Solved: Re: No access to Internet from VLAN to router - Page 2

reynosoalmonte · ‎08-13-2018

Hello,

How are you?

I have some question because I don't know what to use and what is the best way.

I have a vlan 208, that is in mode access with the switch connect to the PC0. I need Internet in that PC0. I have a Cisco 800 that is the ISP. I have a layer 3 switch connect to the cisco 800 and other layer 3 where I have connect all my switch and doing inter vlan routing.

The question is, how can I connect PC0 to Internet.

I have to tell the Cisco 800 has the static IP in the vlan 1.

Check the following picture please.

Thanks,

Georg Pauwen · ‎08-14-2018

Hello,

indeed, all networks that need access to the Internet need to be listed in access list 1:

access-list 1 permit 190.191.192.0 0.0.0.255
access-list 1 permit 190.191.101.0 0.0.0.31
access-list 1 permit 190.191.208.0 0.0.0.15

Also, add a default route to the layer 3 switch:

ip route 0.0.0.0 0.0.0.0 190.191.192.101

reynosoalmonte · ‎08-14-2018

Amazing, it works.

Now, it works for the SVI I have in my first layer 3 switch with name ISP1. But in my layer 3 switch as PRINCIPAL, i dont see in the routing table in router my other networks.

See:

Routing table ROUTER:

S* 0.0.0.0/0 is directly connected, Dialer0
186.7.0.0/32 is subnetted, 1 subnets
C 186.7.129.18 is directly connected, Dialer0
190.191.0.0/16 is variably subnetted, 5 subnets, 4 masks
D 190.191.100.0/28 [90/28416] via 190.191.192.105, 00:14:32, Vlan1
D 190.191.101.0/27 [90/28416] via 190.191.192.105, 00:14:32, Vlan1
C 190.191.192.0/24 is directly connected, Vlan1
L 190.191.192.101/32 is directly connected, Vlan1
D 190.191.199.0/24 [90/28416] via 190.191.192.105, 00:14:32, Vlan1
196.3.74.0/32 is subnetted, 1 subnets
C 196.3.74.8 is directly connected, Dialer0

Router needs to see my networks in my layer 3 principal. I am trying to make

eigrp 1

network 0.0.0.0

no auto-summary

with default router ip route 0.0.0.0 0.0.0.0 190.191.192.105 (vlan 1 in layer 3 switch link to router)

This is the config layer 3 switch principal:

no ip domain-lookup
!
!
!
!
!
power redundancy-mode redundant
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 2-4094
switchport mode trunk
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 2-4094
switchport mode trunk
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5

Link to Layer-3-Switch as ISP1
switchport trunk allowed vlan 1,101,199,208
switchport mode trunk
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
switchport mode trunk
!
interface GigabitEthernet1/8
switchport mode trunk
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
switchport trunk allowed vlan 1,101
switchport mode trunk
!
interface GigabitEthernet1/11
switchport trunk allowed vlan 1,101,199,208
switchport mode trunk
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
switchport trunk allowed vlan 195,202
switchport mode trunk
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
switchport access vlan 199
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
switchport access vlan 199
switchport mode access
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface Vlan1
no ip address
!
interface Vlan101
ip address 190.191.101.2 255.255.255.224
!
interface Vlan195
ip address 190.191.195.1 255.255.255.252
!
interface Vlan208
ip address 190.191.208.1 255.255.255.240
!
!
router eigrp 1
network 0.0.0.0
!

ip route 0.0.0.0 0.0.0.0 190.191.192.105
no ip http server
no ip http secure-server
ip forward-protocol nd

Thank you!

Georg Pauwen · ‎08-14-2018

Hello,

you need to give an IP address to Vlan 1 on your layer 3 switch. The IP address needs to be from the same subnet as the IP address you have given to the Vlan 1 interface on the router.

nterface Vlan1
ip address 190.191.192.x/24

reynosoalmonte · ‎08-14-2018

Nice. Works perfect.

Now, I have the vlans, router is configured, switch too. If I have the network 190.191.208.0/28; I will use the protocol HSRP. If I use the gateway of the network .208 it doesn't work. Do I need to use the gateway 190.191.192.101/24 ?

Thanks,

Georg Pauwen · ‎08-14-2018

For HSRP, the default gateway is whatever you have configured as the standby IP address. Post the configs of both HSRP devices...

reynosoalmonte · ‎08-14-2018

SW-ISP1:

SW-ISP-1#sh standby
Vlan100 - Group 1
State is Active
4 state changes, last state change 00:09:22
Virtual IP address is 190.191.100.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.640 secs
Preemption enabled
Active router is local
Standby router is 190.191.100.2, priority 110 (expires in 9.888 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl100-1" (default)

SW-ISP2:

SW-COMPUTOS-ISP-2#sh standby
Vlan100 - Group 1
State is Standby
8 state changes, last state change 00:00:57
Virtual IP address is 190.191.100.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.984 secs
Preemption disabled
Active router is 190.191.100.3, priority 150 (expires in 10.656 sec)
Standby router is local
Priority 110 (configured 110)
Group name is "hsrp-Vl100-1" (default)

Thanks,

Georg Pauwen · ‎08-14-2018

Hello,

Virtual IP address is 190.191.100.1

This is the default gateway. What exactly doesn't work when your clients use this IP address as default gateway ?

reynosoalmonte · ‎08-14-2018

No access to Internet.

I use this default gateway in the config of each host. But not working.

I don' know what is not work.

Georg Pauwen · ‎08-14-2018

Hello,

post the full configs of both switches...

reynosoalmonte · ‎08-14-2018

SW-ISP1:

!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
track 1 ip sla 10 reachability
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet3/0/5
shutdown
!
interface GigabitEthernet3/0/6
shutdown
!
interface GigabitEthernet3/0/7
shutdown
!
interface GigabitEthernet3/0/8
shutdown
!
interface GigabitEthernet3/0/9
shutdown
!
interface GigabitEthernet3/0/10
shutdown
!
interface GigabitEthernet3/0/11
shutdown
!
interface GigabitEthernet3/0/12
shutdown
!
interface GigabitEthernet3/0/13
shutdown
!
interface GigabitEthernet3/0/14
shutdown
!
interface GigabitEthernet3/0/15
shutdown
!
interface GigabitEthernet3/0/16
shutdown
!
interface GigabitEthernet3/0/17
shutdown
!
interface GigabitEthernet3/0/18
shutdown
!
interface GigabitEthernet3/0/19
shutdown
!
interface GigabitEthernet3/0/20
shutdown
!
interface GigabitEthernet3/0/21
shutdown
!
interface GigabitEthernet3/0/22
shutdown
!
interface GigabitEthernet3/0/23
shutdown
!
interface GigabitEthernet3/0/24
shutdown
!
interface GigabitEthernet3/0/25
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt
!
interface Vlan101

descripton Managment
ip address 190.191.101.3 255.255.255.224
!
interface Vlan199
ip address 190.191.199.10 255.255.255.0
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101
!
ip sla enable reaction-alerts

SW-ISP2:

!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet2/0/1
switchport access vlan 100
switchport mode access
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/3
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/4
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/6
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/7
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/8
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/9
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/10
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/11
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/12
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/13
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/17
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/18
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/19
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 50.00
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
switchport port-security maximum 2
!
interface GigabitEthernet2/0/21
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/22
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101,208
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/24
shutdown
!
interface GigabitEthernet2/0/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 199
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
!
interface Vlan101

description Managment
ip address 190.191.101.4 255.255.255.224
!
ip http server
ip http secure-server

Thank you!

Georg Pauwen · ‎08-14-2018

Your second switch is missing the IP address for Vlan 1, all the EIGRP configuration, as well as the static route. Make sure the configs of both switches are identical (except for the IP addresses of course).

reynosoalmonte · ‎08-14-2018

It works!!

Nice!

I don't have work to thank you!

This protocol (HRSP) I will implement IP SLA to monitor the interface from the other isp.

balaji.bandi · ‎08-14-2018

you need to test hop by hop where it stopping, where it is working. top down, or down top diagnosis model.

Not working have several reasons, basically you need to look outing and nat.

show each level traceroute and show nat

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

m.rana.ku · ‎05-17-2020

Hi there,

Actually to access internet from VLANs you need to configure NAT, but only some Cisco layer 3 switches (i.e 6500,6000 and 5500) supports NAT. That's why for the cisco layer 3 switches which don't support NAT in that case we can apply dynamic routing protocol (EIGRP) both in cisco layer 3 switch and in the router to access internet. The common problem is VLAN 1 can access internet but other VLANs can't access internet, in this case if you apply EIGRP routing in both Cisco router and in cisco layer 3 switch then the router and other VLANs will access each other through dynamically detecting the VLAN 1 interface IP address.

The whole process has been precisely described in the following youtube video:

""Configure VLAN | Allow VLANs to Access Internet""

https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1

Cisco Router Configuration:

configure terminal
interface gigabitEthernet 0/0
no shutdown
ip address dhcp
exit

interface gigabitEthernet 0/1
ip address 192.168.2.1 255.255.255.0
no shutdown
exit

ip dhcp pool mainuser
network 192.168.2.0 /24
default-router 192.168.2.1
dns-server 8.8.8.8
exit

ip route 0.0.0.0 0.0.0.0 192.168.1.1

interface gigabitEthernet 0/0
ip nat outside
exit

interface gigabitEthernet 0/1
ip nat inside
exit

ip access-list standard 1
permit any
exit

ip nat inside source list 1 interface gigabitEthernet 0/0 overload
exit

Applying Dynamic Routing EIGRP in Cisco Router:

router eigrp 10
network 192.168.2.0 255.255.255.0
exit

Configuration in Switch part:

enable
configure terminal
vlan 10
name hr
exit

vlan 20
name it
exit

interface range fastEthernet 0/13-18
switchport mode access
switchport access vlan 10
no shutdown
exit

interface range fastEthernet 0/19-24
switchport mode access
switchport access vlan 20
exit

interface vlan 10
ip address 192.168.3.1 255.255.255.0
exit

interface vlan 20
ip address 192.168.4.1 255.255.255.0
exit

Applying Inter VLAN Routing in Cisco Switch:
configure terminal
ip routing
exit

Applying Static Routing in Cisco Switch to Cisco Default Router:
ip route 0.0.0.0 0.0.0.0 192.168.2.1
exit

Applying Dynamic Routing EIGRP in Cisco Router:

configure terminal
router eigrp 10
network 192.168.3.0 255.255.255.0
network 192.168.4.0 255.255.255.0
network 192.168.2.0 255.255.255.0
exit

https://www.youtube.com/watch?v=-JeubKTW8-w