cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6661
Views
0
Helpful
13
Replies

Vlans dosnot see the internet

amrashraf1
Spotlight
Spotlight

Ihave switch 3650,2960,sg300 and sg250 switch 3650 is the core and creating on it vlan 4,6,8,10,12 and vlan 1 the deafult i have isr router from my isp but locked from your side i cant change any config in it port g 24 on 3650 connected with isr router member in  deafault vlan 1 and dhcp srv on the router configure by isp range pool 192.168.1.0 /24 but i make vlans 4,6,8,10,12 each vlan in difrrent network and each vlan have dhcp pool 

Config for vlan 4 as example:

Interface vlan 4

No ip address

Ip address 10.0.4.2 255.255.254.0

No sh 

Ip dhcp pool vlan4

Network 10.0.4.0 255.255.254.0

Default-router 10.0.4.2

Dns-server 8.8.4.4

Exit 

After this config imake deafulr route 

#Ip route 0.0.0.0 0.0.0.0 192.168.1.1

Note:192.168.1.1 is the gateway of the router 

After this config only vlan 1 can  the internet but another vlan couldnot see internet??

What is the problem

13 Replies 13

balaji.bandi
Hall of Fame
Hall of Fame

Since your ISP Router only allows the VLAN1 IP address range to be NATed, so that is working. 

 

You need to make arrangements to do Double NAT or ask the provider for your requirement to support.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amrashraf1
Spotlight
Spotlight

So my configration on my sw is true ??

balaji.bandi
Hall of Fame
Hall of Fame

yes for the default VLAN which Allowed by ISP.

 

If ISP can NAT all your IP address, then your problem resolved - may need to static entry back from ISP for your other subnets.

 

Instead, i suggest having NAT on your side, so you not going to depend on your ISP every time.

 

your IP address ----insider (NAT)----outside(ISP IP)-----ISP Gateway

 

Let me know if you looking any example to provide. you need to also have a device which do NAT for your internal network.

 

Or

 

If you have a small network, you can subnet ISP VLAN1 IP address range in to small, and assign VLAN for each block, so it will work as work today on your setup.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amrashraf1
Spotlight
Spotlight

Today called my isp and tell him make static route 10.0.0.0 /18 192.168.1.2

Note(192.168.1.2 is the ip of vlan 1 in my sw)

And from my side make static route 

0.0.0 0.0.0 192.168.1.1

Note(192.168.1.1 is the d.g of my isp)

After make this my vlan 4,6,8,10,12,502 worked but another vlan i created such as vlan 16,18 dosnot have network what is the problem

balaji.bandi
Hall of Fame
Hall of Fame

what IP address used for VLAN 16 and 18?  (if that is part of /18 it should work as expected since you mentioned other VLAN working as expected.)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amrashraf1
Spotlight
Spotlight

Vlan 16

10.0.16.0

Vlan 18

10.0.18.0

balaji.bandi
Hall of Fame
Hall of Fame

it should work as expected since that IP range part of /18 - can you post a complete config to look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amrashraf1
Spotlight
Spotlight

Interface vlan 1 

Ip add 192.168.1.2 255.255.255.0

No sh

Interface vlan 4 

Ip add 10.0.4.2 255.255.254.0

No sh 

Ip dhcp pool vlan4 

Network 10.0.4.0 255.255.254.0

Default-router 10.0.4.2

Dns-server 8.8.4.4

 

The same in vlan 6,8,10,12,502

But each vlan have diffrent subnet 

 

 

 

Interface vlan 30 

Ip add 10.0.30.2 255.255.254.0

No sh

Ip dhcp pool vlan30

Network 10.0.30.0 255.255.254.0

Default-router 10.0.30.2

Dns-server 8.8.4.4

(This dosnot have network and another vlan like 503,28,16

 

Ip route 0.0.0.0 0.0.0.0 192.168.1.1

 

amrashraf1
Spotlight
Spotlight

I checked this case with my isp and add each vlan in my lan in router of isp with each subnet of vlan and isp make static route 10.0.0.0 /18 192.168.1.2 this my ip add of vlan 1 and from my side make 

Ip route 0/0 192.168.1.1 and port from my sw to router is trunk 

 

The internet working but not stable mean all pc in all vlan working but after few hours many of pc in diffrent vlan not working and when i ping to 192.168.1.1 aappear request time out !!!! Wht is the problem

amrashraf1
Spotlight
Spotlight

problem solved imake from my side no switchport on my port that connected to the router to avoid layer 2 and router on stick becuse isp make sub interface on his router 

 

 

thnks

balaji.bandi
Hall of Fame
Hall of Fame

Glad to know all working as expected..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thnx

balaji.bandi
Hall of Fame
Hall of Fame

is this resolved and mark as solution ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card