Cisco Switching/Routing :: SG-300 Vlan Unable To Access Internet
Apr 1, 2013
I am using a Cisco SG-300 28 port switch in layer 3 mode as my default gateway for all my devices. I have two vlans on the switch, vlan 1 and vlan 4. Both are pulling valid IP addresses in their scope from the DHCP server, and both have valid DNS settings. I set a static route to the Internet on the switch to our firewall (192.168.5.254). All devices connected to vlan 1 are able to access the Internet, however all devices connected to vlan 4 cannot get past the switch. A tracert from one of these devices shows it hits the switch as the gateway, but gets no further. [code]
View 4 Replies
ADVERTISEMENT
Mar 19, 2013
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
View 1 Replies
View Related
Oct 31, 2012
i have router 1841 have 2 interface.i make routing between vlan by subinterface in router and in switch trunk but vlan 5 cannot access internet
View 3 Replies
View Related
Feb 6, 2012
I have a 2960-S running the lastest software for testing on my bench:
[code]
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 24 WS-C2960-24-S 15.0(1)SE2 C2960-LANLITEK9-M
[/code]
I have set up VLAN 2 on 192.168.2.0/24 with the switch as the DHCP server. The switch is connected to an RV082 router which is at 192.168.1.65/27. Once I figure out what I doing I'll eventually shift that to 192.168.1.0/24 or something similar. So I have my switch acting as the DHCP server for VLAN 2 but I can't figure out how to get it to access the internet.
I found this example to set up the DHCP server:
[code]
###################################
this works to get vlan 2 to serve ips
conf t
[Code].....
The RV082 doesn't support trunks AFIK and I'm pretty much a newb at this stuff. TIA. I guess I should get a real router and I most likely will but I'd like to get this working if possible before taking the next plunge.
View 7 Replies
View Related
May 9, 2012
At the core of my network I have two Nexus 5548's with the routing/L3 daughter installed. They have a default route that points to my ASA 5520 for Internet access. I have configured a VLAN that I do not want to have access to the Internet. What is the best way of preventing this access? ACL on the Nexus or Firewall rules on the ASA?
View 1 Replies
View Related
Feb 25, 2013
I have installed the six new WAP with model Cisco AIR-SAP2602I-E-K9, and we have two SSID for the new WAPs. When the users are connected to this WAP they can able to access the intranet but not able to access the internet. What could be the problem? I have checked and verify that they can able ping to the IP address of google from the CMD but when try from internet explorer they are fail (both with www.google.com & with IP address of google).
View 2 Replies
View Related
Feb 23, 2012
I have configured vlans in 3560G switch but vlans notable to accessing Internet
View 6 Replies
View Related
Apr 8, 2013
Any issue creating a guest vlan to use the WIFI on an 891W router? The IOS is version 15.1. I have created discreet Vlan's and setup subinterfaces on both the WLAN_AP0 and GigaEthernet 0 interfaces with dot1q encapsulation. The client will receive an IP from the pool but cannot ping or connect beyond the default gateway.
The external interface is using Nat overload and all wired clients are successful in connecting to outside addresses. I have insert a permit any statement in the acl which affects the external port but still no success.
View 7 Replies
View Related
Apr 28, 2012
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
View 17 Replies
View Related
Mar 11, 2012
We have a 3750 and a 3560 defined as a layer 2 switches. One gig port on each switch is trunked to layer 3 switches, which containall the VLAN definitions etc. The other gig port on the 3650 and 3750 switches are trunked together to provide an alternative path in the event of a failure.
We have added a new device to the 3750 and given it a VLAN 9, and the VLAN added to allowable VLANS on both trunk ports between the layer 3 and layer 2 devices ie:
switch port trunk allowed vlan 9,10,20,30,40,50,60,90,200,202,206,211,212,700.
From either of the 3750 or the 3560 we can ping any device on any VLAN on any switch in this group with exception ofVLAN 9. We can however ping the ip address of VLAN 9 on the layer three switches.
View 2 Replies
View Related
Feb 4, 2012
i am stuck in a issue! unable to ping the SVI
i am design a small network for a office.
1 router 2811
1 switch 3750-e
Router is connected to the mpls cloud with ospf.
here re the config.
Router#
int fa0/0
ip 10.10.10.1 255.255.255.252
[Code]....
i connect my laptop and give ip 22.0.68.1 255.255.255.0 and default gateway 22.0.68.251but can not ping SVI VLAN 201 (22.0.68.251) ?
and from the SWITCH i can not ping the 20.20.20.2?
View 38 Replies
View Related
Feb 4, 2013
i configured the VLAN810, with DHCP services, while i try to ping the host which is connected to gi 1/0/2 from my gi 1/0/1 , i can't ping the same vlan host , while i try to debug ip icmp its showing ,
C3750XB11#sh running-config
Building configuration...
Current configuration : 12053 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
[code]....
View 5 Replies
View Related
Apr 6, 2012
I have a Nexus 5548 installed (layer 2 device only) with several 10G ports supporting IBM P770 systems and a TSM (Tivoli Storage Manager) system on a single VLAN. All of the Nexus 5548 ports are configured for jumbo frames. I was ask to install a new server on the same VLAN as the others but as 1G port without jumbo frames to allow communications with the TSM server. I'm assuming that the 1G port for this new server without jumbo frames configured on the Nexus 5548 will not be unable to communicate with the TSM server that is on the same VLAN with it's Nexus 5548 10G port configure using jumbo frames.
View 5 Replies
View Related
Jun 23, 2012
I am not able to create more than 256 VLAN in Cisco Nexus 5010 switch. While creating I am getting "No VLAN resources available for VLAN creation" Details below -
Switch model - 5010
Software : NX OS 4.0 (1a)
Error Message:
Nexus_5010(config)# vlan 417
ERROR: No VLAN resource available for VLAN creation.
View 5 Replies
View Related
Jul 10, 2012
Yesterday I configured the 7010 Nexus switch. I created a VDC and allocated few ports and configured VLAN for testing. After enabling feature interface-vlan i was allowed to configured L3 interface for the vlan. I assigned ip address and connected few server to check the reachability but it says Destination Host Unreachable.
NX OS Ver : n7000-s1-dk9.5.2.4.bin
Configuration of the VDC below.
feature telnet
feature udld
feature interface-vlan
feature lacp
[Code]....
View 2 Replies
View Related
May 19, 2013
I am unable to connect a Wifi Modem wiith 2960 Switch having VLAN 1,Attached is the network diagram,what configurations i have to modified it,I need to Connect A Wifi Modem on VLAN 1 ,Connectivity is working fine between VLAN 10 and VLAN 1.What should be the next step to Connect Wifi Modem to VLAN 1 so that Users on VLAN 10 should connect to Internet.
View 14 Replies
View Related
Apr 22, 2012
Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
sh boot
coreswitch#sh boot
BOOT path-list : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin
[Code].....
View 9 Replies
View Related
May 27, 2013
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
View 11 Replies
View Related
Aug 23, 2009
Aug 24 11:32:16.275 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to down
Aug 24 11:32:36.827 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to up
Aug 24 11:35:23.854 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1/2, changed state to down
Aug 24 11:35:24.854 AEST: %LINK-3-UPDOWN: Interface FastEthernet0/1/2, changed state to downesw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)
esw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)(code)
When the above problem happens, as work-around, we delete VLAN.DAT file on the Compact Flash of this 2811 router and recopy the VLAN>DAT file back to teh Compact Flash.
Then it runs for a few weeks and the same problem happened.
Then we put a new Compact Flash and recopied VLAN.DAT to new CF and it ran for 3 weeks and same problem started again.
Could be 2811 router motherboard? This customer has thousands of these 2811 routers in identical setups and this is the only router that is having this problem.
View 6 Replies
View Related
Jul 24, 2012
Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.
View 2 Replies
View Related
Apr 2, 2013
We are having Cisco router 1002 ASR and 2841 switch. Some times perticular VLAN user will not be able to access the network but from the same switch others VLAN users can able to access. We were getting ARP entries in router but we cannot ping the IP's. Even we clear the ARP entries. Once we restart the switch users can access the network. We have changed vlan ports, uplink too. but problem not solved. and we observed CPU utilization will be going 70-80% some times and at same time switch hangs.
View 3 Replies
View Related
Feb 20, 2013
We have 3 VLAN in our cisco 3750G switch. VLAN 1 10.1.0.0/24 for domain network, VLAN 2 10.2.0.0/24 for student and VLAN 3 10.3.0.0/24 for public. We have one printer 10.3.0.206 in the VLAN 3 and want to allow student server 10.2.0.253 in the VLAN 2 to access the printer. How can we configure access-list? Here is current configuration.
ip access-list extended publicaccess
permit icmp any any
permit ip any host 10.2.0.253
permit tcp any any established log
deny ip 10.3.0.0 0.0.0.255 10.1.0.0 0.0.0.255
deny ip 10.3.0.0 0.0.0.255 10.2.0.0 0.0.0.255
View 9 Replies
View Related
Sep 5, 2012
Extended IP access list VLAN20
10 permit tcp any any established
11 permit icmp any any
20 permit tcp any 192.168.20.0 0.0.0.255 eq 80
30 permit tcp any 192.168.20.0 0.0.0.255 eq 443
40 deny ip any any log
[code].....
Above is the network diagram and access list for VLAN 20 and VLAN 30, applied on incoming direction of each valn.But still able to access other port which is not on access list, tried changing the direction with no luck.Inter vlan routing is enabled on CoreSwitch default router is 192.168.10.10
View 5 Replies
View Related
Dec 11, 2011
We have a group of computers on their own VLAN. A router allows internet access while keeping them sandboxed. We don't want them accidentally connect to our production network. We blocked their wireless MACs in unauthorized WAPs. I'd like to do the same thing for their ethernet MACs on our switches, (a mixture of 2950,2960 and 2960G currently testing on C2960-LANBASE-M, Version 12.2(25)SEE2). I've been unable to locate the correct method on google, by searching these boards or in the command reference.
What is the best practice for blocking a group of MACs from accessing a particular VLAN on a network consisting of several Layer 2 Switches?
View 4 Replies
View Related
Apr 2, 2012
We have 2 internet connections- one for production and one as a backup. The backup connection will be used for allowing guest visitors on a wireless network that is on a seperate VLAN.
We have the following networks:
VLAN 1 production, 192.168.1.0
VLAN 10 backup internet connection, 192.168.100.0, Interface 100.2
VLAN 41 wireless guests, 192.168.41.0, interface 41.1
VLAN routing provided by Dell 6224 switch and other switching is Cisco 2970 (L2) switches.Backup Internet router is SMC (Comcast)
I would like to allow clients on VLAN 41 access the internet connection in VLAN 10 at 192.168.100.1. Clients on VLAN 41 can PING and trace to the default gateway 100.1. VLAN 41 clients are also able to get DHCP info from VLAN 1. NSlookup fails when using the ISP DNS servers. NSlookup is suscessful when using our internal DNS servers, but web pages are not returned. It eventually fails.We've tried to set the DFGW on the clients to both 41.1 and 100.1 with no success.
100.2 know where to find 41.1 interface for the 41.0 network. The router/gateway can PING the clients on VLAN 41, 192.168.41.0 network and visa-vera.
It seems like the clients are not able to get through 100.1 to the internet or the gateway/router doesn't know how to get packets back to the clients.A static entry was made on the router that mapped back to the next hop at 100.2. 1 Someone alluded to a NAT issue, where the returning packets have information for the 100.0 network only and the internet router doesn't know to send the packets through to the 41.1 interface to the clients.
View 2 Replies
View Related
Feb 6, 2013
I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
View 2 Replies
View Related
May 26, 2013
I have a cisco 876 with, c870-adventerprisek9-mz.124-6.T9.bin. I have configured a VLAN with ID 230, an SVI with IP 192.168.230.1/24 and I have assigned switch port fa 2 to it…
interface Vlan230
ip address 192.168.230.1 255.255.255.0
VLAN ISL Id: 230
[Code]......
View 5 Replies
View Related
Mar 18, 2013
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
View 3 Replies
View Related
May 19, 2013
In my core Switch,there are 2 v LAN(V LAN 1 & V LAN 2)my switch is Cisco 4948,so be default ip routing is enable in it. My all servers (DHCP,HTTP,HTTPS) are in v LAN 1 & internet is also in v LAN 1.
My requirement is that v LAN 1 user should not communicate with the v LAN 2 and vice versa. But the v LAN 2 users need an access of all servers and internet which is in v LAN 1. How to configure the access-list. I have try on Packet tracer which i have attached.
note:v LAN 2 user should get the IP from dhcp server which is in vlan1.
View 4 Replies
View Related
Feb 3, 2013
The field engineer has a stand alone 24 port 2900 series switch that he has different equipment connected to and are segmented using VLANs. So for example, he's got ports 1-4 assigned to VLAN 10, 5-12 assigned to VLAN 20, 13-19 assigned to VLAN 30 and 20-24 assigned to VLAN 40. He would like all the gear on VLAN 30 to have the ablity to talk to all of the other VLANS, but VLAN 40 should not be allowed to talk with any other VLAN. Trunking would do no good here since the switch isn't connected to anything and you can only assign one VLAN per port.
Is there a way to do this within the stand alone switch? The only possible way I could think of would be to ensure that each VLAN has an assigned IP number (subnet) and doing this through access lists.
View 2 Replies
View Related
Feb 21, 2012
cant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
View 5 Replies
View Related
Jan 14, 2013
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
View 14 Replies
View Related
Sep 24, 2012
Have multiple Catalyst 2960S switches, Cisco 2911 router and ASA 5510 firewall.
On the router have subinterfaces created for the VLAN's Int FA0.0/41 for wirless VLAN setup with IP 10.10.41.100 Int FA0.0/60 for new Voice VLAN setup with IP 10.10.60.100 Internal network is 10.10.10.0/24 and LAN IP of router is 10.10.10.100 Have default route setup to push traffic from the router to the firewall ip route 0.0.0.0 0.0.0.0 10.10.10.251
On the firewall have added the new VLAN 10 (10.10.60.0) to the network object-group Have configured route inside command route 10.10.60.0 255.255.255.0 10.10.10.100 1 Have also added the NAT command nat (inside) 1 10.10.60.0 255.255.255.0
On the 2960 I have my laptop connected to port 45 and I have it configured as follows switchport mode access switchport access vlan 10
I assign my computer a static IP address of 10.10.60.84/255.255.255.0/10.10.60.100 with 10.10.10.11 as DNS server. When I do this, I can ping anything on the 10.10.60.0 network, I can ping anythign on the LAN 10.10.10.0 network. I am able to connect MSN messenger, I am able to do NSLOOKUP and get outside IP addresses to resolve. I am unable to browse the Internet though. I am not sure where the problem is at though. It doesn't make sense to me, as it is setup the same way as VLAN 41 which is the wireless network, and when users connect to that, they get out to the Internet with no issues.
View 15 Replies
View Related
