all traffic destined to internal subnets to nexthop as cisco 350 and now all internet is accessible from all internal mulitiple vlans through 350 switch.

 

Thanks everyone for your kind and expert advises and suggestions.

 

View solution in original post

15 Replies 15

Richard Burts
Hall of Fame
Hall of Fame

We do not have much detail to work with and that makes it difficult to identify the issue. Based on what we know so far my first guess is that the issue is that you are not doing address translation for the addresses in the other vlans.

HTH

Rick

The modem has only one subnet that can modified , for example 192.168.100.0/24 with its ip as 192.168.100.1.

 

 

So I created on 350 core switch ,  vlan100 for wan with interface vlan100 as 192.168.100.2 /24 alongwith putting the port from 350 to modem as access and I have made default gateway on core as 192.168.100.1 and static route on internet as 0.0.0.0 /24 192/168.100.1 

 

now 350 is able to ping 192.168.100.1 and the internet 8.8.8.8 but when I ping 8.8.8.8 with source as any of the other local vlans on 350 like wlan 6, the ping is failing.

 

Is this because of access port from core to lan port of modem? Or is it because of modem having only one subnet and not knowing how to reply back to ping from internal vlans of 350? NAT must be inbuilt in internet modems but it would be only translating the allowed subnet of modem 192.168.100.0/24

 

What should I do and how to resolve this? 

 

 

Hello

I am assuming the hosts in the other vlans are on a different subnet than the rtr vlan?

if so and you don't have admin access to that rtr then you will need another rtr so to enable the hosts in those other vlans to be able to reach the internet as i don't think your switch would support NAT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul ,

I have access to internet home router/modem provided by service provider for access to internet.

But there is nat option available and only one subnet is allowed.

So are my local vlan not accessing internet because there is no nat to translate local vlans to public ip of modem?

How to resolve this?

Is customer's decision to go with home router a mistake? Should he have purchased a business router like cisco 4000 series?

Hello

if that rtr only allows you to have one local subnet then you won't be able to get those other vlans to work for internet access  unless that is you add an additional soho rtr that supports nat then you would be able to accomplish internet access as you can double nat those other vlans 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The original poster refers to home router/modem provided by service provider. I am not clear whether the 350 is the home router or whether the service provider did provide some router and the customer chose the 350 as the switch to connect to the router. But if only a single vlan is supported and if there is no option to enable nat then this is the real problem. Services that are needed to support a network with several vlans are not available here.

 

 

The original poster has asked several questions that I would address:

- "Shall i make the 350 port connected to modem as trunk?" I do not know the details of the internet modem but it very unlikely that the internet modem would support trunking. So making the connection into a trunk is not likely to help.

- "Is customer's decision to go with home router a mistake?" Assuming that the 350 is what is referred to as home router then yes choosing this was a mistake. From Cisco's perspective this is a switch and not a router. To the customer this is not obvious but there are significant differences in services performed by switches or by routers. And address translation is one of those services that is supported on routers but not on most switches.

HTH

Rick

Hi Richard,

 

350x  is the layer3 switch deployed as core for a small network of 8 220 series layer2 access switches.

These switches were deployed by us and all internet network is configured and wirking fine with multiple vlans for admin,voice,wifi,guest,tv etc

 

But, now the customer has purchased a 200mb monthly internet subscription alongwith inter router/modem of Huawei- hg8245w5 which he wants us to use as a internet router to provide internet access to internal network 

 

This router is connected to 350core switch using access port under vlan x for wan and 350 default gateway and route set to router ip of 1192.168.x.1

 

 

I am able to ping amd trace 8.8.8.8 from 350 through router but when i ping using source as any other vlan on 350 - the ping fails.

 

So i am confused about what to do as there is configurable feature available on router to create static route to teach router the route to local vlans through 350 nor is there nat.

 

So now i am left with only option of telling customer to provide router with staic route and nat feature.

 

Pls advise Is there any  thing i can check before changing router

 

 

Thanks for the additional information. I am interested in your explanation that you had the 350 working as core switch with a group of 220 access switches and it was working fine. Did that implementation has Internet access? Or was it working only as a private internal network without Internet access?

 

If it was working and did have Internet access then what was providing address translation?

HTH

Rick

Presently  only internal network with all layer3 switching at 350 core is working.

But still no internet access as the internet modem router-huawei hg8245w5 which is connected from 350 through access port under vlan 80.

 

350 switch can ping and trace to 8.8.8.8 through modem but when i I ping using source as other vlan ip on core then ping fails.

That means only from vlan 80 on 350 the ping and trace to 8.8.8.8 is working.

I have concluded that below must be the reasons for no internet access on other vlans on 350.

1. No feature on internet router to create static route fo creating a route to core 350 for return traffic from internet

2. No nat configurable available on router so as i can nat all internal traffic

3.Access port to modem to be changed to trunk port allowing all vlans as advised by tac

Thanks for confirming that what was working was internal networking and not access to Internet. Here is my response to the 3 points that you make:

1) If there is no feature on the Internet router to create static routes for the networks created in the internal network then this is a serious problem. The way to solve the problem would be to obtain and install another router that would connect between the Internet router and the 350 and would provide address translation for the addresses used in the internal network. This would mean that the Internet router would see all traffic as coming from its connected network.

2) If there is no way to configure address translation on the Internet router then that also is a serious problem. The solution to this is the same as in 1) - to obtain and install another router that would connect between the Internet router and the 350 and would provide address translation.

3) If tac advised changing the 350 interface into a trunk then it seems to me that tac did not have a good understanding of your environment. If the Internet router is so limited that it does not provide a way to create static routes or to configure address translation for extra networks, then I would be very surprised if the Internet router supported trunking on its interface. (And even if it did support trunking then the traffic coming to the Internet router would be from multiple networks and if you can not configure address translation then how would this work?) 

 

Even though I do not think it will work, it might be worth while to configure the 350 interface as a trunk. This would allow you to test it and to inform tac that you did try their solution and that it did not work.

HTH

Rick

TAC suggestion of making the 350 port connecting to home router as trunk alongwith allowing all related vlans did not work.

 

One of my senior colleague has suggested to just make the 350 port connecting to the home router/modem as layer three interface and that modem does not need to know the internal vlans for getting internet access.  I am going to try this today

Thanks for the update confirming that the tac suggestion to make the 350 port into a trunk (allowing vlans) did not work. That confirms one of my points.

 

Perhaps your senior colleague knows something about your environment that I do not. And if that suggestion does work I will be pleasantly surprised. But based on what you have told us so far I do not see any way that it can work if the router/modem does not know about the internal vlans (unless you find a way to do address translation on the traffic from the internal vlans before it gets to the router/modem)

HTH

Rick

Yes Richard, you are right. Even my colleague's suggestion didnot work.

 

So we are left with only the option of having nat configuration or a static route on router modem. I have asked customer to raise case with service provider to enable/configure this on router modem

Thanks for the update. I hope that the provider will agree to provide those services for the customer. This is something that provider frequently does for the customer. But there may be complications in getting the provider to do this based on what is in the service plan that the customer purchased. (perhaps the customer purchased a very basic service plan which did not include nat or static routes and the provider does include those services in a more expensive service plan).

 

I do not want to be overly picky about terminology. But I wold point out that you describe nat or static routes and what your customer needs is nat and static routes.

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco