No internet access on VLAN

Question

I'm trying to setup VLAN on my TL-SG3210 (3.0). I created simple VLAN:

vlan 10
  name "vlan10"

Then, I assigned port 2 & 3 to VLAN. I also created interface:

interface vlan 10
  ip address 192.168.75.1 255.255.255.0
  no ipv6 enable
  ip helper-address 192.168.55.1

(192.168.55.1 is my router's default gateway).

I routed traffic from 192.168.75.0 to 192.168.55.38 (my switch's IP, ex. VLAN1 interface IP)

ip route 192.168.75.0 255.255.255.0 192.168.55.38

I also created DHCP pool and configured DHCP Interface Relay, but it works perfect.

service dhcp server
  ip dhcp server pool "pool"
  network 192.168.75.0 255.255.255.0
  default-gateway 192.168.75.1

Finally, I'm getting IP from my pool, but I cannot connect to internet. I only can connect to 192.168.75.1 (it returns web management page of my switch.

When I want to ping 8.8.8.8, I got this error: From 192.168.75.x Destination Host Unreachable. I already have created this routing: ip route 0.0.0.0 0.0.0.0 192.168.55.1

What I'm doing wrong? Please advise me! Thanks!

Config here.

I cannot access internet from my VLAN10

!TL-SG3210

vlan 10
 name "vlan10"

service dhcp server
ip dhcp server pool "pool"
network 192.168.75.0 255.255.255.0
default-gateway 192.168.75.1

# I tried this:
ip route 192.168.75.0 255.255.255.0 192.168.55.38
# And this:
ip route 0.0.0.0 0.0.0.0 192.168.55.38

service dhcp relay

interface vlan 1
  ip address-alloc dhcp
  no ipv6 enable

interface vlan 10
  ip address 192.168.75.1 255.255.255.0
  no ipv6 enable
  ip helper-address 192.168.55.1
  
interface gigabitEthernet 1/0/2
  switchport general allowed vlan 10 untagged
  switchport pvid 10
  
interface gigabitEthernet 1/0/3
  switchport general allowed vlan 10 untagged
  switchport pvid 10

end

Please add the complete, sanitized configuration (obscuring public IP addresses and other sensitive information) and details to your network to your question. Also, make clearer what does work, what you've changed and what doesn't work now. As it is, we can't find out what you're trying to do. — Zac67, Commented May 12, 2021 at 9:02

Ron Trunk · Accepted Answer · 2021-05-12 12:25:19Z

2

There are at least two things wrong here:

Your router (192.168.55.1) does not have a route to 192.168.75.0. You need to configure this route on your gateway router.
You've created a DHCP server for the local subnet, but you also have ip helper configured on the router interface. Pick one or the other.

answered May 12, 2021 at 12:25

Ron Trunk

67.8k5 gold badges65 silver badges126 bronze badges

I have some questions. 1 - how this route should look like? 2 - do you mind I should remove ip helper-address field?
– ThatCoolGuy
Commented May 12, 2021 at 17:38
1. I don't know what kind of router you have, but it should be something like 192.168.75.0/24 next hop 192.168.55.38. 2. If you don't have your DHCP server on the router, then yes, remove it
– Ron Trunk
Commented May 12, 2021 at 17:49
My router is a standard desktop router. But I will try to set it up on my switch. I also have DHCP enabled on router, so I will leave it as it is.
– ThatCoolGuy
Commented May 12, 2021 at 18:18
I created route: 192.168.75.0/24 192.168.55.38. Still cannot access internet :/ Any ideas?
– ThatCoolGuy
Commented May 12, 2021 at 18:54
the route DOES NOT go on your switch. It must be on the router
– Ron Trunk
Commented May 12, 2021 at 19:02

Add a comment |

Zac67 · Accepted Answer · 2021-05-12 08:55:05Z

0

I routed traffic from 192.168.75.0 to 192.168.55.38

ip route 192.168.75.0 255.255.255.0 192.168.55.38

What you're doing here might break connectivity for the local subnet. Note that the first parameter is the destination network prefix, not the source. To set up the default route, use 0.0.0.0/0 as destination (likely you've done that already long since), e.g.

ip route 0.0.0.0 0.0.0.0 192.168.55.38

(for prefix 0.0.0.0 mask 0.0.0.0 as destination, matching any address, use 192.168.55.38 as gateway)

You need to set up routes to remote subnets. A locally connected subnets is already known by its connecting interface.

Plain routing is by destination in general. If you really need to route by source subnet you need to use policy routes.

edited May 12, 2021 at 8:55

answered May 12, 2021 at 7:58

Zac67♦

85.8k4 gold badges71 silver badges137 bronze badges

I already have created this routing: ip route 0.0.0.0 0.0.0.0 192.168.55.1. I have internet access on my default VLAN (VLAN1). I can't ping any external website from my VLAN10
– ThatCoolGuy
Commented May 12, 2021 at 8:52

Add a comment |

Mang LyricKo · Accepted Answer · 2021-06-10 17:38:23Z

0

in your switch is that an L3 or L2

i think the problem maybe the tagging of vlan or maybe the configuration of vlan to hop in next address

example:

Port1 Vlan 1 - 192.168.55.0 untag Port 2 Vlan 10 - 192.168.75.0 untag

the concept sometimes is you untag the vlan 10 in port 2 then tag to port 1 so the port should be look like this

Port 1 untag vlan 1 tag vlan 10 port 2 untag vlan 10

answered Jun 10, 2021 at 17:38

Mang LyricKo

1

Add a comment |

Stack Exchange Network

No internet access on VLAN

3 Answers 3

Not the answer you're looking for? Browse other questions tagged
switch
vlan
layer2
or ask your own question.

Hot Network Questions

No internet access on VLAN

3 Answers 3

Not the answer you're looking for? Browse other questions tagged switchvlanlayer2 or ask your own question.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
switch
vlan
layer2
or ask your own question.