Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
1
Helpful
3
Replies

Intervlan routing issues on 2960S - No internet access

Bonushadow
Level 1
Level 1

‎03-31-2023 06:45 AM

Hi, I need help with getting new vlans (26 & 116) users access to internet, I have 2 x Layer 3 switches (2960S) and 1 Cradlepoint Router (192.168.16.1/24). Each switch has both vlans configured with IP pools and Vlan 1 with diff. IPs assigned to both switches. I have knowledge of networking but not sure what I’m missing. Thanks for your help.

 

On each of the Switches I have the following IP assigned for the various vlans

 

Vlan 1: 192.168.16.2 255.255.255.0

Vlan 26: 192.168.26.1 255.255.255.0

Vlan 116: 192.168.116.1 255.255.255.0

 

Users on each vlan (26, 116) can ping eachother, everything except cannot ping router IP address and cannot access the internet though they have right IPs, Default Gateway from each vlan address,

 

Have IP routing enabled on both Switches. Vlan 1 and ports assigned under it by default (ie. Trunk ports) can access internet since its DHCP runs on the router.

 

On Router: - I have the following configs.

Ip route 192.168.26.0/24 192.168.16.1

Ip route 192.168.116.0/24 192.168.16.1

(Comment: No ACL, or anything else)

 

On Switch: - I have the following configs.

I have IP route 0.0.0.0 0.0.0.0 192.168.16.1.

More configs attached ie. Showing “sh run” config for both switches attached.

 

I'm really stuck rn, not sure what is missing, so any help is appreciated!

 

Labels:
Preview file
9 KB
Preview file
9 KB
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎03-31-2023 06:58 AM

Hi there,

your router has incorrect static routes. The static routes for VLANs 26 and 116 should have next-hop of the switch VLAN 1 IP:

 

Ip route 192.168.26.0/24 192.168.16.2
Ip route 192.168.116.0/24 192.168.16.2

 

Make the above changes, and you should find that your VLAN 26 and 116 hosts can now ping the router VLAN1 IP address successfully.

If you are lucky they may be able to reach an internet address via the router. If that does not work, check the routers NAT configuration that it permits all source IP subnets, or explicitly permit VLANs 26 and 116.

 

cheers,

Seb.

Bonushadow
Level 1
Level 1

‎04-03-2023 02:33 PM

Thanks Seb for responding, sorry if my initial statement wasn't that clear. All users on both vlan 26, 116 are able to reach the respective default gateway ie. 26.1 and 116.1 and Vlan 1 IP Address in both SW1 (16.2) and SW2 (16.3) but not the router (192.168.16.1) or reach internet.

I made the changes as suggested and created NAT on the route with rules to permit the advertised vlans, then it works now. Thank you for your help.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Bonushadow

‎04-03-2023 10:24 PM

Thanks for confirming that the changes suggested by Seb did provide a working solution. The issue about the static routes needed to be corrected (but this was a fairly trivial issue). The more significant issue was the need to provide NAT for the subnets of the new vlans.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card