No Internet Access over VLAN 1

[ProUser]

Hi,

This is my first post here so hope to find a solution from you guys..

I have a Netgear L3 Managed switch (GSM7324) and have configured 3 VLANs over it. But for some reason I am unable to access the internet through the VLANs. I am using a BT Business Router (BT2700HGV)

My config is as below:

VLAN 1 (Default) IP 169.254.100.100 Ports 12-24
VLAN 2 192.168.1.254 for connection to the Internet ADSL port 11
VLAN 3 192.168.2.1 port 1-5 and
VLAN 4 192.168.3.1 port 6-10

I have enabled default routing on the Switch to my ADSL Modem (192.168.1.1). I have also added two static routes on the ADSL (192.168.2.0 / 255.255.255.0 DG 192.168.1.254 and 192.168.3.0 / 255.255.255.0 DG 192.168.1.254)

I can ping the ADSL Modem, all the VLANs and the PCs on the VLANs but I don't have internet access with teh PCs on the VLANs.

Mo ADSL is working fine when i connect it directly to a PC.

Anything to do with the ADSL Router / Modem? Someone told me that the modem should support VLAN routing, which seems doubtful as I have enabled routing on each VLANs and the L3 switch is supposed to be doing all the VLAN routing bit??

Any idea what can be wrong?

Cheers.

 

[ProUser]

Hi Doc,

the PVID thing is sorted now. It was not there on VLAN2 for port 12 but i added it and it is there now (see above)

 

[ProUser]

CENTURY!! We did a 100 reply ! (but without finding the solution.. )

Scott, I indeed did a ping from a PC on VLAN 3 -l 200 and another ping from a PC on VLAN 2 -l 100

 

[GeekyDeaks]

Previous failure was my mistake - I left ICMP blocking on my firewall....sorry!

Ok - this is good. I can see that the NAT'ing and routing are working fine from both vlans now.

Next, make sure DNS is working fine. Try the following from the command prompt on both a PC on VLAN2 and VLAN3

nslookup [URL unfurl="true"]www.google.com[/URL] 192.168.1.1
nslookup [URL unfurl="true"]www.google.com[/URL] 208.67.222.222

each one tries a DNS request against the server IP at the end. This way you can check which ones work and which do not.

Cheers,
Scott

 

[ProUser]

Hi Scott,

I have attached the report on the link below

http://www.mediafire.com/?mybhacbh18rnypn

Sometimes little details makes a big difference, so i think its worth mentionning that the PC on vlan 3 has a static DNS configured 192.168.1.1 while the pc on vlan 2 is on dynamic IP>

Cheers,

 

[GeekyDeaks]

Hi Pro,

Was that trace from running the PC on VLAN2 only? I can only see DNS requests from 192.168.1.7. Both nslookups seem to work fine though.

Just so you are aware, the nslookup command overrides the DNS settings when you specify the server address at the end.

Cheers,
Scott

 

[ProUser]

Hi Scott,

Yes it was indeed running from the PC on VLAN 2 (connected on port 12). Both the trace and Wireshark are on the same PC.

 

[ProUser]

Hi Scott,

Am off for now, but dplz do let me know what you thing can be the prob. Got my CCNA class on tue and Weds.

 

[GeekyDeaks]

Hi Pro,

Doh... I was vague again in my instructions. The trace is fine from the PC on VLAN2. I assume you resolved the IP address for

http://www.google.com

each time?

You need to do the same with a PC on VLAN3...

Sorry,
Scott

 

[ProUser]

Hi Scott,

so here is my PC config on VLAN 3
IP: 192.168.2.22
SM: 255.255.255.0
DG: 192.168.2.1
DNS: 192.168.1.1

I have attached the Wireshark report on

http://www.mediafire.com/?vvzr0r5rvgwimvh

Capture from port 12

http://www.mediafire.com/?nktn8dujdmcoix8

Capture from Mirror Port

Are you getting there you reckon?

 

[GeekyDeaks]

Hi Pro,

I can see the requests, but no response. It looks like the router is not handling the DNS queries correctly when they are from a different subnet.

Can you just confirm one thing though. When you pinged 86.2.106.208 from VLAN3, did it work. You seem to mention that it did, but I just want to double check.

If you can ping, then we need to play with the setting on the router for DNS.

Cheers,
Scott

 

[ProUser]

Hi Scott,

Ok to answer your question, yes when I ping my external IP I do get a response.

I thought dealing with this a different way.. Rather than curing the patient, I opted to kill him, so no more illness.. Well as mentionned earlier I bought another router, a Netgear DG834Gv4 / v5. And now, the bloody thing WORKS! Honestly I dont believe it! Is it that Netgear L3 Switched will work only on Netgear Routers??

One thing that i noticed when i configured the Netgear is that it was still not working. Could not even ping 192.168.1.1. I went to the router and checked my Static IPs, and there i noticed that despite the fact that i had the static routing, I have an option to enable it. Once i enabled it I could ping 192.168.1.1, could ping

http://www.google.com

and could instantly go to internet.

So anything you guys would like to conclude over this, apart from the fact that Netgear is being a bit of Microsoft type??

Are we going to get an award for this, for the much of replies we had in this ?

Thanks a lot Scott, u been a star. I highly appreciate your help in all this..

Cheers,

Arvin

 

[GeekyDeaks]

Nice one Arvin! Just glad you got it fixed.

To be honest I don't think this a netgear issue. I think the routers you previously had did not correctly handle the subnets after manipulating the DNS queries.

Hopefully you can now use your experience with wireshark and port mirroring to solve other issues in future... They are very useful skills to have!

Cheers,
Scott

 

[ProUser]

The thing is that the D-Link was configured with all the basic settings, just like the previous BT Router. So i still cant seem to understand why it did not work.

Concerning Wireshark I still dont know much how to read the information from it, like the different commands. Do you have a quick way to learn it, or a maual somewhere?

 

[GeekyDeaks]

I have to confess I am a bonafide geek and have been dissecting protocols for over 25 years now, so never really had to look at any tutorials for wireshark.

I took a quick look though and this one seems to be pretty good. It initially shows how to capture a simple web transaction and the instructions are clear and concise, so I'd recommend starting here:

http://www.youtube.com/watch?v=NHLTa29iovU

Cheers,
Scott

 

[ProUser]

Thanks Scott,

You're always there to give a helping hand.. I really appreciate.

Cheers,