Solved: VLANs not routing to eachother - 3750

pgkool001 · ‎12-13-2015

Hello all,

I am new to cisco and IOS so bear with me. I have just purchased a 24 port catalyst 3750 and am trying to create two VLANs and get them to talk to each other.

VLAN1 is connected to a consumer grade netgear router which is in turn connected to my internet. This is the 192.168.1.0/24 subnet.

VLAN3 is the 192.168.3.0/24 subnet which I want to be able to access the internet.

Just trying to do some basic pinging between the two VLANs is unsuccessful, and VLAN 3 can not reach the internet. Please help. I will follow up with some snippet of my configuration.

TIA

P

Abzal · ‎12-13-2015

Hi,

Configure port connected to netgear as:

int g1/0/x

switchport mode access

So that two devices will be on one subnet 192.168.1.0/24. Then assign to netgear's interface which is connected to 3750 IP address from 192.168.1.0/24 subnet (in you configuration I assume it is 192.168.1.1/24). Then you need to put on netgear static IP route to your local subnet 192.168.3.0/24 and point it to IP address of 3750 which is 192.168.1.250/24.

Best regards,
Abzal

View solution in original post

Richard Bradfield · ‎12-13-2015

So you are saying a device on the 192.168.1.x network cannot talk to a device on the 192.168.3.x network. or is the 192.168.1.x network just used as a link to your Netgear?

As Abzal said below you need to be able to configure a route on the Netgear back to the 192.168.3.x network, and must allow the 192.168.3.x network to be NATed on the Netgear for a public address.

View solution in original post

pgkool001 · ‎12-13-2015

SHOW VERSION:

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:40 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

3750switch uptime is 2 weeks, 4 days, 1 hour, 50 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipbasek9-mz.122-55.SE10/c3750-ipbasek9-mz.122-55.SE10.bin"

pgkool001 · ‎12-13-2015

SHOW VLAN BRIEF:

3750switch#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/6, Gi1/0/7
                                                Gi1/0/8, Gi1/0/9, Gi1/0/10
                                                Gi1/0/11, Gi1/0/12, Gi1/0/13
                                                Gi1/0/14, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/0/23
                                                Gi1/0/24, Gi1/0/25, Gi1/0/26
                                                Gi1/0/27, Gi1/0/28
2    work                             act/lshut
3    garage                           active    Gi1/0/5, Gi1/0/15
10   home                             act/lshut
11   rooms                            act/lshut
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

pgkool001 · ‎12-13-2015

SHOW IP ROUTE:

3750switch#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C    192.168.1.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan3
S*   0.0.0.0/0 [1/0] via 192.168.1.1

pgkool001 · ‎12-13-2015

SHOW RUNNING-CONFIG:

3750switch#show running-config
Building configuration...

Current configuration : 3903 bytes
!
version 12.2
<-- OUTPUT SUPPRESSED-->
!
hostname 3750switch
!
boot-start-marker
boot-end-marker
!
<-- OUTPUT SUPPRESSED-->
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
switch 1 provision ws-c3750g-24ts
system mtu routing 1500
!
shutdown vlan 2
shutdown vlan 10
shutdown vlan 11
ip routing
ip dhcp excluded-address 192.168.3.3 192.168.3.254
!
ip dhcp pool vlan3
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
!
<-- OUTPUT SUPPRESSED-->
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.1.250 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan11
ip address 192.168.11.1 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
<-- OUTPUT SUPPRESSED-->
end

Abzal · ‎12-13-2015

Hi,

Configure port connected to netgear as:

int g1/0/x

switchport mode access

So that two devices will be on one subnet 192.168.1.0/24. Then assign to netgear's interface which is connected to 3750 IP address from 192.168.1.0/24 subnet (in you configuration I assume it is 192.168.1.1/24). Then you need to put on netgear static IP route to your local subnet 192.168.3.0/24 and point it to IP address of 3750 which is 192.168.1.250/24.

Best regards,
Abzal

Richard Bradfield · ‎12-13-2015

So you are saying a device on the 192.168.1.x network cannot talk to a device on the 192.168.3.x network. or is the 192.168.1.x network just used as a link to your Netgear?

As Abzal said below you need to be able to configure a route on the Netgear back to the 192.168.3.x network, and must allow the 192.168.3.x network to be NATed on the Netgear for a public address.

pgkool001 · ‎12-14-2015

Thankyou Abzal and Richard!

I added a static route on my netgear to direct 192.168.3.0/24 traffic to the cisco switch, 192.168.1.250. That did the trick for pinging. I should have thought of this, I think my setup is a bit wonky. So let me clarify.

Internet

|

Netgear Router (192.168.1.1)

|

Cisco Switch (192.168.1.250)

/ \

VLAN1(192.168.1.250) VLAN3 (192.168.3.1)

Gateway: 192.168.1.1 Gateway: 192.168.3.1

So my ping traffic was routing to the netgear, but it had no route back to the switch. This is now fixed, and I can ping between VLANs!

I set the default DNS server on the 192.168.3.0/24 VLAN to be 192.168.1.1, this allowed me to do DNS lookups, and that works.

However, I still can not access the internet, I think this is as Richard said, the net gear needs to be able to NAT the 192.168.3.0/24 subnet, and I'm not sure how to do this. I'll do some research on google, but I guess its outside the scope of this forum.

So I think my road ends here, unless someone has some bright suggestions on what to do on the 3750 to spoof this?

pgkool001 · ‎12-15-2015

Just FYI for anyone else who stumbles on this...my netgear router...nighthawk R7000 does not support outside subnet NATing supposedly. I posted on the netgear forums and found out that I needed the 3'rd party firmware to get this to work. I put asusWRT-Merlin on my router and now I can get the VLANs to access the internet. All is well!!!

See post below:

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/NAT-for-different-subnet/m-p/1018538/highlight/false#M22922

clement.thuraisamy · ‎03-31-2017

Hi all.. understanding this post is a year old but needs some help pls.

I have the similar configuration as pgkool001, with Main router R7000 running Asuswrxt Merlin, connected to a switch with VLANs. All my VLANs can communicate with each other and with devices on router network.

The issue I face is the devices on VLAN cannot route to internet. I understand I need to do some NATing on Asuswrxt router but I'm not 100% on how? Script to run?

Please advise.

Thanks

CT