Hello everyone,

I have recently updated the core switch in my network to stacked c3750g and c3750p and have them running as expected on a flat 192.168.5.0/24 range but I have finally come to terms that I have have just outgrown a flat /24 range.  Now for several reasons I have been wanting to segment my lan into vlans to cut down on all the broadcast traffic and another layer of security.

This diagram outlines the key parts of my current setup:

Right now, all inter-VLAN communication is happening as expected, devices are able to access across all vlans without issue.  DHCP addresses for all vlans are being dished out and configured correctly, DNS is working fine.

The issue is that any devices that are not on vlan 1 (192.168.5.0/24) are not able to access the internet.

Here is my info/config for the c3750 stack:

___________________________________

sw01-c3750>en
Password:
sw01-c3750#sho vers
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

System image file is "flash:/c3750-ipservicesk9-mz.122-55.SE10.bin"

cisco WS-C3750G-48TS (PowerPC405) processor (revision F0) with 131072K bytes of memory.
7 Virtual Ethernet interfaces
48 FastEthernet interfaces
56 Gigabit Ethernet interfaces

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3750G-48TS 12.2(55)SE10 C3750-IPSERVICESK9-M
2 52 WS-C3750-48P 12.2(55)SE10 C3750-IPSERVICESK9-M

Switch 02
---------
Switch Uptime : 6 hours, 1 minute

Configuration register is 0xF

CONFIG.txt

__________________________________________________

sw01-c3750#sh ru
Building configuration...

Current configuration : 10461 bytes
!
! Last configuration change at 19:53:45 UTC Fri Feb 26 2016 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw01-c3750
!
boot-start-marker
boot-end-marker
!
enable secret 5 ********
enable password ********
!
username ******** password 0 ********
!
!
aaa new-model
!
!
aaa session-id common
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750-48p
system mtu routing 1500
ip routing
ip domain-name gmhq.********.com
ip name-server 192.168.5.10
ip name-server 192.168.5.1
ip dhcp excluded-address 192.168.5.1 192.168.5.199
ip dhcp excluded-address 10.0.10.1 10.0.10.25
!
ip dhcp pool DATA_LAN
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
option 66 ip 192.168.5.125
option 67 ascii smsboot\x64\wdsnbp.com
option 128 ip 192.168.5.111
option 150 ip 192.168.5.111
dns-server 192.168.5.10 192.168.5.1
domain-name gmhq.********.com
option 60 ascii "PXEClient"
!
ip dhcp pool MGMT
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 192.168.5.10 192.168.5.1
domain-name gmhq.********.com
!
ip dhcp pool Server
network 10.0.15.0 255.255.255.0
default-router 10.0.15.1
dns-server 192.168.5.10 192.168.5.1
domain-name gmhq.********.com
option 66 ip 192.168.5.125
option 67 ascii smsboot\x64\wdsnbp.com
option 128 ip 192.168.5.111
option 150 ip 192.168.5.111
option 60 ascii "PXEClient"
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 2
!
interface GigabitEthernet1/0/10
switchport access vlan 10
!
interface GigabitEthernet1/0/14
switchport access vlan 15
!
interface GigabitEthernet1/0/15
switchport access vlan 15
!
interface GigabitEthernet1/0/16
switchport access vlan 15
!
!
interface Vlan1
ip address 192.168.5.2 255.255.255.0
ip helper-address 192.168.5.125
ip helper-address 192.168.5.1
!
interface Vlan5
ip address 10.0.5.2 255.255.255.0
!
interface Vlan10
ip address 10.0.10.1 255.255.255.0
!
interface Vlan15
ip address 10.0.15.1 255.255.255.0
!
interface Vlan20
ip address 10.0.20.1 255.255.255.0
!
interface Vlan25
ip address 10.0.25.1 255.255.255.0
!
interface Vlan30
ip address 10.0.30.1 255.255.255.0
!
ip default-gateway 192.168.5.1
ip classless
ip default-network 192.168.5.0
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip http server
ip http secure-server
!
!
!
snmp-server community ******** RO
snmp-server community ******** RW
!
!
line con 0
line vty 0 4
password ********
transport input ssh
line vty 5 15
password ********
!
ntp clock-period 36029066
ntp peer 192.168.5.111
end

traceroute and ping from c3750:

____________________________________________

sw01-c3750#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C* 192.168.5.0/24 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.10.0 is directly connected, Vlan10
C 10.0.15.0 is directly connected, Vlan15
S* 0.0.0.0/0 [1/0] via 192.168.5.1

sw01-c3750#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.5.2 YES manual up up
Vlan5 10.0.5.2 YES manual up down
Vlan10 10.0.10.1 YES NVRAM up up
Vlan15 10.0.15.1 YES NVRAM up up
Vlan20 10.0.20.1 YES NVRAM up down
Vlan25 10.0.25.1 YES NVRAM up down
Vlan30 10.0.30.1 YES NVRAM up down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/14 unassigned YES unset up up
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up

sw01-c3750#ping google.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.46.39, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/26 ms
sw01-c3750#traceroute google.com

Type escape sequence to abort.
Tracing the route to google.com (173.194.46.39)

1 192.168.5.1 8 msec 0 msec 9 msec
2 10.158.92.1 8 msec 9 msec 25 msec
3 dtr02wrlkmi-tge-0-0-1-0.wrlk.mi.charter.com (96.34.33.156) 8 msec 17 msec 9 msec
4 96-34-35-112.static.unas.mi.charter.com (96.34.35.112) 17 msec 8 msec 17 msec
5 bbr01sgnwmi-bue-2.sgnw.mi.charter.com (96.34.2.58) 17 msec 9 msec 16 msec
6 bbr01aldlmi-bue-5.aldl.mi.charter.com (96.34.0.54) 26 msec 25 msec 17 msec
7 bbr01chcgil-bue-4.chcg.il.charter.com (96.34.0.99) 25 msec 25 msec 25 msec
8 prr01chcgil-bue-2.chcg.il.charter.com (96.34.3.9) 25 msec 25 msec 25 msec
9 96-34-152-30.static.unas.mo.charter.com (96.34.152.30) 34 msec 25 msec 25 msec
10 74.125.37.199 25 msec 25 msec 25 msec
11 209.85.243.53 17 msec 25 msec 25 msec
12 google.com (173.194.46.39) 25 msec 17 msec 17 msec

and some troubleshooting from a client on vlan 15(same issue exists for all devices on anything other than vlan 1): 

_____________________________________________

root@GMHQUR2:~# ping google.com
PING google.com (216.58.216.110) 56(84) bytes of data.
^C
--- google.com ping statistics ---
20 packets transmitted, 0 received, 100% packet loss, time 19000ms

root@GMHQUR2:~# traceroute google.com
traceroute to google.com (173.194.46.39), 30 hops max, 60 byte packets
1 10.0.15.1 (10.0.15.1) 0.863 ms 1.034 ms 1.225 ms
2 192.168.5.1 (192.168.5.1) 0.355 ms 0.664 ms 0.826 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * *^C
root@GMHQUR2:~# ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
64 bytes from 192.168.5.1: icmp_seq=1 ttl=63 time=0.406 ms
64 bytes from 192.168.5.1: icmp_seq=2 ttl=63 time=0.343 ms
^C
--- 192.168.5.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.343/0.374/0.406/0.036 ms
root@GMHQUR2:~# traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 60 byte packets
1 10.0.15.1 (10.0.15.1) 0.767 ms 0.956 ms 1.113 ms
2 192.168.5.1 (192.168.5.1) 0.350 ms 0.714 ms 0.919 ms

so this is the last problem I need to fix before I can start migrating all my systems over the new vlans.

I have been researching this issue and so far have not found anything thats corrected the issue so I figured this would be the place to ask!

any and all help would be greatly appreciated as its been a quite an educational journey for me to get this far!