Catalyst 3650, Vlans can Ping eachother, but not the internet

eiclectis · ‎12-08-2006

ok. I have a Catalyst 3650 with 6 vlans. dot1q trunking is set on GigabitEthernet 0/1, and i have "ip route 0.0.0.0 0.0.0.0 x.x.623.33" (my isp gateway) set up on it.

All my vlans are able to ping eachother. And I CAN ping out and get a full connection to the internet when connected to vlan 1 (same vlan as gigabiteternet 0/1 my trunk port). My problem is that none of my devices in any of my other vlans are ables to connect to the outside world.

here is the relevant info from my config file

no aaa new-model

ip subnet-zero

ip routing

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3 through 0/6

switchport access vlan 2

!

interface GigabitEthernet0/7 through 0/12

switchport access vlan 3

!

interface GigabitEthernet0/13 through 18

switchport access vlan 4

!

interface GigabitEthernet0/19 - 0/24

switchport access vlan 5

!

interface GigabitEthernet0/25 - 0/28

switchport access vlan 6

!

interface Vlan1

ip address 77.x.x.34 255.255.255.0

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

!

interface Vlan3

ip address 192.168.3.1 255.255.255.0

!

interface Vlan4

ip address 192.168.4.1 255.255.255.0

!

interface Vlan5

ip address 192.168.5.1 255.255.255.0

!

interface Vlan6

ip address 192.168.6.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 77.633.623.33

!

control-plane

!

line con 0

line vty 5 15

!

end

any help would be awesome, cheers ^

eiclectis · ‎12-08-2006

*note* I fabricated my isp gateway and vlan 1's ip for security reasons on this post, just pretend like they're valid =P

rajivrajan1 · ‎12-08-2006

requesting to post

1.sho ip route

2.sho trunk

3.sho ip int brief

amit-singh · ‎12-09-2006

What's that IP 77.x.x.34 on your vlan1 interface. Is that a typo mistake or what ? I havenot come across any ip address like that. Please verify on this.

-amit singh

desai.jaideep · ‎12-09-2006

Hi

I believe that the IP 77.x.x.x is a live ip irrespective of what mistake it contains.I am afraid that you need to enable NAT on the switch so that your private IPs should be able to pass through public IPs and the problem is 3560 DOES NOT SUPPORT NAT.....

http://www.cisco.com/warp/public/473/166.html

You need a router to do the needful for u...

Pls rate helpfull posts.

Regards

JD

weslin · ‎12-09-2006

You need to translate the IP addresses of the private networks acceptable to the internet provider.

The VLAN 1 is connected to the intenet directly and routerable. All others are private networks and will be dropped by the internet provider.

eiclectis · ‎12-09-2006

The IP 77.633.632.x is NOT a real IP, the number 633 is not even Valid because its above 255. That's regardless though, pretend like it is real, I changed it to that because I didn't wan't to post my the real IPs for security reasons

Also, It's a layer 3 switch, so it can do routing. vlan 1 has a routable IP and acts as the gateway for the other subnets with the comman "ip route 0.0.0.0 0.0.0.0 my.isp.gate.way" . In all respects the devices in the other subnets should be connecting out. For some reason they're not though

network.king · ‎12-09-2006

Hi,

If your ips in other vlans are the same ip's in your network , then your ISP would not route your private ips to internet . You need to do a nat of the private ip's so that they go out with the public ip you have.

Pls go through this doc for ref:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

Hope this helps

regards

vanesh k

rajivrajan1 · ‎12-09-2006

yep i do agree with vanesh.great.