No Internet Access over VLAN 1

[ProUser]

Hi,

This is my first post here so hope to find a solution from you guys..

I have a Netgear L3 Managed switch (GSM7324) and have configured 3 VLANs over it. But for some reason I am unable to access the internet through the VLANs. I am using a BT Business Router (BT2700HGV)

My config is as below:

VLAN 1 (Default) IP 169.254.100.100 Ports 12-24
VLAN 2 192.168.1.254 for connection to the Internet ADSL port 11
VLAN 3 192.168.2.1 port 1-5 and
VLAN 4 192.168.3.1 port 6-10

I have enabled default routing on the Switch to my ADSL Modem (192.168.1.1). I have also added two static routes on the ADSL (192.168.2.0 / 255.255.255.0 DG 192.168.1.254 and 192.168.3.0 / 255.255.255.0 DG 192.168.1.254)

I can ping the ADSL Modem, all the VLANs and the PCs on the VLANs but I don't have internet access with teh PCs on the VLANs.

Mo ADSL is working fine when i connect it directly to a PC.

Anything to do with the ADSL Router / Modem? Someone told me that the modem should support VLAN routing, which seems doubtful as I have enabled routing on each VLANs and the L3 switch is supposed to be doing all the VLAN routing bit??

Any idea what can be wrong?

Cheers.

 

[ProUser]

Hi Scott,

Am about to do it, but tell me, would you like the Wireshark Report to be from the config that i sent you, or can i send you a report based on the config found as per here.

http://forum1.netgear.com/showthread.php?t=69844

. This is another thread that I am having concerning this issue.

Cheers

 

[ProUser]

For the above, see config explained by Glitched on

http://forum1.netgear.com/showthread.php?t=69844

 

[GeekyDeaks]

Hi Pro,

I don't mind, either will be fine. I cannot see anything wrong with your config on the netgear anyway and since you can route correctly across it I suspect it's the modem having a problem with NAT and indirect subnets. Need the trace to confirm though.

BTW, I read the responses on the other forum. Some of the comments are not very helpful.

Cheers,
Scott

 

[ProUser]

Hi Scott,

I mirrored the Port 11 to Port 22, which is showing as 0/11 Mirror and 0/22 Probe.

I have attached 3 files from the Wireshark report:
1 is based on a routing (on the router table) to 192.168.1.1

http://www.mediafire.com/?42t6h0o1s9m7y0x

1 is based on a routing (on the router table) to 192.168.1.254

http://www.mediafire.com/?196mu43bycv52wm

this is based on a routing (on the router table) to 192.168.1.254, but where i have removed the static DNS on the PC (no dns specified)

http://www.mediafire.com/?196mu43bycv52wm

and the nslookup report to

http://www.google.com

http://www.mediafire.com/?t6el2tooh2h83ia

Hope this helps finding the culprit...

 

[GeekyDeaks]

Hi Pro,

It still does not look like the mirroring is working properly. All the traces show traffic on an idle switch port. Looking at the broadcast traffic it seems to be on 169.254.100/24. Can you post the switch configuration again? I want to check the mirror commands are still there and got saved correctly.

When you do re-start the capture, put 'icmp || udp.port == 53' in the filter on the wireshark PC and click 'apply', then do a 'ping -t 192.168.1.1' from a PC in VLAN3. When you see the packets appearing on the wireshark PC, you know it's working.

FYI - the filter causes only ping (icmp) and DNS (udp port 53) packets to show.

Cheers,
Scott

 

[ProUser]

Hi Scott,

See the config below.

I ran the Wireshark again with the filters you mentionned. There is no data at all, which I believe would mean there is no packet transmission..

GSM7324) #show running-config config

[ config ] File extension other than '.scr' is not allowed.
Please use file extension .scr.

(GSM7324) #show running-config
!Current Configuration:
!
!System Description "GSM7324 L3 Managed Gigabit Switch"
!System Description 6.3.3.6
!
set prompt "GSM7324"
vlan database
vlan 2
vlan name 2 2-auto
vlan 3
vlan name 3 3-auto
vlan 4
vlan name 4 4-auto
vlan routing 4
vlan routing 3
vlan routing 2

exit

configure
sntp client mode unicast
! sntp server status is active
sntp server time-d.netgear.com
logging buffered
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.1
monitor session 1 destination interface 0/22
monitor session 1 source interface 0/11
lineconfig
exit

spanning-tree configuration name 00-18-4D-D9-74-A0
router ospf
router-id 192.168.1.254
exit

router rip
exit

interface 0/1
vlan pvid 3
vlan participation exclude 1
vlan participation include 3
exit

interface 0/2
vlan pvid 3
vlan participation exclude 1
vlan participation include 3
exit

interface 0/3
vlan pvid 3

vlan participation exclude 1
vlan participation include 3
exit

interface 0/4
vlan pvid 3
vlan participation exclude 1
vlan participation include 3
exit

interface 0/5
vlan pvid 3
vlan participation exclude 1
vlan participation include 3
exit

interface 0/6
vlan pvid 4
vlan participation exclude 1
vlan participation include 4
exit

interface 0/7
vlan pvid 4
vlan participation exclude 1
vlan participation include 4
exit

interface 0/8
vlan pvid 4
vlan participation exclude 1
vlan participation include 4
exit

interface 0/9
vlan pvid 4

vlan participation exclude 1
vlan participation include 4
exit

interface 0/10
vlan pvid 4
vlan participation exclude 1
vlan participation include 4
exit

interface 0/11
vlan pvid 2
vlan participation exclude 1
vlan participation include 2
exit

interface 0/12
vlan participation exclude 1
vlan participation include 2
exit

interface 0/13
exit

interface 0/14
exit

interface 0/15
exit

interface 0/16
exit

interface 0/17
exit

interface 0/18
exit

interface 0/19

exit

interface 0/20
exit

interface 0/21
exit

interface 0/22
exit

interface 0/23
exit

interface 0/24
exit

interface vlan 4
routing
ip address 192.168.3.1 255.255.255.0
ip ospf
ip rip
exit

interface vlan 3
routing
ip address 192.168.2.1 255.255.255.0
ip ospf
ip rip
exit

interface vlan 2
routing
ip address 192.168.1.254 255.255.255.0
ip ospf
ip rip
exit

exit

 

[GeekyDeaks]

Hi Pro,

The config looks correct from what I know. Can you send me the output of the following two commands?:

1. show monitor session 1
2. show port all

Unfortunately I don't have the same switch to try this out on myself.

Cheers,
Scott

 

[ProUser]

Here we go..

GSM7324) #show monitor session 1

Session ID Admin Mode Probe Port Mirrored Port
---------- ---------- ---------- -------------
1 Disable 0/22 0/11


(GSM7324) #show port all

Admin Physical Physical Link Link LACP
Intf Type Mode Mode Status Status Trap Mode
--------- ------ ------- ---------- ----------- ------ ------- -------
0/1 Enable Auto Down Enable Enable
0/2 Enable Auto Down Enable Enable
0/3 Enable Auto Down Enable Enable
0/4 Enable Auto 1000T Full Up Enable Enable
0/5 Enable Auto Down Enable Enable
0/6 Enable Auto Down Enable Enable
0/7 Enable Auto Down Enable Enable
0/8 Enable Auto Down Enable Enable
0/9 Enable Auto Down Enable Enable
0/10 Enable Auto Down Enable Enable
0/11 Mirror Enable Auto 1000T Full Up Enable Enable
0/12 Enable Auto Down Enable Enable
0/13 Enable Auto Down Enable Enable
0/14 Enable Auto Down Enable Enable
0/15 Enable Auto Down Enable Enable
0/16 Enable Auto Down Enable Enable
0/17 Enable Auto Down Enable Enable
0/18 Enable Auto Down Enable Enable
0/19 Enable Auto 100T Full Up Enable Enable
0/20 Enable Auto Down Enable Enable
0/21 Enable Auto Down Enable Enable
0/22 Probe Enable Auto 100T Full Up Enable Enable
0/23 Enable Auto Down Enable Enable
0/24 Enable Auto Down Enable Enable
vlan 4 Enable Down Enable Enable
vlan 3 Enable Up Enable Enable
vlan 2 Enable Up Enable Enable

 

[GeekyDeaks]

Ok - so the mirror is not active.

This is the poorly document part of the manual. Try the following command in config mode:

monitor session 1 mode

then check the 'show monitor session 1' output to see if it says enable. If that fails, try something like:

monitor session 1 mode enable

and check 'show monitor session 1' again.

Good luck!
Scott

 

[ProUser]

Hi Scott,

I enabled it, thanks.

(GSM7324) #show monitor session 1

Session ID Admin Mode Probe Port Mirrored Port
---------- ---------- ---------- -------------
1 Enable 0/22 0/11

I have captured a new session on the Wireshark, I believe this one makes more sense. I have uploaded it here.. (File name mirror enabled)

http://www.mediafire.com/?k20b9uj57xtj6mb

Give me the good news ...

Cheers,

 

[GeekyDeaks]

ok, that trace looks much better.

I can see the pings from 192.168.2.22 to 192.168.1.1, which is good.

I cannot however see any DNS queries from 192.168.2.22, or from anybody for that matter.

Did you do an nslookup whilst the trace was running? If so that would suggest the switch is blocking them. If you did not do an nslookup, can you do the following on 192.168.2.22 whilst capturing:

ping -n 1 <external ip of adsl router>
nslookup

http://www.google.com

ping -n 1 <external ip of adsl router>

This will nicely mark the trace.

Cheers,
Scott

 

[ProUser]

Hi Scott,

you were right, I did not run the nslookup at the same time.

I have attached 2 files here, 'ping and nslookup together'

http://www.mediafire.com/?j7ctlt837b0x0po

is as you asked to do just above. The other file, 'full ping and nslookup together'

http://www.mediafire.com/?7lail76pk9tpl19

is where i ran a full ping (ping 192.168.1.1 -t) and in another window i ran the nslookup.

http://www.mediafire.com/?j7ctlt837b0x0po

http://www.mediafire.com/?7lail76pk9tpl19

Lets hope you could find me the solution finally. Really appreciate your help.

Cheers

 

[GeekyDeaks]

ok - so definitely no DNS queries coming out of the switch. I can clearly see the pings, so no IP routing problems.

Let's just do a quick sanity check and ensure the DNS settings on the PC are ok. Can you post the output from 'ipconfig /all' on 192.168.2.22 please? I know you summarised it before, but can you post the output verbatim this time?

Cheers,
Scott

 

[ProUser]

I have uploaded the ipconfig/all in a text file. But I cant remember if i had specified the DNS when i last sent you the Wireshark configs. I have been plating with the dns, IP, DG etc, dats the reason why.

I have thus uploaded 2 more Wireshark Configs, 1 with Static DNS and the other without specifying the DNS. Please find the files below

Ipconfig/all:

http://www.mediafire.com/?i08idg5wrdcg7td

Static DNS:

http://www.mediafire.com/?1srdv27p54b7vtz

No DNS Specified:

http://www.mediafire.com/?ghy7fjgv9b0bkhd

IF we find out it is a problem with the DNS, do you think you will be able to help me further till we have it working?

Cheers,

 

[GeekyDeaks]

Hi Pro,

The new traces show routing issues even with the pings. Have you changed something on the ASDL router? I can see the ping and dns packets going to the router (192.168.1.1), then after that I can see ARP requests from your *outside* IP address asking for 192.168.1.254. This is completely wrong and I did not see this before. Basically the router is trying to work out how to contact the gateway to 192.168.2.x, which is 192.168.1.254, but it's using it's external address in the query. This will never work, it needs to ask from it's 192.168.1.1 address. Just to confirm I saw correct routing before, so just want to make sure nothing has changed, as this might indicate a dodgy router.

I am about to take a plane to Madrid, so I might not be able to continue this until tomorrow.

Cheers,
Scott

 

[ProUser]

I think i added another Static routing yesterday, for test purposes, can't quite remember if it was yesterday or before though. It was 192.168.1.0 255.255.255.0 DG 192.168.1.254. Am sure it Could that be it

I deleted this routing already though, so i am sending you the new Wireshark report (link below) from a pc with IP: 192.168.2.22 255.255.255.0 DG.192.168.2.1 DNS.192.168.1.1

http://www.mediafire.com/?n6r9cqbhart6pxh

Bon voyage and Have a nice trip

 

[ProUser]

Hi Scott,

Hope you had a nice trip.

I have found the FULL Manual for the switch, in case that can help you and us.

ftp://downloads.netgear.com/files/gsm7312_user_manual.pdf

Cheers,

 

[ProUser]

Tell me one thing, I can see on the switch (router>configured routes) that the Metric value is 0. Should that not be at least 1 to be considered as a preferred routing?

 

[DrB0b]

Maybe Im not seeing it in your posted configs, but, do you have the port configured for the physical connection between the modem/router and the L3 switch? I know you have a static route set up for it but I cant find the physical port info. Look here about midway through the page, granted this is Cisco but the general theories are similar.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Did you ever verify that this switch worked with a basic default settings before Vlan'ing it up?

"Silence is golden, duct tape is silver...

 

[ProUser]

Hi Doc,

(Feels like talking to my doctor, but in terms of connections rather than injections..)

Did you ever verify that this switch worked with a basic default settings before Vlan'ing it up? - At some point yes I could access the internet if i had 2 PCs with similar IP range.

I configured VLAN1 port 11 (192.168.1.254) which is connected with the Modem / Router. This is also mirrored with port 22, and I got port 12 which is on the same vlan as port 11 (if this is what you mean)

Can i change the Metric from 0 to 1 on the switch's default routing?