×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Catalyst 3650, Vlans can Ping eachother, but not the internet

Unanswered Question
Dec 8th, 2006
User Badges:

ok. I have a Catalyst 3650 with 6 vlans. dot1q trunking is set on GigabitEthernet 0/1, and i have "ip route 0.0.0.0 0.0.0.0 x.x.623.33" (my isp gateway) set up on it.

All my vlans are able to ping eachother. And I CAN ping out and get a full connection to the internet when connected to vlan 1 (same vlan as gigabiteternet 0/1 my trunk port). My problem is that none of my devices in any of my other vlans are ables to connect to the outside world.


here is the relevant info from my config file


no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3 through 0/6

switchport access vlan 2

!

interface GigabitEthernet0/7 through 0/12

switchport access vlan 3

!

interface GigabitEthernet0/13 through 18

switchport access vlan 4

!

interface GigabitEthernet0/19 - 0/24

switchport access vlan 5

!

interface GigabitEthernet0/25 - 0/28

switchport access vlan 6

!

interface Vlan1

ip address 77.x.x.34 255.255.255.0

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

!

interface Vlan4

ip address 192.168.4.1 255.255.255.0

!

interface Vlan5

ip address 192.168.5.1 255.255.255.0

!

interface Vlan6

ip address 192.168.6.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 77.633.623.33

!

!

control-plane

!

!

line con 0

line vty 5 15

!

end


any help would be awesome, cheers ^

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
eiclectis Fri, 12/08/2006 - 14:28
User Badges:

*note* I fabricated my isp gateway and vlan 1's ip for security reasons on this post, just pretend like they're valid =P

rajivrajan1 Fri, 12/08/2006 - 21:38
User Badges:
  • Bronze, 100 points or more

requesting to post

1.sho ip route

2.sho trunk

3.sho ip int brief




amit-singh Sat, 12/09/2006 - 08:50
User Badges:
  • Blue, 1500 points or more

What's that IP 77.x.x.34 on your vlan1 interface. Is that a typo mistake or what ? I havenot come across any ip address like that. Please verify on this.


-amit singh

desai.jaideep Sat, 12/09/2006 - 09:04
User Badges:
  • Gold, 750 points or more

Hi


I believe that the IP 77.x.x.x is a live ip irrespective of what mistake it contains.I am afraid that you need to enable NAT on the switch so that your private IPs should be able to pass through public IPs and the problem is 3560 DOES NOT SUPPORT NAT.....


http://www.cisco.com/warp/public/473/166.html


You need a router to do the needful for u...


Pls rate helpfull posts.


Regards


JD

weslin Sat, 12/09/2006 - 09:53
User Badges:

You need to translate the IP addresses of the private networks acceptable to the internet provider.


The VLAN 1 is connected to the intenet directly and routerable. All others are private networks and will be dropped by the internet provider.


eiclectis Sat, 12/09/2006 - 16:42
User Badges:

The IP 77.633.632.x is NOT a real IP, the number 633 is not even Valid because its above 255. That's regardless though, pretend like it is real, I changed it to that because I didn't wan't to post my the real IPs for security reasons


Also, It's a layer 3 switch, so it can do routing. vlan 1 has a routable IP and acts as the gateway for the other subnets with the comman "ip route 0.0.0.0 0.0.0.0 my.isp.gate.way" . In all respects the devices in the other subnets should be connecting out. For some reason they're not though

network.king Sat, 12/09/2006 - 21:51
User Badges:
  • Silver, 250 points or more

Hi,


If your ips in other vlans are the same ip's in your network , then your ISP would not route your private ips to internet . You need to do a nat of the private ip's so that they go out with the public ip you have.


Pls go through this doc for ref:


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml


Hope this helps


regards

vanesh k

rajivrajan1 Sat, 12/09/2006 - 23:08
User Badges:
  • Bronze, 100 points or more

yep i do agree with vanesh.great.

Actions

This Discussion