Re: Routing between internet and VLANs

vikrant · ‎01-02-2009

Hi, Happy new year to all of you!!!Hi,

I have a small issue!

While deploying a Cisco Catalyst 3560, 24 10/100/1000 port switch in the LAN I am facing some routing problems.

The switch is configured with 3 VLANs, and DHCP for the respective VLANs.

VLAN A - (Users): 10.185.34.1/24

VLAN B - (Servers and printer) 10.185.7.1/25

VLAN C - (ADSL/ 3G modem) 10.185.1.1 /25

The Internet device (a 3G modem) is configured with IP address:

10.185.1.5 / 255.255.255.0 / 0 (without any default gateway).

When the clients are connected to the respective switch ports (VLAN A) they are leased the following IP address : 10.185.34.10 / 255.255.255.0 / 10.185.34.1 (Dynamically) and are able to access the network resources like the server and the printers (in VLAN B) but not the internet.

On the contrary, if I statically configure the client's IP address and assign the following:

10.185.34.10 / 255.255.255.0 / 10.185.1.5 (Statically), the clients are able to browse the internet but not able to access the network resources.

How can I allow my clients to browse the net as well as use the network resources simultaneously?

I have defined an explicit routing 0.0.0.0 0.0.0.0 10.185.1.5

Could someone please assist in solving this issues.

Thanks a ton..

Regards

Vik

steve_steele · ‎01-02-2009

Hi

The users and servers should be configured with the local 3560 VLAN interface IP address as their default gateway.

If the 3G Modem is routing it will need to know how to get back to VLAN A & B.

Adding routes to the 3G device directing return traffic destined for 10.185.34.0/24 and 10.185.7.0/25 back to the 3560 (10.185.1.1) should solve the issue.

Hope this helps

Steve

vikrant · ‎01-03-2009

Dear Steve,

Thanks for your responce.

I tried tto enter the routers manually before but my 3G internet modem is not allowing to enter any static routes. I am using a sony erricson 3G internet modem. It has only a web interface . Doesnot allow telent also.

We have already applied for ADSL line and then we can put a ADSL router / firewall and solve this issue. but rright now how can we get rid of this perticular situation.

Please advice.

Regards

Vikrant

Jon Marshall · ‎01-03-2009

Vikrant

Assuming you only want the user vlan to be able to access the Internet a temporary solution if you cannot add routes to the 3G internet modem is to put the internet modem into the same vlan as the user vlan. That way the modem would know how to get to the client devices.

Security would be a concern though, altho it's not clear at the moment whether you have any acl's in use on the 3560.

Jon

vikrant · ‎01-03-2009

Dear Jon,

Thanks. I have done exactly what you have said.

I have put the modem in the same VLAN as of the users. But still for the users, the switch is dynamically assigning IP addresses with 10.185.34.1 as the default gateway whereas the modem IP address is 10.185.34.100. Therefore to make the internet work I had to manually assign IP address to the clients with default gateway as 10.185.34.100. And by doing so, the net is working but users are not able to access any of the network resources. Which are in the server VLAN.

Regards

Vik

Jon Marshall · ‎01-03-2009

Vik

You need to change the default route on the 3560 switch ie.

ip route 0.0.0.0 0.0.0.0 10.185.34.100

Jon