No Internet Access over VLAN 1

[ProUser]

Hi,

This is my first post here so hope to find a solution from you guys..

I have a Netgear L3 Managed switch (GSM7324) and have configured 3 VLANs over it. But for some reason I am unable to access the internet through the VLANs. I am using a BT Business Router (BT2700HGV)

My config is as below:

VLAN 1 (Default) IP 169.254.100.100 Ports 12-24
VLAN 2 192.168.1.254 for connection to the Internet ADSL port 11
VLAN 3 192.168.2.1 port 1-5 and
VLAN 4 192.168.3.1 port 6-10

I have enabled default routing on the Switch to my ADSL Modem (192.168.1.1). I have also added two static routes on the ADSL (192.168.2.0 / 255.255.255.0 DG 192.168.1.254 and 192.168.3.0 / 255.255.255.0 DG 192.168.1.254)

I can ping the ADSL Modem, all the VLANs and the PCs on the VLANs but I don't have internet access with teh PCs on the VLANs.

Mo ADSL is working fine when i connect it directly to a PC.

Anything to do with the ADSL Router / Modem? Someone told me that the modem should support VLAN routing, which seems doubtful as I have enabled routing on each VLANs and the L3 switch is supposed to be doing all the VLAN routing bit??

Any idea what can be wrong?

Cheers.

 

[GeekyDeaks]

Hi ProUser,

It sounds like you have already done a few checks, but I'd also do the following:

1. extend VLAN2 to port 12 and see if a PC on VLAN2 can access the internet - if it works then it sounds like the routing on the ADSL modem needs to be looked at closer. Although if you can ping from VLAN3/4 to the ADSL modem, then I cannot see this really being the problem, but it might be an issue with NATing not working quite right from subnets not directly connected.
2. can the PC's correctly resolve DNS names into IP addresses? If they cannot, then you need to review the DHCP settings (assuming you are using a DHCP server).

Cheers,
Scott

 

[VinceWhirlwind]

Your config looks OK.

Does the ADSL router have a default route set?

What is the default GW set on your PCs on each VLAN?

Just to clarify, can the PCs ping the ADSL router?

From a PC, use a command-line window to ping

http://www.google.com.

What happens?

 

[ProUser]

Hi Geeky:

I previously did enable all ports of my (Default) VLAN 1 but still no luck. I believe this is pretty much what you mean to test by extending the VLAN2 to port 12.
I tried to connect a PC to any of the remaining ports (12 - 24) and leave my PC IP on dynamic or even set it on a static address (192.168.1.10 255.255.255.0 192.168.1.254 - DNS 192.168.1.1), I still cannot connect to the internet.

I extended VLAN2 to port 11 and 12 and still cannot connect to the net being both on a dynamic or static IP.

Hi Vince:

As mentionned above, I have set a static route on my router to 2.0 and 3.0. I tried gateways as 192.168.1.1 and 192.168.1.254 none works. The PCs can ping ADSL (192.168.1.1). No reply when i ping

http://www.google.com.

Confusing thing...!

We are swapping the ADSL router to test the connection in case it is something to do with the crap BT Router BT2700..

 

[GeekyDeaks]

Hi Pro,

Sorry - I actually meant you put port 12 on the same VLAN as the ADSL router. Don't worry, I am more interested to know if the PC's correct resolve names first. When you ping

http://www.google.com,

does it correctly resolve the IP address?

Cheers,
Scott

 

[ProUser]

Hi Scott,

I put port 11 and 12 on VLAN2 still no luck.

When i ping

http://www.google.com

I get 'ping request could not find host

http://www.google.com'

I have made changes according to the settings explained here:

http://www.astaro.org/astaro-gatewa...get-l3-router-access-internet.html#post184051

but no chance at all. We even changed the ADSL router just in case but still no internet.

 

[ProUser]

Sorry, concerning the above, when I connect my ADSL to port 11 and a PC on port 12 the internet works (dynamic IP)

 

[GeekyDeaks]

Ok, sounds like dns is not workin on the other vlans. Can you show us the output from the following commands on one if the pc's you cannot get Internet access:

nslookup

http://www.google.com

ipconfig /all

 

[GeekyDeaks]

Jeez, my spelling is atrocious. In my defence I am on my iPhone, but even so....

 

[ProUser]

nslookup

http://www.google.com:

DNS request timeout
timeout was 2 seconds.
Server: Unknown
Address: 192.168.1.1

DNS request timeout
timeout was 2 seconds.

DNS request timeout
timeout was 2 seconds.

ipconfig/all:

IPv4: 192.168.2.22
subnet mast: 255.255.255.0
DG: 192.168.2.1
DNS: 192.168.1.1

 

[NortonES2]

can the PCs ping the DNS server 192.168.1.1?

-------------------------------

If it doesn't leak oil it must be empty!!

 

[ProUser]

192.168.1.1 is my router / ADLS modem IP, yes i can ping it..

 

[ProUser]

I have DHCP enabled both on the ADSL Router and the L3 Switch

 

[DrB0b]

Correct me if Im wrong, it has been awhile since I've played with Vlans but if your setup is as follows:

ISP - Modem/router - L3 switch - separate vlans

not

ISP - Modem/router - random PCs and L3 switch w/ separate vlans

Why do you have DHCP enabled on both the modem and switch? Could you not just allow DHCP with the switch and point to the gateway as long as your setup is as my first example?

"Silence is golden, duct tape is silver...

 

[ProUser]

' Does the ADSL router have a default route set? '

What is the default route needs to be on the ADSL Router and where should I check that?

 

[GeekyDeaks]

Hi Pro,

Thanks for taking the time to provide the information. Whilst you may well have a number if problems affecting you, the one we can definitely say is that dns is not working within vlan3. Your settings look fine, so my next suggestion would be to determine why the dns request is failing. There are a number of approaches to this, but the one I would recommend us to get detailed diagnostics to narrow down the cause of the fault. To do this I would first install wireshark on a pc in vlan3 and repeat the nslookup. From this you can determine if the response is getting back to the pc or not. The next stage depends on the results, but you are looking to narrow down the cause, so if the response is not seen, then you need to determine if the request or response is getting blocked. In this example I would mirror the adsl router port and get another wireshark trace to determine if the adsl router actually gets the request and/or sends a response. Other scenarios will require alternative approaches. Do the initial capture first and let us know what you find.

Btw, you can just start swapping kit to determine the cause of the fault to, but the above approach will show you precisely where and how the problem is occurring, so you can be confident in the fix.

Cheers,
Scott

 

[ProUser]

Bob,

The Modem is in use by other users as well (using WIFI for internet access), reason why it has DHCP enabled. Concerning the L3 switch, even if i disabled the DHCP it changed nothing, i mean it still did not give me access to internet. If you ask to disable it and check few other things i dont mind at all as long as it will get the VLANs access the net.

If I am rightly understanding your term, then my VLAN is ISP - Modem/router - L3 switch - separate vlans (My L3 router has a dedicated port 11 which is connected to the ADSL Modem, while Port 1-5 are for VLAN 3 and Port 6-10 are for VLAN 4).

 

[ProUser]

Hi Scott,

I should be thanking you to trying to help me out, thanks.

I have installed Wireshark. What information do you require from that? This is the first time that i am using Wireshark, so please bear with me..

Cheers

 

[DrB0b]

You would still need the correct static route set up between the Vlans and the gateway. If you dont have DHCP enabled on the switch, you can still set those static routes. Make sure your routes and ports are enabled and not down. Like I said previously, and anyone feel free to contradict with proof, its been awhile with Vlans but I had an issue similar and it was a route thing.

The DNS issue sounds plausible too. Can you show the running config on the switch? And do you have the modem configured as well for this or is it just default set up? Also, on some modems, you can differentiate between the Wifi DHCP and Lan allowing for Lan to be DHCP disabled allowing the switch to pick up the slack DHCP wise

"Silence is golden, duct tape is silver...

 

[GeekyDeaks]

Hi Pro,

You need to get wireshark to capture the network traffic whilst you run nslookup. To do this, you first need to identify the interface to capture on. The easiest way to do this is simply start a continous ping to the adsl router as follows:

ping -t 192.168.1.1

Then start capturing on each interface and you will quickly see the icmp packets when you have the right one. Then without stopping the trace, execute the nslookup again and stop the capture once finished.

You will then need to see what happens to the dns request. You can just type 'dns' into the filter box near the top and it will only show dns packets. With this you should be able to quickly determine if there is a response from the adsl router. There are a couple of scenarios you are likely to hit:

1. You do not see any response. This means either the switch may be blocking the request/response, or the adsl modem is not sending a response. You will need to capture the traffic to and from the router via a mirror port to continue.
2. You see a dns response, but there is something wrong with it, such as the modem has not masquerade the source ip address, so it does not come from 182.168.1.1
3. You see a correct dns response.

Anyway, have a go at the capture and see what you get. Wireshark is an amazing tool, you can inspect the packets in detail for protocols it recognises and it's one of my regular tools for diagnosing problems quickly and efficiently.


Cheers,
Scott