switch 3650 can't access Internet

katumping · ‎07-17-2015

hi,

sorry I'm newbie for cisco,

until now, I still can't able to access internet from VLAN switch, but for remote computer from other side, I can reach my IP public.

please suggest, how to connect my VLAN to Internet?

herewith, I created my topology on packettracer

I can ping my Vlan, I can ping my switch, Switch to google it's working to ping, but from PC, still can't reach the IP public (DNS Google)

This is my real config

!
logging console emergencies
enable secret 5 $1$2OgF$ZhsRCDxriCnhpldybdEtn0
!
no aaa new-model
switch 1 provision ws-c3650-24ts
ip routing
!
ip device tracking
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool Server
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool client
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
!

!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
match non-client-nrt
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
interface Loopback1
ip address 10.10.10.1 255.255.255.255
ip mtu 1500
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
no switchport
ip address 182.2*.**.*** 255.255.255.240
ip nat outside
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 20
switchport mode access
!

interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface Vlan200
ip address 10.208.208.200 255.255.255.0
!
ip default-gateway 182.2*.**.***
ip nat inside source list 1 interface GigabitEthernet1/0/1 overload
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1/0/1
!

I only can setup the Switch, for router I dont have access.

only IP, but if I direct to my PC with Static IP, I can connect to Internet.

sorry, my english Bad.

Thanks.

rakeshvelagala · ‎07-18-2015

Hi,

Can you please make below changes

access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.20.0 0.0.0.255

no ip nat inside source list 1 interface GigabitEthernet1/0/1 overload

ip nat inside source list 10 interface (interface of switch connected to router) overload

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet1/0/1

ip route 0.0.0.0 0.0.0.0 (Put ip address of the router interface)

no ip default-gateway 182.2*.**.***

katumping · ‎07-18-2015

hi,

thanks rakes,

btw, if I set config like that, can I still remote my IP Public from my home ?

because, I doubt if change like that, I think my connection will be interrupt and I can't remote again.

Thanks.

katumping · ‎07-23-2015

Hi,

I already set config like you info,

but connection still can't access to internet. (check with ping 8.8.8.8)

thanks.

Martin Carr · ‎07-18-2015

As said, re the below. However these switches do not support NAT (despite appearing to do so) even if it works, it will not be switched in hardware, thus can result in heavy CPU usage, although this may not be an issue in your testing environment.

Martin