Solved: [Solved] No Internet connection form client. (Switch can reach internet)

Hartmann.J · ‎11-08-2016

Update: The issue was that my Modem/Router Linksys E300 (DD-WRT) wasnt configured correct for multiple private Networks for one public IP.

After I added the configuration on there it works fine now.

Hello,

I'm trying to set up a test configuration on a 2960-X but something is not working as intended.

I set up diffrent VLANs on a 2960-X and want to give the Client in VLAN5 Access to the Internet.

My topology is as shown below.

Client -------VLAN5------- |Switch 2960x| -------VLAN8------- Modem (GW 192.168.14.254)

Client IP: 192.168.5.10

VLAN5 192.168.5.254 /24

VLAN8 192.168.14.50 /24

Switch:

I can ping 8.8.8.8 (Internet)

I can ping 192.168.14.254 (modem GW)

I can ping 192.168.5.10 Client

Client:

I can ping 192.168.5.254 (Vlan5 address)

I can ping 192.168.14.50 (Vlan8 address)

I cannot ping 192.168.14.254 (modem GW)

I cannot ping 8.8.8.8 (Internet)

I already configured:

sdm prefer lanbase-Routing

ip route

commands.

And i Setup a Gateway of last Resort to 192.168.14.254

sh ip route gives me following Output:

Gateway of last resort is 192.168.14.254 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.14.254
      192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.5.0/24 is directly connected, Vlan5
L        192.168.5.254/32 is directly connected, Vlan5
      192.168.14.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.14.0/24 is directly connected, Vlan8
L        192.168.14.50/32 is directly connected, Vlan8

I'm not sure what i forgot, i havent used this in a while so i hope someone can help me / give me a hint what i am missing.

Thanks !

devils_advocate · ‎11-08-2016

My money would be on the Modem not having a static route back towards the 192.168.5.0/24 network.

The fact you can ping 192.168.14.254 from the switch but from not from the client backs up this theory.

The modem has an IP address in the 192.168.14.0/24 network so this is the only subnet it knows how to reach. If you ping from the client on 192.168.5.10, this will be the Source IP address in the ICMP once it hits the modem.

The modem only knows about 192.168.14.0/24 network so how can it return traffic for 192.168.5.10?

Basically you need to put a static route on the modem to reach the 192.168.5.0/24 network (next hop will be 192.168.14.50).

The modem needs to be able to support static routes for this to work, as mentioned by Mark, the 2960 does not do NAT so the modem needs to support static routes AND support NAT for both subnets, otherwise this will not work.

Thanks

View solution in original post

devils_advocate · ‎11-09-2016

Is the modem/router in 'Gateway' mode?

I believe it needs to be for NAT to work.

View solution in original post

Mark Malone · ‎11-08-2016

Hi whats doing the NAT is it the modem as a 2960 cant do NAT for a client to break out to the internet , something needs to translate from private to public ips ? either the modem needs to do it or a router needs to be in place

Hartmann.J · ‎11-08-2016

Hello,

I use a Linksys E3000

and added a static route ther as see post above, now i can reach the modem but still not connect to the internet

devils_advocate · ‎11-08-2016

My money would be on the Modem not having a static route back towards the 192.168.5.0/24 network.

The fact you can ping 192.168.14.254 from the switch but from not from the client backs up this theory.

The modem has an IP address in the 192.168.14.0/24 network so this is the only subnet it knows how to reach. If you ping from the client on 192.168.5.10, this will be the Source IP address in the ICMP once it hits the modem.

The modem only knows about 192.168.14.0/24 network so how can it return traffic for 192.168.5.10?

Basically you need to put a static route on the modem to reach the 192.168.5.0/24 network (next hop will be 192.168.14.50).

The modem needs to be able to support static routes for this to work, as mentioned by Mark, the 2960 does not do NAT so the modem needs to support static routes AND support NAT for both subnets, otherwise this will not work.

Thanks

Hartmann.J · ‎11-08-2016

Hello,

currently the static routes on my Modem look like this (attachment)

I added the 192.168.5.0 route and after this i can ping

192.168.14.254

from my Client

I still cannot ping 8.8.8.8 tho

Mark Malone · ‎11-08-2016

what device is doing the NAT that allows you to reach the internet ? without NAT you wont be able to ping 8.8.8.8 as its public ip, your private ip addess from the 192.168 range needs to be translated to the public ip address , without NAT there will be no connectivity to internet ips

EDIT: Just seen your new post Lynksys router

Is the NAT set on the router , enabled , the admin doc sys its on by default

http://downloads.linksys.com/downloads/userguide/Linksys_E3000_UG_USA_V10_NC-WEB.pdf

why are the gateways on your router all 0.0.0.0 ?

Hartmann.J · ‎11-09-2016

Hello,

I only added the 192.168.5.0 route , the other routes were already in place and working.

I dug a Little bit in the config for the Linksys E3000 and I am using the DD-WRT fireware.

I'm trying to find a solution in there documentation to see how ist possible.

The clostest i came to was the link below. I'm going ot look at it a bit later and let you know if i see anything helpful in there.

http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT

Thanks!

devils_advocate · ‎11-09-2016

Is the modem/router in 'Gateway' mode?

I believe it needs to be for NAT to work.

Hartmann.J · ‎11-09-2016

Hello,

Ah yes the router is in "Gateway" Mode

do i miss aother static route ?