Solved: Re: Unable to access Internet

sambobbi · ‎02-10-2023

What am i missing here , internal vlans 192.168.50.0 & 192.168.60.0 - unable to access the internet or my home router gateway 10.0.0.138
from switch i can reach internet and all the vlans
show ip route

Gateway of last resort is 10.0.0.138 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 10.0.0.138
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly connected, GigabitEthernet1/0/48
L 10.0.0.111/32 is directly connected, GigabitEthernet1/0/48
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, Vlan50
L 192.168.50.1/32 is directly connected, Vlan50
192.168.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.60.0/24 is directly connected, Vlan60
L 192.168.60.1/32 is directly connected, Vlan60

balaji.bandi · ‎02-10-2023

in your config I did not find the IP route - I have false request - show the IP route

add IP route as below :

ip route 0.0.0.0 0.0.0.0 10.0.0.138

Note: you mentioned you made a route back from the router to switch.

can you post that config from your router, if you have route and NAT enabled

since your DHCP pool doesn't have DNS config user PC is not able to browse the internet, but they can ping 8.8.8.8

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎02-10-2023

I may wrong understanding here. Looks you need to tweak your topology to work as expected.

ISP DSL Router----cisco 2911----3650 Switch -----USers PC

Cisco 2911 Router get DHCP IP from our DSL Router 10.0.0.X/24 network (that should connect to any of router ports)- that is act as outside interface (example Gi0/0

Gig0/1 connected to inside to SWITCH (that act as Inside interface)

Router you need to configure NAT and ACL for the 192.16.50.0/24 and 192.168.60.0 to work)

high level config looks below : please tweak as required)

hostname MYRouter
!
!
ip dhcp excluded-address 192.168.50.1 192.168.50.20
ip dhcp excluded-address 192.168.60.1 192.168.60.20
!
ip dhcp pool LANPOOL
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.50.1 (this can be 8.8.8.8)
!
ip dhcp pool LANPOOL1
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
dns-server 192.168.60.1 (this can be 8.8.8.8)
!
multilink bundle-name authenticated
!
interface GigabitEthernet0/0
ip dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!

interface GigabitEthernet0/1
no ip address
no shutdown
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 10
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 20
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
ip nat inside source list 20 interface gig0/0 overload
ip route 0.0.0.0 0.0.0.0 gig0/0 dhcp
!
!
!
access-list 20 permit 192.168.50.0 0.0.0.255
access-list 20 permit 192.168.60.0 0.0.0.255

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sambobbi · ‎02-10-2023

I hope this running config from multilayer switch - should clear any confusion hopefully

g1/0/48 - connected to home router - ip dhcp
g1/0/2 - connected to PC 1 vlan 50

g1/0/26 - connected to PC 2 vlan 60

Current configuration : 13719 bytes

!

! Last configuration change at 09:09:11 UTC Fri Feb 10 2023 by sbobbissh

!

hostname SW01

!

vrf definition Mgmt-vrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

no logging console

ip routing

!

no ip domain lookup

ip domain name sbobbi180.com

ip dhcp excluded-address 192.168.50.1

ip dhcp excluded-address 192.168.60.1

!

ip dhcp pool TEST50

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

!

ip dhcp pool TEST60

network 192.168.60.0 255.255.255.0

default-router 192.168.60.1

interface GigabitEthernet0/0

vrf forwarding Mgmt-vrf

ip address dhcp

negotiation auto

!

interface GigabitEthernet1/0/1

switchport access vlan 50

switchport mode access

interface GigabitEthernet1/0/25

switchport access vlan 60

switchport mode access

interface GigabitEthernet1/0/48

no switchport

ip address dhcp

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

no ip address

shutdown

!

interface Vlan50

ip address 192.168.50.1 255.255.255.0

!

interface Vlan60

ip address 192.168.60.1 255.255.255.0

balaji.bandi · ‎02-10-2023

If the switch acting as Layer 3, you need to static Route required from Switch to Router

I do not see the config of switch Gi 1/0/24 - what config it has ?

you also need static route (if you are not running any routing protocol here)

ip route 0.0.0.0 0.0.0.0 GigabitEthernetx/x

as you mentioned you have route back from Router to Switch (what destination IP this routing to ? - since you setup as DHCP on the port the ip may change for now you have 10.0.0.100 as per screen shot)

do you have NAT configured 2911 for the 192.168.50.0/24 and 192.168.60.0/24 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sambobbi · ‎02-10-2023

1 x Multilayer switch has 2 vlans across 47 gigbit ports and port 48 on the same is a layer 3 port - enabled by no switchport . this port 48 is connected to my home router , ip address is dhcp and i reserved this IP on the home router so it does not change.

1 vlan is 192.168.50.0 and 2nd vlan 192.168.60.0. both have int vlan 50 and int vlan 60 up on the switch.

there is communication between both vlans and i can also ping layer 3 port 48 with 10.0.0.100.

problem is pc's in both vlans cannot access the internet or the home gateway 10.0.0.138 . although 10.0.0.0 /24 is directly connected out of its port 48. i added a static route 0.0.0.0 0.0.0.0 10.0.0.100 so both vlans

C 10.0.0.0/24 is directly connected, GigabitEthernet1/0/48
L 10.0.0.111/32 is directly connected, GigabitEthernet1/0/48
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, Vlan50
L 192.168.50.1/32 is directly connected, Vlan50
192.168.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.60.0/24 is directly connected, Vlan60
L 192.168.60.1/32 is directly connected, Vlan60

balaji.bandi · ‎02-10-2023

Can you post below output in text file

show run

show IP route

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sambobbi · ‎02-10-2023

[cid:image001.png@01D93E0A.C9BC5BA0]

SW01(config)#do show run

Building configuration...

Current configuration : 13706 bytes

!

! Last configuration change at 23:22:55 UTC Fri Feb 10 2023

!

version 17.3

service timestamps debug datetime msec

service timestamps log datetime msec

service call-home

no platform punt-keepalive disable-kernel-core

!

hostname SW01

!

!

vrf definition Mgmt-vrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

no logging console

enable secret 9

!

no aaa new-model

!

!

!

!

ip routing

!

no ip domain lookup

ip domain name sbobbi180.com

ip dhcp excluded-address 192.168.50.1

ip dhcp excluded-address 192.168.60.1

!

ip dhcp pool TEST50

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

!

ip dhcp pool TEST60

network 192.168.60.0 255.255.255.0

default-router 192.168.60.1

!

!

!

!

!

diagnostic bootup level minimal

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

memory free low-watermark processor 133114

!

!

!

!

!

!

!

!

!

!

!

!

interface GigabitEthernet1/0/1

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/2

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/3

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/4

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/5

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/6

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/7

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/8

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/9

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/10

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/11

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/12

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/13

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/14

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/15

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/16

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/17

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/18

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/19

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/20

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/21

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/22

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/23

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/24

switchport access vlan 50

switchport mode access

!

interface GigabitEthernet1/0/25

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/26

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/27

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/28

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/29

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/30

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/31

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/32

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/33

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/34

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/35

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/36

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/37

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/38

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/39

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/40

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/41

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/42

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/43

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/44

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/45

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/46

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/47

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/0/48

no switchport

ip address dhcp

!

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

no ip address

shutdown

!

interface Vlan50

ip address 192.168.50.1 255.255.255.0

!

interface Vlan60

ip address 192.168.60.1 255.255.255.0

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip ssh version 2

!

!

!

!

control-plane

service-policy input system-cpp-policy

!

!

line con 0

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

transport input ssh

line vty 5 15

exec-timeout 0 0

login local

transport input ssh

line vty 16 31

login

transport input ssh

!

call-home

! If contact email address in call-home is configured as sch-smart-licensing@cisco.com

! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.

contact-email-addr sch-smart-licensing@cisco.com

profile "CiscoTAC-1"

active

destination transport-method http

!

!

!

!

!

!

end

balaji.bandi · ‎02-10-2023

in your config I did not find the IP route - I have false request - show the IP route

add IP route as below :

ip route 0.0.0.0 0.0.0.0 10.0.0.138

Note: you mentioned you made a route back from the router to switch.

can you post that config from your router, if you have route and NAT enabled

since your DHCP pool doesn't have DNS config user PC is not able to browse the internet, but they can ping 8.8.8.8

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎02-10-2023

Hello,

post the full running configs (sh run) of both the router and the multilayer switch...

Shan Hussain · ‎02-10-2023

Hi did you check the reverse route for 192.168.50.0 and 192.168.60.0 on Cisco 2911 Router.