01-26-2021 06:12 AM - edited 01-28-2021 07:32 PM
I have a router (with dd-wrt) that is connected to WAN, and I have an SG350 switch which I want to connect to that router to share its internet connection. How do I actually implement the IP configuration between the router and the switch so that the router handles PAT for all VLANs?
WAN
|
Router
|
Switch
|
multiple clients (in multiple VLANS)
01-26-2021 01:12 PM
As a high level overview, lets look at the roles and responsibilites of each device
===Router===
1. Will perform NAT for the networks inside the network to addresses assigned by the ISP
2. Will route between the WAN (Internet) and the Switch
===Switch===
1. Will perform inter-VLAN routing with restrictions enforced by access control lists
2. Will route all Internet-bound traffic to the Router
In order to accomplish this, we first need to verify that the Router is able to be configured with a static route. According to https://dd-wrt.com/nxt/wiki/doku.php?id=howto:general:routing:static_routing, it can. You will want to configure the following routes in the Router (only giving instructions and not actual syntax):
1. default route to the Internet (if you are using DHCP then this will already be provided for you by the ISP).
2. route traffic destined for internal network to the IP address of the switch
The second step on the Router will be to ensure that you have a rule to NAT all of the subnets in your network.
Do you have a list of what networks & subnet masks you want to use?
01-27-2021 03:41 PM - edited 01-27-2021 03:42 PM
The WAN side I should already have configured. By networks and subnet masks do you mean the IP ranges or something else?
Right now I have configured a routed port connection between the switch and the router, and I can successfully ping between the port and the router, and also between the port and a VLAN, but I can't ping from the VLAN to the router for some reason. What might be the problem?
01-27-2021 04:06 PM - edited 01-27-2021 04:09 PM
Kind of funny that W10 is even able to fetch the name of the network that the router is connected to, but I can't load the router webUI (with or without FW) nor connect to the internet or even ping from the VLAN interface to the router like I said before. I tried creating an ACE, but that didn't help.
I guess I'm going to have a look at the DD-WRT firewall next
01-28-2021 05:09 PM - edited 01-28-2021 07:28 PM
So adding
1. a static route to the internet in to the switch
and
2. a DNS server address to the PC NIC,
allowed me to connect to the internet.
From my PC
>>through the switch ethernet port
>>through the VLAN (interface)
>>through the routed port(layer 3)
>>through the router
>>through ISP
and back
Might come back later to write an in-depth guide to my problem as a solution to this thread.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide