Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1770
Views
5
Helpful
5
Replies

Internet Access ONLY on VLAN1 (NATIVE VLAN)

kolar52
Level 1
Level 1

‎02-07-2020 02:45 PM

Hallo Cisco Community, 

 

I need help once again. As I said in the Title, only VLAN1 has access to internet.

I created DHCP network pool for the WAP which hangs on Port 6. On port 6 there is also VLAN 160 which is supposed to serve for mobile devices and WAP. When I connect to WAP on port 6, device gets the IP address, in this case, 10.217.165.170 but there is no internet access. I already set as ip default -gateway my Gateway IP - 0.0.0.0 0.0.0.0 10.10.1.1

 

I have SG350 which can at the same time L2 and L3. 

 

The question is simple - only native VLAN has access to internet. How to make other VLANs have access to the internet? Can you help me please? 

 

Thanks in advance!

 

Your beginner :-)

 

P.S. Please don´t write - you have a routing problem. I need concrete answers to understand the problem(s). 

Labels:
0 Helpful
5 Replies 5

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-07-2020 05:04 PM

Hi,

 

There are few things which is not clear , where is 10.10.1.1 ? is this subnet different than vlan 1 ? or this is the IP of the Router connected to the switch. 

 

Did you create VLAN 160 SVI on your switch ? From your wireless are you able to ping VLAN1 SVI ?

 

The switch is connected to Router/modem which have Internet connectiopn ? if yes then this Router have Route defined for VLAN160 ? 

 

To make your Internet work, first troubleshoot whether you can ping VLAN1 SVI, Router Router IP or 10.10.1.1. 

 

If you can share the above feedback, then we can figure it out the issue and resolution.

kolar52
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-08-2020 12:07 AM

Hi Khan, thanks for your questions.

 

10.10.1.1 is default gateway on my router. And yes, currently VLAN1 and my Router have the same subnet. 

Access Point is connected to Port 6 which is in trunk mode and the port has membership with VLAN 160. For VLAN 160 there is DHCP with Network Pool - 10.217.165.169-99/24. Cisco Access Point has one SSID also with VLAN ID 160 which delivers IP addresses from the created network pool to connected device just fine, but no internet.

 

IPv4 Routing on the switch is enabled and there is one Static Route 0.0.0.0 0.0.0.0 10.10.1.1 which is supposed to direct everything on the switch to router´s default gateway. 

 

That is how I understand it.

 

I think I created SVI on VLAN 160 and I am able to ping VLAN1 - switch address 10.10.1.71.

   !

    interface gigabitethernet 6

   switchport general allowed vlan add 1 untagged

   !

   ip default -gateway 10.10.1.1

 

From VLAN 160 I cannot ping my router default gateway 10.10.1.1. 

 

What do you mean with this?

"The switch is connected to Router/modem which have Internet connection ? if yes then this Router have Route defined for VLAN160 ?"

Of course the switch is connected to router which has internet connection. I haven´t defined any routes on my router. 

 

Thank you very much for helping! I see hope :-)

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to kolar52

‎02-08-2020 12:27 AM

Hi,

 

Things are much clear now. You need to add Route on your Router for vlan 160 subnet, it will point out to VLAN1 ip of your switch "10.10.1.71"

 

Once you do that, you will be able to ping 10.10.1.1 from your Wireless. Once it ping, check the internet connectivity by pinging to 8.8.8.8 or using internet. If it didnt work then review your NAT configuraiton on your Router. Your Router should have NAT/PAT that should include both  VLAN1 and VLAN160 when translating to its Public IP. 

 

Share some screenshots from Router or configuration if Internet do not work

0 Helpful

kolar52
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-08-2020 01:13 AM

Hi,

 

I added Static route on router but still the same results. I don´t think I have to create static routes on my router. SG350 is L3 switch and should do the routing itself. That is my aim here. ISP Router is only supposed to serve as gateway and all other internal routing and network should be managed through switch and access point.

 

I am currently out of ideas but the summary of my problem - tagged VLAN 160 on the trunk port with its own subnet doesn´t reach default gateway. 

 

Thanks

 

 

 

 

 

 

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to kolar52

‎02-08-2020 03:47 AM

Hi,

 

Static Route for vlan160 is mandatory on your Router. So imagine if a packet receive on Router with vlan 160 as source of packet then Router have to know how to reach back to vlan160 for return traffic.

 

I understand you are using your SG as L2/L3 but it is not doing any NAT. It will route traffic for VLAN 160 to the Router for Internet without a y modification or translation.

 

There are two cases where you can avoid static route on Router. 1St one if you can create subinterface of your vlan 160 on the Router or new interface for vlan 160 and make it defaukt gateway for vlan 160. Other case would be to do NAT on SG which I doubt not applicable on SG.

 

So after adding the Route, you cannot reach vlan1 gateway ? But you can ping vlan1 interface on the switch ?

 

To clarify above, understand the scenario that how internet is working for Vlan1. When Router receives traffic from Vlan1, it already have Routing entry for vlan 1 since it is directly connected so it will not be having any issue to route back the traffic to vlan 1 users.

 

I hope above will be helpful to clarify why Routing is required at Router. Can you share your ISP Router config if it is cli or snapshots?

0 Helpful
Customers Also Viewed These Support Documents