12-08-2006 02:26 PM - edited 03-03-2019 02:58 PM
ok. I have a Catalyst 3650 with 6 vlans. dot1q trunking is set on GigabitEthernet 0/1, and i have "ip route 0.0.0.0 0.0.0.0 x.x.623.33" (my isp gateway) set up on it.
All my vlans are able to ping eachother. And I CAN ping out and get a full connection to the internet when connected to vlan 1 (same vlan as gigabiteternet 0/1 my trunk port). My problem is that none of my devices in any of my other vlans are ables to connect to the outside world.
here is the relevant info from my config file
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3 through 0/6
switchport access vlan 2
!
interface GigabitEthernet0/7 through 0/12
switchport access vlan 3
!
interface GigabitEthernet0/13 through 18
switchport access vlan 4
!
interface GigabitEthernet0/19 - 0/24
switchport access vlan 5
!
interface GigabitEthernet0/25 - 0/28
switchport access vlan 6
!
interface Vlan1
ip address 77.x.x.34 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
!
interface Vlan6
ip address 192.168.6.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 77.633.623.33
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
any help would be awesome, cheers ^
12-08-2006 02:28 PM
*note* I fabricated my isp gateway and vlan 1's ip for security reasons on this post, just pretend like they're valid =P
12-08-2006 09:38 PM
requesting to post
1.sho ip route
2.sho trunk
3.sho ip int brief
12-09-2006 08:50 AM
What's that IP 77.x.x.34 on your vlan1 interface. Is that a typo mistake or what ? I havenot come across any ip address like that. Please verify on this.
-amit singh
12-09-2006 09:04 AM
Hi
I believe that the IP 77.x.x.x is a live ip irrespective of what mistake it contains.I am afraid that you need to enable NAT on the switch so that your private IPs should be able to pass through public IPs and the problem is 3560 DOES NOT SUPPORT NAT.....
http://www.cisco.com/warp/public/473/166.html
You need a router to do the needful for u...
Pls rate helpfull posts.
Regards
JD
12-09-2006 09:53 AM
You need to translate the IP addresses of the private networks acceptable to the internet provider.
The VLAN 1 is connected to the intenet directly and routerable. All others are private networks and will be dropped by the internet provider.
12-09-2006 04:42 PM
The IP 77.633.632.x is NOT a real IP, the number 633 is not even Valid because its above 255. That's regardless though, pretend like it is real, I changed it to that because I didn't wan't to post my the real IPs for security reasons
Also, It's a layer 3 switch, so it can do routing. vlan 1 has a routable IP and acts as the gateway for the other subnets with the comman "ip route 0.0.0.0 0.0.0.0 my.isp.gate.way" . In all respects the devices in the other subnets should be connecting out. For some reason they're not though
12-09-2006 09:51 PM
Hi,
If your ips in other vlans are the same ip's in your network , then your ISP would not route your private ips to internet . You need to do a nat of the private ip's so that they go out with the public ip you have.
Pls go through this doc for ref:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml
Hope this helps
regards
vanesh k
12-09-2006 11:08 PM
yep i do agree with vanesh.great.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide