4

i have a question/problem. i have a local router with default-gateway 192.168.3.254, now on my layer 3 switch 3560 i configure 3 vlans.

vlan 10 - data /ip address 192.168.10.254 255.255.255.0

vlan 20 - server /ip address 192.168.20.254 255.255.255.0

vlan 30 - mgt /ip address 192.168.30.254 255.255.255.0

pc1 connected to gig0/5 vlan 10 ip address 192.168.10.5 255.255.255.0

pc2 connected to gig0/10 vlan 20 ip address 192.168.20.10 255.255.255.0

pc3 connected to gig0/20 vlan 30 ip address 192.168.30.20 255.255.255.0

on switchport gig0/1 which the router is connected i issued no switchport command and give it ip 192.168.3.90 255.255.255.0

enable ip routing ip route 0.0.0.0 0.0.0.0 192.168.3.254

inter-vlan routing on all pc's are working fine, but neither of the 3 pc is unable to connect to internet..

pls guide me, thank you.

Improve this question
1
  • 1
    Are you NATting each of these subnets before they get to the "real" internet router? Wherever you cross the boundary between private IP and the public IPs of the Internet, you'll have to NAT them.
    – A J Rossington
    Commented Dec 23, 2016 at 12:17

5 Answers 5

Reset to default
7

Your router doesn't know how to route to your 3 vlans. When it receives a packet for 192.168.10.5, for example, it doesn't know where to forward it.

You need to configure static routes on your router like this (exact syntax depends on your model of router):

ip route 192.168.10.0 255.255.255.0 192.168.3.90
ip route 192.168.20.0 255.255.255.0 192.168.3.90
ip route 192.168.30.0 255.255.255.0 192.168.3.90
Improve this answer
0

Actually to access internet from VLANs you need to configure NAT, but only some Cisco layer 3 switches (i.e 6500,6000 and 5500) supports NAT. That's why for the cisco layer 3 switches which don't support NAT in that case we can apply dynamic routing protocol (EIGRP) both in cisco layer 3 switch and in the router to access internet. The common problem is VLAN 1 can access internet but other VLANs can't access internet, in this case if you apply EIGRP routing in both Cisco router and in cisco layer 3 switch then the router and other VLANs will access each other through dynamically detecting the VLAN 1 interface IP address.

The whole process has been precisely described in the following youtube video:

Configure VLAN | Allow VLANs to Access Internet

https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1

Cisco Router Configuration:

configure terminal
interface gigabitEthernet 0/0
no shutdown
ip address dhcp
exit

interface gigabitEthernet 0/1
ip address 192.168.2.1 255.255.255.0
no shutdown
exit

ip dhcp pool mainuser
network 192.168.2.0 /24
default-router 192.168.2.1
dns-server 8.8.8.8
exit

ip route 0.0.0.0 0.0.0.0 192.168.1.1

interface gigabitEthernet 0/0
ip nat outside
exit

interface gigabitEthernet 0/1
ip nat inside
exit

ip access-list standard 1
permit any
exit

ip nat inside source list 1 interface gigabitEthernet 0/0 overload
exit

Applying Dynamic Routing EIGRP in Cisco Router:

router eigrp 10
network 192.168.2.0 255.255.255.0
exit

Configuration in Switch part:

enable
configure terminal
vlan 10
name hr
exit

vlan 20
name it
exit

interface range fastEthernet 0/13-18
switchport mode access
switchport access vlan 10
no shutdown
exit

interface range fastEthernet 0/19-24
switchport mode access
switchport access vlan 20
exit

interface vlan 10
ip address 192.168.3.1 255.255.255.0
exit

interface vlan 20
ip address 192.168.4.1 255.255.255.0
exit

Applying Inter VLAN Routing in Cisco Switch:

configure terminal
ip routing
exit

Applying Static Routing in Cisco Switch to Cisco Default Router:

ip route 0.0.0.0 0.0.0.0 192.168.2.1
exit

Applying Dynamic Routing EIGRP in Cisco Router:

configure terminal
router eigrp 10
network 192.168.3.0 255.255.255.0
network 192.168.4.0 255.255.255.0
network 192.168.2.0 255.255.255.0
exit

https://www.youtube.com/watch?v=-JeubKTW8-w

Improve this answer
0

In your router use command to search the routes for your internal Vlans.

Example :
sh ip route | in 192.168.10

If it shows blank, then you have to add reverse route from Internet Router towards Cisco Switch 3560 Interface for all vlans.

Hope, This is Helpful!!!!!!!

Improve this answer
-2

Router >>>> ip route 0.0.0.0 0.0.0.0 [interface]

Switch >>> ip default gateway is the router ip address

It should work

Improve this answer
1
  • This will send everything back to the L3 switch, including packets you are trying to send out to the Internet (thus creating a routing loop)
    – Peter Green
    Commented Aug 13, 2016 at 22:54
-3

Add three routes on router:

ip route 192.168.10.0 255.255.255.0 Gig0/0
ip route 192.168.20.0 255.255.255.0 Gig0/0
ip route 192.168.30.0 255.255.255.0 Gig0/0
Improve this answer
1
  • That won't work. The routes require a gateway, not just an egress interface.
    – Zac67
    Commented Apr 23, 2021 at 6:18

Not the answer you're looking for? Browse other questions tagged or ask your own question.