No internet access on newly created VLANs Cisco Catalyst 2960-S

Jake514 · ‎06-10-2020

Hello, I would just like to start off by stating that I am very new to networking technologies, this is in fact my first attempt at learning. I have given myself this first little project as a way to teach myself.

On this Catalyst 2960-S switch my simple goal for now is to create 2 VLANs (VLAN 10, VLAN 20), assign ports to each VLAN and then connect 1 PC to each VLAN (in said assigned ports).

As long as my PC is connected to a port that is assigned to VLAN 1 (default), I have internet access on the PC no problem. However if I connect to a port assigned to VLAN 10 or VLAN 20 (or assign the working port to one of those VLANS), I cannot access the internet, regardless of which IP address I assign to the VLAN interface.

Default Gateway 192.168.2.1
VLAN 1 IP: 192.168.2.60 255.255.255.0
VLAN 10 IP: 192.168.10.60 255.255.255.0
VLAN 20 IP: 192.168.20.60 255.255.255.0

GI1/0/23 is my connection to the router.
GI1/0/1 is what I currently have assigned to VLAN 10
GI1/0/11 is what I currently have assign to VLAN 20

Attached will be my show running configuration and show vlan.

Any help on what I am missing would be GREATLY appreciated. I have hit a speedbump in the progress of my learning experiment and I cannot seem to figure this out. Again, I apologize for the obviously very uninformed question.

Reza Sharifi · ‎06-10-2020

Hi Jake,

If you want all vlans/subnet to have access to Internet, there are several things that need to happen.

GI1/0/23 is my connection to the router.

Port GI1/0/23 is configured with vlan1 (default) only. If you want to send vlan 10 and 20 to the router, you have to configure this port as a trunk port but before you do that, make sure that the service provider's router can support that as if this router is for home use and you don't have access to it, it will not work unless you talk to your service provider to configure their site as port 1/0/23.

Also, If the provider agrees to give you more than one subnet to use, they need to configure the Gateways for each subnet on their site and also configure NAT to allow

VLAN 10 IP: 192.168.10.60 255.255.255.0
VLAN 20 IP: 192.168.20.60 255.255.255.0

access the internet.

So, this all depends who control what device.

HTH

Jake514 · ‎06-10-2020

Hi Reza,

Thank you for your reply, I appreciate it very much.

I do have access to the router to do any configuration on it necessary as the admin. I must say I have never modified any of these router settings before however, so this is all new to me. I will poke around in the settings menus of the router in search of what you have mentioned when I return to the office tomorrow and provide an update following that.

Fingers crossed what you have mentioned will be enough guidance for me to find what I am looking for!

Reza Sharifi · ‎06-10-2020

Hi Jake,

Great. Having access to the route makes it so much easier. So, here is what I recommend.

-On the router side, look and see if you can add multiple vlans (1, 10, 20) to the port that is connected to the switch.

-If that is possible, you need to do this config on the switch side for port 1/0/23

config t

inter gi1/0/23

switchport mode trunk

switchport trunk encap dot1q

the above config will allow all vlans on the port and depending on the version of IOS you are running, you may not need the last command.

Now, if this is all good, I recommend you delete the IPs for vlan 10 and 20 only from the switch and move them to the router and configure them there, as the switch is simply a layer-2 device and does not need 3 IPs. You only need one IP to manage the switch and that is already configured for vlan1.

Once you configure the IPs for vlan 10 and 20, try to ping them from a PC connected to the switch or from the switch, if all connectivity is good, now look at NAT config on the router and add the IP segments for vlan 10 and 20.

HTH

Jake514 · ‎06-10-2020

That looks like a very clear set of instructions to work off of! I'm excited to try them out.

Thank you so much again for your replies, the help is immensely appreciated.

I will come back to this message tomorrow and let you know how it goes.

Jake514 · ‎06-11-2020

Hi Reza,

So after looking through the router web interface it doesn't seem like I have any options to add multiple vlans to the port unfortunately. Under "Port Configuration" the only things that I can configure for LAN'x' are 'Speed' and 'Duplex'. I have attached a screenshot of this menu. The router is a ZyXEL EMG2926 if that helps.

Reza Sharifi · ‎06-11-2020

Hi Jake,

Take a look at section 10.3 of the user guide (IP Alias Section) (hopefully I am looking at the right guide) and see if you can add a second IP segment. That is all should be located under "LAN Chapter". If there is no way to do it, than I guess you can only have one subnet and that is the one currently working for you.

HTH

Jake514 · ‎06-11-2020

I did find that section!

So if I am understanding this correctly I would enter my IP Address for each new VLAN as an IP Alias? Something along the lines of what I have entered in the attached screenshot?

Reza Sharifi · ‎06-11-2020

That screenshot looks correct to me. I have never used this type of router before but try it and see if it works.

HTH

Jake514 · ‎06-11-2020

Alright so I have set the IP Aliases, and I have set gi1/0/23 to trunk and unfortunately I still don't have internet access on the VLANS.

Could it be the fact that I didn't remove the IP Addresses assigned to the VLANs as you mentioned in your first reply that is causing the issue?
Or is it perhaps because I still need to do the NAT step you just mentioned? Unfortunately upon looking at the NAT menu in the router I'm a little lost at what I am looking at/what I would need to do there so I will have to do some reading up on it.

I would just like to thank you again for all your help as well as apologize for my lack of knowledge and plethora of questions, I'm baffled by the amount of support you are providing me, it really is great.

I am attaching screenshots of the NAT menus in case that could help.

Reza Sharifi · ‎06-11-2020

Hi Jake,

Could it be the fact that I didn't remove the IP Addresses assigned to the VLANs as you mentioned in your first reply that is causing the issue?

You can not have duplicate IP address, meaning you can not assign the same IP to the switch and as well as the router. If you want to use the same IP on the router, you would need to delete it from the switch or simply assign a different IP to the router.

example:

options-1

switch 192.168.10.60

router 192.168.10.61

option-2

remove .60 from the switch

config t

int vlan 10

no ip address

and now you can assign 192.168.10.60 to the router.

HTH

Jake514 · ‎06-16-2020

Hello again Reza,

I tried this solution and unfortunately still had no internet access on the VLANs.

After much more research over the last few days and attempting various fixes I have found in these forums and on videos online, my problem persists. As such I have returned to seek help here. I still have not done anything in the NAT section of my router (not sure if I need to?) as I wouldn't know what information to put. I have attached screenshots of this menu in case I do need to and you might be able to guide me in the right direction there.

Otherwise attached are the updated Show VLAN, Show Running Config and Show Interface Trunk, the IP Alias and the Static Route menus of the router in case any of these may be able to help you locate a potential solution.

Thank you for your help.

Reza Sharifi · ‎06-16-2020

Hi,

Under NAT section/Port forwarding, can you add a second subnet and test. Other than this, I am not sure if multiple vlans are supported on this type of router.

HTH