Re: No Internet After Creating VLAN

Rduhb · ‎11-07-2019

New to this so please be patient. :)

I created a simple vlan on an SG350 . Port 1 connected to Edgerouter. Port 2 connected to WAP. Port 3 connected to laptop1 (VLAN2) and Port 4 connected to laptop2 (VLAN3). No internet access on either laptop. I assume port 1 should be setup as a trunk. I had this running before but had to reset the router and now I don't remember how it was configured.

Seb Rupik · ‎11-08-2019

Hi there,

what model is your edge router? If it is a simple ISP supplied item then you may run into trouble with your setup.

the issue you are probably experiencing is that although the SG350 is correctly routing between your VLANs the edge router has no idea how to reach devices in VLANs 2 and 3. This can be remedied by adding a static routes for these VLANs to the edgerouter with a next-hop as the SG350 VLAN1 IP address.

If the edge router cannot have static routes configured, then you need to NAT VLANs 2 and 3 behind VLAN1, however the SG350 does not support NAT. You need another router or firewall for that.

cheers,

Seb.

Jaderson Pessoa · ‎11-08-2019

Hi there,

firstly share your configuration on switch and edrouter (if you have access on it). I think that your edrouter is simple and is configured just to allow one network, in your case... network on port 1.

I have two idea:
1. Check if your router support create a nat to this other two networks, if yes, configure it and create a route back from your edrouter to your sg350 for all networks, vlan 2 and 3.
2. If your router doesnt support nat configuration, you will need a firewall to controll traffic.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Rduhb · ‎11-08-2019

Thanks for the replies! I have to stress that I’m new to this switch and setting up vlans. At this point I just want to confirm I have the VLAN configured properly which looks like I do. However, I’m not sure about the settings for the port connected to the router. Should it be a trunk? Tagged or untagged. The router is an Edgerouter X.

Seb Rupik · ‎11-19-2019

Hi there,

Typically you would connect network infrastructure together using trunk links where each VLAN being carried is tagged.

Reading the EdgeRouter X datasheet, it does support 802.1q but I would imagine all of the Ethernet ports are configured as access ports. Therefore for the sake of simplicity, you should configure the switchport on the SG350 as an access port.

The EdgeRouter also supports static routing and NAT. This means the SG350 can do the routing between VLANs 1, 2 and 3. The EdgeRouter will need to have static routes directing traffic to the SG350 VLAN1 SVI for VLAN 2 and 3. The EdgeRouter will also need to have NAT polices configured to translate VLANs 1, 2 and 3. Hopefully it is sophisticated enough to translates VLANs 2 and 3 (although it does not have them configured for local routing).

An alternative may be to configure the routing and DHCP for all the VLANs to occur on the EdgeRouter. This would require a trunk link between the two devices but hopefully mitigate the concern regarding NAT configuration.

cheers,

Seb.