cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
963
Views
1
Helpful
9
Replies

Vlan Clients with No Internet Access Need help please

swizzy
Level 1
Level 1

Hi all,

Working on a small project here, and I was hoping I could get some assistance from somebody who might know better than me.

My Clients in VLAN 10,20,30 can all ping each other and the respective gateways, including 172.16.0.1. However, they dont have access to the internet. Only clients on 172.16.0.x can get access to the internet.

Clients from each can ping each other and the gateways in all vlans. The router can ping the clients and vice versa with no issue.

When I run a tracert from the clients on those vlans I get no response after it hops to 172.16.0.1. The dns for these is 172.16.0.1 and even the switch itself has access to the internet. Not sure if its a DNS or routing issue.

Can somebody help me understand why?

I have a Catalyst 3750 @ 172.16.0.88 using as a router for my setup with vlans. It's gateway is a TPLINK archer a7 @172.16.0.1/24

Below is the running conf.

Switch#show run
Building configuration...

Current configuration : 5255 bytes
!
! Last configuration change at 20:14:50 UTC Thu Nov 30 2023
! NVRAM config last updated at 20:01:43 UTC Thu Nov 30 2023
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
logging buffered 10000000
logging reload debugging
enable secret 5 
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip routing
ip dhcp excluded-address 172.16.1.1
ip dhcp excluded-address 172.16.2.1
ip dhcp excluded-address 172.16.3.1
ip dhcp excluded-address 172.16.1.2
ip dhcp excluded-address 172.16.4.1
ip dhcp excluded-address 172.16.2.37 172.16.2.254
ip dhcp excluded-address 172.16.3.37 172.16.3.254
!
ip dhcp pool vlan10
network 172.16.1.0 255.255.255.0
dns-server 172.16.0.1
default-router 172.16.1.1
lease 0 8
!
ip dhcp pool vlan20
network 172.16.2.0 255.255.255.0
dns-server 172.16.0.1
default-router 172.16.2.1
lease 0 8
!
ip dhcp pool vlan30
network 172.16.3.0 255.255.255.0
dns-server 172.16.0.1
default-router 172.16.3.1
lease 0 8
!
ip dhcp pool vlan101
network 172.16.4.0 255.255.255.0
dns-server 172.16.0.1
default-router 172.16.4.1
lease 0 1
!
ip dhcp pool static_test
host 172.16.3.11 255.255.255.0
hardware-address 0024.dd01.d012
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
switchport mode access
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface FastEthernet1/0/25
!
interface FastEthernet1/0/26
!
interface FastEthernet1/0/27
!
interface FastEthernet1/0/28
!
interface FastEthernet1/0/29
!
interface FastEthernet1/0/30
switchport access vlan 101
switchport mode access
!
interface FastEthernet1/0/31
switchport access vlan 30
switchport mode access
!
interface FastEthernet1/0/32
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/33
!
interface FastEthernet1/0/34
!
interface FastEthernet1/0/35
!
interface FastEthernet1/0/36
!
interface FastEthernet1/0/37
!
interface FastEthernet1/0/38
!
interface FastEthernet1/0/39
!
interface FastEthernet1/0/40
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/41
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/42
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/43
!
interface FastEthernet1/0/44
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/45
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/46
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 30
switchport mode access
!
interface FastEthernet1/0/48
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
ip address dhcp
!
interface Vlan2
no ip address
!
interface Vlan10
ip address 172.16.1.1 255.255.255.0
!
interface Vlan20
ip address 172.16.2.1 255.255.255.0
!
interface Vlan30
ip address 172.16.3.1 255.255.255.0
!
interface Vlan100
no ip address
!
interface Vlan101
ip address 172.16.4.1 255.255.255.0
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 172.16.0.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.255 area 0
network 172.16.4.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip http server
ip http secure-server
!
!
logging history errors
logging trap debugging
logging 172.16.0.70
!
!
banner motd ^C
^C
!
line con 0
line vty 0 4
password
login
length 0
line vty 5 15
password 
login
length 0
!
!
monitor session 1 source interface Fa1/0/31 - 32 , Fa1/0/40 - 48
monitor session 1 destination interface Fa1/0/1
ntp clock-period 36029564
ntp server 157.245.125.229 version 2
end

 

 

1 Accepted Solution

Accepted Solutions

Thanks for the additional information. It is good to know that the router does have static routes to those inside subnets. That pretty clearly identifies that the issue is NAT. Your statement that the router is doing NAT only for vlan 1 confirms that this is the issue. I do not know enough about TPLINK archer to know if it can do NAT for multiple subnets. Do you have administrative access to TPLINK archer?

HTH

Rick

View solution in original post

9 Replies 9

Turn2
Level 1
Level 1

Maybe your TPLink device doesn't have a route back to your networks other than 172.16.0.0/24, and/or isn't NAT'ing any other networks besides that one. I'd be surprised if it supports multiple inside networks, let alone be OSPF capable.

You need NAT to access internet.

You need overload NAT.

MHM

balaji.bandi
Hall of Fame
Hall of Fame

Look at the configuration, Switch can not do any NAT, it act as Router and DHCP for clients

1. you need to add more subnet in TP Link for NAT

2. You need to add Route back subnets  172.16.1.0 to 5.0 Towards Switch VLAN 1 IP address (check show ip interface brief what IP address got vlan 1 interface on switch)

below exact guide help based on your scenario :


https://www.tp-link.com/uk/support/faq/887/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Gopinath_Pigili
Spotlight
Spotlight

Hello swizzy,

if vlan users want to access internet....you must use the concept of NAT (Network Address Translation), which enables communication between private(LAN) and public networks(Internet)....

According your switch configuration... it is just configured for intranet communication using ospf...

Since your L3 switch switch is not directly connected to the ISP....I think..you should enable NAT on your TP-Link Router....

You should map 172.16.1.0 to 172.16.5.0 with a public ip address...on TP-Link Router

Please follow the link below...which will help you to enabling NAT....on TP-Link Router:

https://www.tp-link.com/us/user-guides/archer-a7&c7_v5/chapter-13-nat-forwarding#ug-sub-title-1

Best regards
******* If This Helps, Please Rate *******

 

I probably should've mentioned the tplink does have static routes to those vlans and internal communication is fine. @ router is NAT for vlan 1. I don't think it can do anything other than that. So we find there on that vlan all clients get Internet. I'm dancing with idea that router might not be able to NAT for multiple nets.

SW- transit vlan -router 

Router know vlan subnet via ospf ?

Can you check if router know all vlan subnet? If No check transit vlan' and check if command ""ip routing""

If router know all route then check acl you use for NAT overload 

The acl of  NAT overload must include all vlan subnet.

MHM

Thanks for the additional information. It is good to know that the router does have static routes to those inside subnets. That pretty clearly identifies that the issue is NAT. Your statement that the router is doing NAT only for vlan 1 confirms that this is the issue. I do not know enough about TPLINK archer to know if it can do NAT for multiple subnets. Do you have administrative access to TPLINK archer?

HTH

Rick

Hi Richard,

Appreciate the help.

I ended up purchasing a TPLink-ER605v2, after getting the idea that the router wasn't able to nat multiple subnets. This router actually supports it.

After configuring all the OSPF and settings on the new router, now the clients on those vlans have access to the internet!

 

 

Thanks for the update. Good to know that it was an issue with the router that you had and that a more capable router has solved the problem. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

 

HTH

Rick
Review Cisco Networking for a $25 gift card