Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2159
Views
20
Helpful
12
Replies

No Internet Access After Configuring Cisco 3850 Switch

Meri Christmas
Level 1
Level 1

‎03-29-2018 04:55 PM - edited ‎03-08-2019 02:27 PM

I have a 3850 switch connected to a 5506 ASA 

But when I connect a pc to the switch I can't get internet access.

The switch can ping the firewall, the ISP's gateway and pretty much anything on the internet.

But I cannot get internet access when I connect to a pc!

The firewall is fine. It's been tested and is configured correctly.

I'm missing something, probably something really simple but I can't figure it out.

Here are my routes that pertain to the connection to the firewall. Maybe I'm missing a route?

 

ip route 0.0.0.0 0.0.0.0 10.10.18.5 name Default_Internet_Traffic
ip route 92.173.188.48 255.255.255.252 10.10.18.5 name ISP-Route
ip route 192.168.176.1 255.255.255.255 10.0.0.1 name ASAv

 

The port that I configured that connects to the firewall below. Maybe my port is not configured correctly?

 

interface GigabitEthernet1/0/50
description Firewall
switchport mode trunk
auto qos trust
spanning-tree link-type point-to-point
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

 

I only have 2 Vlans set up for Voice and Data.

I have dhcp configured and it works great.

I'm new to this and not sure what I've done wrong.

 

Any assistance is greatly appreciated!

1 person had this problem
Labels:
0 Helpful
12 Replies 12

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-29-2018 07:27 PM - edited ‎03-29-2018 07:27 PM

What is the vlan the PC is in?

To what port on the switch your PC is connected?

Can you post "sh run" from the switch?

Does the PC have a gateway configured?

What is its IP and gateway?

HTH

0 Helpful

Meri Christmas
Level 1
Level 1
In response to Reza Sharifi

‎03-30-2018 07:46 AM

What is the vlan the PC is in?

To what port on the switch your PC is connected?

 

We use VOIP and each port is configured for Data and Voice (Vlan1 and Vlan100 respectively). The PC is connected to a port that I have configured as follows:

interface GigabitEthernet1/0/24
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

 

Can you post "sh run" from the switch?

This is shortened but see below. Port 1/0/48 is configured for my firewall:

Building configuration...

Current configuration : 26173 bytes
!
! Last configuration change at 19:38:41 UTC Thu Mar 29 2018
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname nGREsw01cs
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret REDACTED
enable password REDACTED
!
username REDACTED
no aaa new-model
switch 1 provision ws-c3850-48p
switch 2 provision ws-c3850-24p
!
!
!
!
!
ip routing
!
no ip domain-lookup
ip name-server 10.1.0.2
ip name-server 10.1.0.3
ip name-server 8.8.8.8
ip dhcp excluded-address 10.10.12.1 10.10.12.255
ip dhcp excluded-address 10.10.14.1 10.10.14.19
!
ip dhcp pool Data
network 10.10.12.0 255.255.254.0
default-router 10.10.12.1
dns-server 10.1.0.2 10.1.0.3 8.8.8.8
lease 3
!
ip dhcp pool Voice
network 10.10.14.0 255.255.255.0
default-router 10.10.14.1
dns-server 10.1.0.2 8.8.8.8
!
!
qos queue-softmax-multiplier 100
!
table-map AutoQos-4.0-Trust-Cos-Table
default copy
!

crypto pki trustpoint TP-self-signed-2496549443
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2496549443
revocation-check none
rsakeypair TP-self-signed-2496549443
!
!
crypto pki certificate chain TP-self-signed-2496549443
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343936 35343934 3433301E 170D3138 30333230 31343537
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34393635
34393434 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100970D B39C1A37 1440C075 7B5CDA05 2F3B7FDD CD5112F7 335EB1DD 80C25CD9
89280A69 206CD768 D982B781 D3551D29 64A100BF 0F3710C1 77F8F373 748DCBED
ABF496E3 24382DB1 FAAA3067 BC961AB8 C0AD42D6 5FD6F8F0 59D238AB 0C6B01A6
040DB880 6077DDCA 90C58187 9E1C7F54 4B6B330F 9F2C500C E2ECA5B0 05C01265
1DF10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1429AE47 16B87A5F DB9ADA56 F165B4B5 E302A0FD 93301D06
03551D0E 04160414 29AE4716 B87A5FDB 9ADA56F1 65B4B5E3 02A0FD93 300D0609
2A864886 F70D0101 05050003 8181003E 497FFDBF 57A29FF2 977C6DA0 E4AC2962
E3315CD6 4C0A969A 019CB217 46D80A87 00EA7715 8D8B8AA2 11A3F88B 180D4DAC
86FC76F7 C2128777 0EFE93E0 E94F2FA1 B915B153 17BB28EB 3A3450EF 43C822B6
3ACBBA21 449385AE 33EBEAB6 E8C482D1 E6D398A9 F31F06FE 61B70019 991BC905
946407A8 16B02E00 8D1F6FD0 8B6C61
quit
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
policy-map AutoQos-4.0-Trust-Cos-Input-Policy
class class-default
set cos cos table AutoQos-4.0-Trust-Cos-Table
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/2
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/3
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/4
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/5
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/6
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/7
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/8
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

!

!

!

!

!

!
interface GigabitEthernet1/0/37
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/38
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/39
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/40
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/41
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/42
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/43
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/44
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/45
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/46
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/47
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/48
description Firewall
switchport mode trunk
auto qos trust
spanning-tree link-type point-to-point
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/1/1
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/1/2
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/1/3
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/1/4
description -- Data
switchport mode access
switchport voice vlan 100
auto qos trust
spanning-tree portfast
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!

interface Vlan1
ip address 10.10.12.10 255.255.254.0
!
interface Vlan100
description -- Voice Vlan
ip address 10.10.14.1 255.255.255.0 secondary
ip address 10.10.14.10 255.255.255.0

!

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.10.12.5 name Default_Internet_Traffic

ip route 10.1.0.0 255.255.255.0 10.0.0.1 name DC-Main_Network
ip route 10.1.4.0 255.255.255.0 10.0.0.1 name DC-DMZ_Network

REDACTED
ip route 92.173.189.48 255.255.255.252 10.10.12.5 name ISP-Route
ip route 192.168.176.1 255.255.255.255 10.0.0.1 name ASAv

 

REDACTED

!

What is its IP and gateway?

I configured DHCP on the switch and the PC can pull a dhcp address

The IP of the switch is 10.10.12.10 Gateway is 10.10.12.1

 

0 Helpful

Meri Christmas
Level 1
Level 1
In response to Meri Christmas

‎03-30-2018 07:49 AM

Just to add:

 

The switch is obviously not in production.

When I plug the switch directly into the modem of our ISP I have no problem with internet access. It's only when I plug into the firewall.

 

The firewall was tested by Cisco support and is fine. FYI

0 Helpful

Georg Pauwen
VIP
VIP
In response to Meri Christmas

‎03-30-2018 08:04 AM

Hello,

 

post the full config of the ASA....

Meri Christmas
Level 1
Level 1
In response to Georg Pauwen

‎03-30-2018 09:28 AM

Thanks Georg

Unfortunately the engineer that configured the ASA is a little hesitant about submitting the entire configuration. Below is the ASA config that pertains to the switch. Sorry, I hope this helps.

ip local pool NLHP-Users 10.10.7.241-10.10.7.254 mask 255.255.255.240
ip local pool NLHP-Admins 10.10.7.225-10.10.7.238 mask 255.255.255.240

!
interface GigabitEthernet1/1
nameif WAN
security-level 0
ip address 96.74.189.49 255.255.255.252
!
interface GigabitEthernet1/2
nameif LAN
security-level 100
ip address 10.10.12.5 255.255.254.0

access-list LAN_access_out extended permit ip any any log disable

arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (LAN,WAN) source static any any destination static NETWORK_OBJ_10.10.7.224_28 NETWORK_OBJ_10.10.7.224_28 no-proxy-arp route-lookup
nat (LAN,WAN) source static NLH-DC1-network NLH-DC1-network destination static NETWORK_OBJ_10.10.7.240_28 NETWORK_OBJ_10.10.7.240_28 no-proxy-arp route-lookup
nat (LAN,WAN) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.10.7.224_28 NETWORK_OBJ_10.10.7.224_28 no-proxy-arp route-lookup
!
object network obj_any
nat (any,WAN) dynamic interface
access-group LAN_access_out out interface LAN
route WAN 0.0.0.0 0.0.0.0 96.74.189.50 1
route LAN 10.1.0.0 255.255.255.0 10.10.4.1 1
route WAN 10.1.13.0 255.255.255.0 96.74.189.50 1
route WAN 10.1.15.0 255.255.255.0 96.74.189.50 1
route LAN 10.10.0.0 255.255.0.0 10.10.4.1 1
route WAN 199.255.120.0 255.255.252.0 92.73.189.50 10

 

 

I put the last line in bold because I just noticed I have a typo in my route on the switch. 

 

My route for the ISP is:

ip route 92.173.189.48 255.255.255.252 10.10.12.5

 

should be 92.73.189.48, I'm correcting that now.

 

This may sound dumb but I'm a newbie LOL. Could this be preventing me from getting internet access?

0 Helpful

Georg Pauwen
VIP
VIP
In response to Meri Christmas

‎03-30-2018 10:48 AM

Hello,

 

it looks like your firewall is missing a static route back to your LAN. Can you ask your engineer to add the static route below to the firewall:

 

route LAN 10.10.0.0 255.255.0.0 10.10.12.10

Meri Christmas
Level 1
Level 1
In response to Georg Pauwen

‎03-30-2018 04:04 PM

Thank you. We added the route.

 

I also fixed a typo I had in my route and my data vlan did not have all the ip's needed.

 

IT'S WORKING!!!

 

Thanks again!

0 Helpful

amikat
Level 7
Level 7
In response to Meri Christmas

‎03-30-2018 01:05 PM

Hi,

Your "default router" within "ip dhcp pool Data" should be configured as follows:

"default-router 10.10.12.5"

Best regards,

Antonin

Georg Pauwen
VIP
VIP
In response to amikat

‎03-30-2018 01:09 PM

The 3850 is configured as L3...

jamesbos96602
Level 1
Level 1

‎07-21-2024 05:41 PM - edited ‎07-22-2024 12:25 PM

 

 

 

0 Helpful

RAdamWilliams
Level 1
Level 1
In response to jamesbos96602

‎07-21-2024 06:50 PM

James, you should ask this question in a new post. My first question would be what is supposed to be doing the routing on your network?

0 Helpful

jamesbos96602
Level 1
Level 1
In response to RAdamWilliams

‎07-22-2024 12:27 PM

i am sorry i have remove it, i  not posted any thing on here never needed to  post is removed 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card