vlans not able to accessing internet

chandra.varahala · ‎02-08-2017

I have buffalo WHR-300, DD-wrt v24sp2 and cisco 3560.
My requirement is to have multiple vlans and internet access. Intervlan routing is done on cisco switch
1 vlan2 192.168.12.0/24
2 vlan 3 192.168.13.0/24
3 vlan 4 192.168.11.0/24

svi vlan4 is 192.168.11.70

lan ip of buffalo router is also in 192.168.11.0 series
i am able to get internet on vlan4 devices only.
default route on cisco switch is
0.0.0.0 0.0.0.0 192.168.11.1
traffic is coming till router 192.168.11.1, but no reply after that from vlan 2, vlan 3
able to communicate among vlans but no internet access to vlan 2 and vlan 3.

in advance networking
to reac 192.168.12.0/24 192.168.11.170
192.168.13.0/24 192.168.11.170

please help

thanks

Chandra

Mark Malone · ‎02-08-2017

Hi

you need to have NAT in place for those subnets to be translated to public ips to access the internet , its not on the switch side but the router that would need to be set , your switch config is good once each vlan can access the router , its up to the router then to perform the NAT translation as catalyst switches cant

chandra.varahala · ‎02-16-2017

hi,

I had now placed cisco 2811 router between buffalo 300 whr and cisco switch 3560. i had removed all svi from switch. created sub-interface on router fa 0/1 had network

192.168.12.0/24 vlan 2

192.168.13.0/24 vlan 3

192.168.14.0/24 vlan 4

192.168.20.0/24 vlan 10

internet ip on fa 0/0 : 192.168.11.40

I still have issue with inter vlan. i am unable to reach vm directly in vlan 4 but able to access

the host machine.

i want to remove buffalo router but my main concern is PPTP vpn running on the buffalo. I find pptp vpn on cisco router 2811 with local authentication will have problem. Please help me for a solution to overcome, vpn, intervlan access and internet access to all vlans.

i am here by attaching my router and switch config .

thank you in advance

chandra v

Julio E. Moisa · ‎02-08-2017

Hi

As Mark mentioned below you need a NAT, try to configure this PAT

access-list 10 permit 192.168.11.0 0.0.0.255

access-list 10 permit 192.168.12.0 0.0.0.255

access-list 10 permit 192.168.13.0 0.0.0.255

ip nat inside source list 10 interface <Point to Point interface to Internet provider> overload

int vlan 2
ip nat inside

int vlan 3
ip nat inside

int vlan 4
ip nat inside

and the interface used for the Point to Point with the Internet provider

int Giga x/y
ip nat outside

also you can use: ip nat translations to see if it is working.

Note: not all the switches support NAT, but you can use a router connected to the switch, in this case your ip nat inside will be configured on the interface connected to the switch on the router.

Also you could use static route to reach to the vlans from the router.

Please rate the comments if they are useful :-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

chandra.varahala · ‎02-08-2017

hi,

my cisco 3560 switch will not support NAT. We are using buffalo WHR-300, DD-wrt v24sp2.Any possibility to help on this. thank you for the support.

chandra

Julio E. Moisa · ‎02-08-2017

You should use a router and connect one interface to bufallo WHR300 device and other interface to the switch.

The router must be configured to run the NAT and routing to know the subnets on the switch if you have SVI on the 3560 otherwise the router could be the gateway for your vlans.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

chandra.varahala · ‎02-08-2017

Hi

I have svi on 3560. The router need to be Cisco .