cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
285
Views
0
Helpful
5
Replies
Highlighted
Beginner

No internet access to some VLANs

Hi,

 

I have configured the setup mentioned in following drawing with Cisco 3650 core switch and two Cisco 2960 access switches. After configuring ip route 0.0.0.0 0.0.0.0 192.168.30.254 on core switch, vlan 30 is able to access internet while other vlans couldn't. Could someone please say what seems to be the issue preventing vlan 10,20 from accessing internet?

DHCP server and inter-vlan routing is working. 

 

P.S - Sorry for my poor English

Regards,

M

d.jpg

 

5 REPLIES 5
Highlighted
Beginner

Hi.

Where is the default gateway configured for all the VLANs? I presume the DG in Core switch right? If this is the case, please use a different VLAN and subnet between the core switch and the FW. So all the traffic from VLANs 10,20,30 will hit the core switch (L2) and then from there will be routed to the firewall (L3)

 

 

Regards

Suresh

Highlighted

Hi Suresh,

 

Default gateways for VLANs are configured in core switch. 

Could you please post the configuration for this?

 

Regards,

M

Highlighted

Hi.
- Create a new P2P /30 between the core switch and FW. for example, 192.168.40.0/30
- Create VLAN40 on the core switch and make the physical port connecting to the FW as an access-port vlan 40.
conf ter
inter gi1/10
switchport access vlan 40
- Create SVI for vlan40 on the switch and assign the IP of 192.168.40.2/30
conf ter
inter vlan 40
ip add 192.168.40.2/30

- Add a default route to the FW
conf ter
ip route 0.0.0.0 0.0.0.0 192.168.40.1

- Configure the IP of 192.168.40.1/30 in the physical port connecting to the core switch. The VLAN ID is NOT required.
- Add a static route for VLAN10,20,30 with the next-hop of 192.168.40.2
- Add NAT entries for VLAN10,20,30

Please rate all helpful responses

Regards
Suresh
Highlighted
VIP Collaborator

Hello, please check steps below;

between trunks to the core: all vlans are allowed?
in your firewall: Is there route back to your internal networks (vlan 10,20,30)?
in your firewall: Is there a nat configuration allowing others network (vlan 10,20,30)?

Maybe the problem is this.
Jaderson Pessoa
*** Rate All Helpful Responses ***
Highlighted
VIP Mentor

Hello

The FW will be perfroming the NAT, so make sure that FW is aware of vlan 10,20 and as the routes back towards the core switch also it has the corect NAT rules for those other two subnets.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Content for Community-Ad