Solved: Vlan unable to access Internet

adam.weight · ‎04-02-2013

I am using a Cisco SG-300 28 port switch in layer 3 mode as my default gateway for all my devices. I have two vlans on the switch, vlan 1 and vlan 4. Both are pulling valid IP addresses in their scope from the DHCP server, and both have valid DNS settings. I set a static route to the Internet on the switch to our firewall (192.168.5.254). All devices connected to vlan 1 are able to access the Internet, however all devices connected to vlan 4 cannot get past the switch. A tracert from one of these devices shows it hits the switch as the gateway, but gets no further. Below is the switch config. Can someone assist with what I am doing wrong?

*************************************************************************************

config-file-header
SP-SW1
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator excluded
@
vlan database
vlan 4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 192.168.5.1
ip dhcp relay enable
ip dhcp information option
bonjour mode include
bonjour interface range vlan 1
hostname SP-SW1
username cisco password encrypted d2af3f31b3af51945646942749ee1ce9019a73dc privilege 15
ip name-server 192.168.5.1 192.168.80.10 192.168.50.7 4.2.2.2
ip telnet server
!
interface vlan 1
ip address 192.168.5.251 255.255.255.0
no ip address dhcp
ip dhcp relay enable
!
interface vlan 4
name Guest
ip address 192.168.55.251 255.255.255.0
ip dhcp relay enable
!
interface gigabitethernet1
description SPDC1
spanning-tree portfast
switchport mode access
!
interface gigabitethernet2
description WAP114
spanning-tree portfast
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet3
description Ruckus_Manager
spanning-tree portfast
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet4
description Apple_tv
spanning-tree portfast
switchport mode access
!
interface gigabitethernet5
spanning-tree portfast
switchport mode access
!
interface gigabitethernet6
spanning-tree portfast
switchport mode access
!
interface gigabitethernet7
spanning-tree portfast
switchport mode access
!
interface gigabitethernet8
spanning-tree portfast
switchport mode access
!
interface gigabitethernet9
spanning-tree portfast
switchport mode access
!
interface gigabitethernet10
spanning-tree portfast
switchport mode access
switchport access vlan 4
!
interface gigabitethernet11
spanning-tree portfast
switchport mode access
!
interface gigabitethernet12
spanning-tree portfast
switchport mode access
!
interface gigabitethernet13
description Door_Ctrl
spanning-tree portfast
switchport mode access
!
interface gigabitethernet14
description WAP120
spanning-tree portfast
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet15
description Cameras
spanning-tree portfast
switchport mode access
!
interface gigabitethernet16
description Savant
spanning-tree portfast
switchport mode access
!
interface gigabitethernet17
spanning-tree portfast
switchport mode access
!
interface gigabitethernet18
spanning-tree portfast
switchport mode access
!
interface gigabitethernet19
spanning-tree portfast
switchport mode access
!
interface gigabitethernet20
spanning-tree portfast
switchport mode access
!
interface gigabitethernet21
spanning-tree portfast
switchport mode access
!
interface gigabitethernet22
spanning-tree portfast
switchport mode access
!
interface gigabitethernet23
spanning-tree portfast
switchport mode access
!
interface gigabitethernet24
spanning-tree portfast
switchport mode access
!
interface gigabitethernet25
description SP-SW2
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet26
description SP-SW3
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet27
spanning-tree guard root
switchport trunk allowed vlan add 4
!
interface gigabitethernet28
description SonicWall
switchport trunk allowed vlan add 4
!
ip helper-address all 192.168.5.1 37 42 49 53 137 138
ip route 0.0.0.0 0.0.0.0 192.168.5.254

**********************************************************************************************

Gregory Snipes · ‎04-02-2013

Do you have a route on the firewall to point the network to the switch?

View solution in original post

John Blakley · ‎04-02-2013

Which device is doing nat? Make sure that you're natting for that subnet as well...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

Gregory Snipes · ‎04-02-2013

Do you have a route on the firewall to point the network to the switch?

adam.weight · ‎04-02-2013

Thank you, I don't know why I spaced that one. I did have address objects for the network in the router, but not the route pointing to the switch for that subnet.

All works now.

John Blakley · ‎04-02-2013

Which device is doing nat? Make sure that you're natting for that subnet as well...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

adam.weight · ‎04-02-2013

Thank you. Adding a route to the switch for that subnet on the firewall worked.