Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2045
Views
0
Helpful
13
Replies

VLAN no Internet Access

johnt82
Level 1
Level 1

‎07-06-2022 03:13 AM

Hello all,

This is the first time I am posting in Cisco Forum. So I need your help!

We have a Mikrotik switch, on which we have connect the corporate "internet" and a TP-Link AC for the WiFi users. We also bought a Netgear switch and a Cisco Switch.

On Mikrotik we have two vlans the vlan1 and the VLAN210 (192.168.210.0/24) and it is our DHCP server for VLAN210. On port 24 I have connect the Cisco switch, of course it received an IP from VLAN 210 and it has internet access. But when I try to create three new VLANs 10,20 and 30, they don't have internet Access.

On Netgear I created a VLAN 100 and after configuration I managed to give internet access, the problem was with an ACL.

So I have tried to create an ACL for each VLAN on Cisco with no luck.

Mikrotik: CRS328-24P-4S+RM

Netgear: M4300-28G-PoE

Cisco: CBS350-24FP-4G

 

Labels:
0 Helpful
13 Replies 13

Seb Rupik
VIP Alumni
VIP Alumni

‎07-06-2022 03:52 AM

Hi there,

On the Mikrotik you need to configured static routes directing traffic destined to VLANs 10, 20 and 30 towards the Cisco switches IP on VLAN 210 .

 

The other issue may have been NAT, but it sounds as if the ACL you have configured is covering that.

 

cheers,

Seb.

 

 

0 Helpful

Jitendra Kumar
Spotlight
Spotlight

‎07-06-2022 03:56 AM

First of all Welcome to the Cisco Community !!

 

Assuming  Microtek internet switch/router where you have created VLANs and getting internet seems that's VLAN created on the internal interface what you to do create that 10,20,30 VLAN on the Microtek switch/router and create the IP DHCP pool on the VLANs don't forget them add a route on the Microtek for each VLAN subnet will require a Default route 0.0.0.0/0 in the gateway what you want to make.

 

if this is not your scenario them share the network diagram we will surely hello our level best.

Thanks,
Jitendra
0 Helpful

johnt82
Level 1
Level 1
In response to Jitendra Kumar

‎07-06-2022 04:26 AM - edited ‎07-06-2022 04:27 AM

Thank you both for your answers. So, let me take it from the top,

As I mentioned we have three switches, one Mikrotik, one Netgear and one Cisco, the models are in the first post. Now, in the beginning we bought the Mikrotik, on port1 we have the corporate network (other than the VLAN210) which gives us the internet access. On port 2 we have the TP-Link AC for WiFi users. Finally on port24, is connected the Cisco switch.

On Mikrotik, we have the VLAN210 which acts as a DHCP server for the users in VLAN210. We have Internet access and everything runs smoothly.

Some months ago we bought a Netgear switch and we connected in our VLAN210 network. It received immediately via DHCP, IP, s/m, DNS etc. The whole switch is as one and when you connect a device it takes the correct IP etc from the DHCP server and works perfect. I tried to create a VLAN and in the begging I faced a similar problem. But I create an ACL (permit any any) on the Netgear and a NAT masquerade on Mikrotik and the problem solved! (The DHCP server for the VLAN100 is the Netgear switch)

Finally a week or so ago we bought the Cisco switch. I have connected the Cisco with Mikrotik and of course as the Netgear did, it took IP, DNS etc from the Mikrotik DHCP server. But when I try to create the VLANs on the Cisco switch following the same steps as I did with the Netgear the VLANs are created, DHCP server for the specific VLANs is working correctly (for VLANs 10, 20, 30 the DHCP server is the Cisco), I have communication with the devices one the same VLAN but not with the other VLANs (it doesn't matter) and especially I can't grab Internet Access!

Hope I helped with the explanation.

Thank you in advance.

John

0 Helpful

Jitendra Kumar
Spotlight
Spotlight
In response to johnt82

‎07-06-2022 05:08 AM - edited ‎07-06-2022 05:13 AM

ok,

 

Microtek switch you need to create VLAN 10,20,30 on the port24 . make cisco uplink port trunk.

 

add route on the cisco switch # IP route 0.0.0.0 0.0.0.0 ( Microtek router IP )

and you should have route on the Microtek except those vlan network and forward to the internet in this route source will 0.0.0.0 mask 0.0.0.0 and destination will be internet gateway IP

Thanks,
Jitendra
0 Helpful

johnt82
Level 1
Level 1
In response to Jitendra Kumar

‎07-06-2022 05:57 AM

Hi again,

 

No luck...

 

John

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to johnt82

‎07-06-2022 06:04 AM - edited ‎07-06-2022 06:22 AM

Hi there,

From a device in any or all VLANs 10,20,30, can you ping a device in VLAN1? Check that the target device allows pings from a subnet which it is not directly connected to. If this test succeeds, then the static routing which I suggested in my first post has been proved working.

 

The next test is for a device in VLANs 10,20,30 to reach an external IP address. If this fails then you need to take a close look at any inbound/ outbound ACLs from the Mikrotik towards your internet router. Also confirm that the device which is providing NAT for VLANs 1 and 210 has the necessary configuration, typically an ACL with permits for each of your internal subnets.

 

cheers,

Seb.

0 Helpful

johnt82
Level 1
Level 1
In response to Seb Rupik

‎07-06-2022 06:59 AM

Hi Seb,

I have tried both but again with no luck. I really don't know this is so difficult. In the other switch, I have done a few steps, VLAN creation, ACL permit any any inbound, DHCP for those specific VLANs on the Netgear and finally only NAT masq in the Mikrotik.

Thanks again...

 

John

 

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to johnt82

‎07-06-2022 07:24 AM

Which part doesn't work, the pinging devices in VLAN1 ?

0 Helpful

johnt82
Level 1
Level 1
In response to Seb Rupik

‎07-06-2022 08:48 AM

Hi Seb,

I've tried to ping from vlan1(192.168.210.0/24) to vlan 10 (192.168.10.0/24), and vice versa, unfortunately with no success.
I am trying to find out what is going wrong...
I am going to be in the office on Monday, if you have time we can check it again.
Best regards

John

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to johnt82

‎07-07-2022 01:03 AM

If you could share whatever configs you can that would be great.

 

cheers,

Seb.

0 Helpful

johnt82
Level 1
Level 1
In response to Seb Rupik

‎07-18-2022 12:42 AM

Hi Seb, sorry for the late answer, but I was out of the office...

Preview file
17 KB
0 Helpful

johnt82
Level 1
Level 1
In response to johnt82

‎07-06-2022 06:04 AM

Another strange thing is that Netgear configured easily and the only thing that O had to do on Mikrotik was to configure only the NAT masq.

An I have to mention that on Netgear there are NO trunk ports... none!

Strange....

John

 

0 Helpful

KJK99
Level 3
Level 3

‎07-18-2022 09:14 PM

True, there are no trunk ports on NETGEAR switches. And, there are no access ports there, either. NETGEAR and many other switch makers implement just one general 802.1Q port mode. Still, you configure ports there so they behave in a very similar way as CISCO trunk or access ports. If you make a port an untagged member of a single VLAN and set its PVID to the VLAN ID, it will be an “access” port. If you make a port an untagged member of the management VLAN, set its PVID to the management VLAN ID and add it to some other VLANs as a tagged member, it will be a “trunk” port. You can even find this “General” port mode on your CBS350 switch.

You can not use ACLs on the CBS350 switches for this basic VLAN configuration. To tell the truth, I’m yet to run into a switch or router that would provide ACLs for this purpose. Not, even my NETGEAR switches. Well, I’m not a Pro.

You can configure the link between your Mikrotik router and CBS350 switch in one of three ways:

  1. router-on-a-stick (trunk ports)
  2. transition VLAN (access ports)
  3. L3 (routed ports)

Looking at your CBS350 configuration, I hate to say that I think that you haven’t chosen one, yet. It looks like you just connected an access port of VLAN210 on the Mikrotik side to a default (unconfigured) port (VLAN1) on the CBS350 side. Note that, to choose one of those three options, first you need to decide where you want to have inter-VLAN routing of those four VLANs done, on the Mikrotik router or the CBS350 switch.

Kris K
0 Helpful
Customers Also Viewed These Support Documents