2 Replies Latest reply on Feb 26, 2016 1:03 PM by eric17

    VLAN set up - 2nd vlan fails to access internet

    gtb New Member

      I have a Netvanta 3120 which had 1 vlan connected to all 4 switchports and all worked.  This was on subnet 192.168.15.192/26 with gateway 192.168.15.193; DHCP active in the 192.18.90.200 - 250 range.  I could access internet from any of these ports; DHCP would assign IP address in the proper subnet on all as they should

       

      I wanted to create a second VLAN, which I called VLAN90, which I configured on 192.168.90.192/26 with gateway 192.168.90.193; DHCP active in the 192.168.90.200 - 250 range just like I had on the default subnet.  I then set switch port 4 for VLAN90, leaving switch ports 1, 2, and 3 on the default vlan.

       

      When I connect pc to switch ports 1, 2, or 3, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.15.192/26 as I should; I can access internet, ping public DNS servers, and all works as it should.

       

      When I connect pc to switchport 4, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.90.192/26 as I should; I cannot access internet, ping public DNS servers, and nothing works as it should.  It acts like I am not being allowed to access the Internet - or like I did not enter the default gateway for VLAN 90 to find a way to the Internet.  I am probably missing something rather fundamental but I am stuck.  I would appreciate any guidance you can provide

       

      Below are the critical parts of the show run which may help

       

      ip firewall
      no ip firewall alg msn
      no ip firewall alg mszone
      no ip firewall alg h323
      !
      !
      !
      !
      !
      !
      !
      no dot11ap access-point-control
      !
      !
      !
      !
      ip dhcp pool "192.168.15.192/26"
        network 192.168.15.192 255.255.255.192
        dns-server 75.75.75.75 75.75.76.76
        default-router 192.168.15.193
        lease 0 4 0
        timezone-offset -5:00
      !
      ip dhcp pool "192.168.90.192/26"
        network 192.168.90.192 255.255.255.192
        dns-server 75.75.75.75 75.75.76.76
        default-router 192.168.90.193
        lease 0 4 0
      !
      !
      !
      !
      !
      !
      !
      vlan 1
        name "Default"
      !
      vlan 90
        name "Voice VLAN"
      !
      !
      interface eth 0/1
        description ComCast
        ip address  xx.zz.yy.dd  255.255.255.252
        ip access-policy Public
        crypto map VPN
        no awcp
        no shutdown
        no lldp send-and-receive
      !
      !
      interface switchport 0/1
        no shutdown
      !
      interface switchport 0/2
        no shutdown
      !
      interface switchport 0/3
        no shutdown
      !
      interface switchport 0/4
        no shutdown
        switchport access vlan 90
      !
      !
      !
      interface vlan 1
        description first vlan
        ip address  192.168.15.193  255.255.255.192
        ip access-policy Private
        no rtp quality-monitoring
        no shutdown
      !
      interface vlan 90
        description - visitor wired use
        ip address  192.168.90.193  255.255.255.192
        ip mtu 1500
        no awcp
        no shutdown
      !
      !
      !
      !
      ip access-list standard wizard-ics
        remark Internet Connection Sharing
        permit any
      !

      ip access-list extended self
        remark Traffic to UNIT
        permit ip any  any     log
      !
      !
      !
      !
      ip policy-class Private
        nat source list wizard-ics interface eth 0/1 overload

       

      !
      !
      ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
      !

        • Re: VLAN set up - 2nd vlan fails to access internet
          jayh Hall_of_Fame

          You don't have a policy allowing VLAN 90 to NAT to the Internet.

          I'm assuming that you don't want the visitor network on VLAN 90 to access resources on VLAN 15.

           

          Add the following:

           

          interface vlan 90

            ip access-policy Visitor

           

          ip policy-class Visitor

            nat source list wizard-ics interface eth 0/1 overload

          • Re: VLAN set up - 2nd vlan fails to access internet
            eric17 Employee

            I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

            Thanks,

             

            Eric