No Internet Access over VLAN 1

[ProUser]

Hi,

This is my first post here so hope to find a solution from you guys..

I have a Netgear L3 Managed switch (GSM7324) and have configured 3 VLANs over it. But for some reason I am unable to access the internet through the VLANs. I am using a BT Business Router (BT2700HGV)

My config is as below:

VLAN 1 (Default) IP 169.254.100.100 Ports 12-24
VLAN 2 192.168.1.254 for connection to the Internet ADSL port 11
VLAN 3 192.168.2.1 port 1-5 and
VLAN 4 192.168.3.1 port 6-10

I have enabled default routing on the Switch to my ADSL Modem (192.168.1.1). I have also added two static routes on the ADSL (192.168.2.0 / 255.255.255.0 DG 192.168.1.254 and 192.168.3.0 / 255.255.255.0 DG 192.168.1.254)

I can ping the ADSL Modem, all the VLANs and the PCs on the VLANs but I don't have internet access with teh PCs on the VLANs.

Mo ADSL is working fine when i connect it directly to a PC.

Anything to do with the ADSL Router / Modem? Someone told me that the modem should support VLAN routing, which seems doubtful as I have enabled routing on each VLANs and the L3 switch is supposed to be doing all the VLAN routing bit??

Any idea what can be wrong?

Cheers.

 

[DrB0b]

Since Deaks is outa town, Ill through my thoughts in until he can return and most likely help you before I will. You'll have to forgive me as Im not versed in the Netgear switches:

http://support.netgear.com/ci/fatta...ting VLANs with Shared Internet Access v2.pdf

Look at the very first pic and the configs below. Looking at your config, I dont think I see what Im told in the PDF but please prove me wrong.

"Silence is golden, duct tape is silver...

 

[GeekyDeaks]

Hi Pro,

Don't worry about the metric. It's just a value assigned to show the priority of the route against other routes to the same destination. Since you only have one default route, then the priority is ignored. At any rate, a lower number is better, so 0 is the highest priority you can have. The value can be derived from different characteristics of the network, such as number of hops to the gateway.

I took a look at the latest traces. I can clearly see the DNS requests getting sent to the router, but no reply. This means there is an issue with the router. I'll need to dig up the manual for the model you have. Are you still using the BT2700HGV? The reason I ask is because the MAC address of the router in the latest trace is a D-Link one.

Cheers,
Scott

 

[ProUser]

Hi Doc,

I based myself on that same pdf to do my config. As far as i can see it, I configured it pretty much as described in that doc, with the only exception being 2 ports on my vlan2 instead of 8 there, and me having a Mirrored port. I dont think this makes a big difference, does it? Anything else that i missed in the config?

 

[GeekyDeaks]

Hi Pro,

I cannot see anything wrong with the netgear config and the diags you have provided show it not to be at fault. I think we need to concentrate on the router now.

Cheers,
Scott

 

[ProUser]

Hi Scott,

Well spotted, its a D'Link (DSL-2640B)ADSL Router now. I replaced the BT with this one as the BT was pure crap.

I found some manuals online, if that can help (see below)

http://www.avbell.com/Manual/DSL_2640B/UserManualDSL_2640B.pdf

ftp://ftp.dlink.co.uk/dkt_products/dkt-710/DSL-2640B_Manual_v1_060407.pdf

 

[ProUser]

Note that I have changed my DNS from automatic to the following:

Preferred DNS: 208.67.222.222
Alternate DNS: 208.67.220.220

I changed this because previously when i was going under Maintenance > Diagnostics (on the ADSL Modem), the Ping Preferred DNS server: was failing (Under Internet Connectivity check)

 

[GeekyDeaks]

Hi Pro,

Ok - let's take one step back now. Can you ping either of the DNS servers from a PC in VLAN3?

If you cannot do that, then there is a basic routing/nat issue we need to deal with first.

This scenario differs from the previous in one subtle way. In the first you were asking the router to do the DNS lookup, which can have problems with the DNS service on the router itself. In the new scenario, you are just nat'ing the DNS UDP packets to the DNS servers. i.e. you are not using a DNS service on the router.

Cheers,
Scott

 

[ProUser]

Hi Scott,

I hope the changes did not really spoil the situation more..

I did the ping to both DNS but getting Time Out..

 

[ProUser]

Do you think using a Netgear Router will give us less hassle and start working instantly? Just guessing since the Netgear service agent said he did the test on a Netgear ADSL Router and it worked (Though i dont really believe him)

 

[GeekyDeaks]

Hi Pro,

Don't worry to much. Changing stuff does mean you have to back track a little, but it would be pretty mean of me to ask you not to change anything

Ok, so I can ping both those servers. This means they are not ignoring the ICMP requests and you are likely to still have a routing/nat issue on the router itself.

Let me take a look at the manual this afternoon and I'll get back to you. But in the meantime, is it possible to get a config dump from it? I don't know if it has a command line or summary config page...

Cheers,
Scott

 

[ProUser]

Hi Scott,

I can't seem to see any way to get the config dump from the Router. Any other way we can do that?

 

[ProUser]

Hi Doc,

could you tell what is different from my config and the one explained in the document? Just in case it's a slight thing that we can't seem to be noticing and is creating all the fuss.

Cheers,

 

[GeekyDeaks]

Hi Pro,

Ok - have not had much time to review the manual. It looks pretty basic. I think we need to check a few things first once again.


1. plug a PC into port 12 again (vlan2) and make sure it can ping 209.85.227.147 (

http://www.google.com)

2. start wireshark to monitor the router port
3. From the PC on vlan2, execute 'ping -l 100 86.2.106.208' (one of my external IP addresses)
4. From the PC on vlan3, execute 'ping -l 200 86.2.106.208'

I have network monitoring setup to look for ICMP packets, so we can check they are leaving and arriving here ok first.

Cheers,
Scott

 

[DrB0b]

Maybe Im missing something, but I dont see the static routes for VLAN 3 or 4 in your config. You have 1 static route for the 1.x VLAN to see the router but you dont have a static route set up in your vlan 3 or 4 to point them to VLAN 2 so they know how to get out.

I think there should be two more static routes set up in the VLAN interfaces.



"Silence is golden, duct tape is silver...

 

[GeekyDeaks]

Hi Doc,

You need the route on the devices within VLAN3 and VLAN4. The netgear itself already has interfaces on VLAN3 and VLAN4, consequently it will have routes to the following networks within it's tables:

192.168.1.0/24
192.168.2.0/24
192.168.3.0/24

From the traces Pro has provided, the routing is fine. I can see packets traversing the switch without any issues (well, there is an strange thing with the MAC addresses not being 100% correct, but I think that is just a mirroring artefact).

Cheers,
Scott

 

[DrB0b]

I would say you are prolly right,

Just curious tho, if you hook a PC to VLAN 1 can you get out to the internet?

"Silence is golden, duct tape is silver...

 

[DrB0b]

Vlan 2 sorry

"Silence is golden, duct tape is silver...

 

[ProUser]

Hi Scott,

I can't seem to be able to ping it. Hooked a PC to VLAN2, configured static IP with DG 192.168.1.1 but am not even able to ping anything, neither 192.168.1.254 nor 1.1, so obviously not going to get 209.xx.xx .

It used to work previously but i can't see why it's not working now.. I will have a check at it again tomorrow as am off home now..

 

[VinceWhirlwind]

How are your IP addresses NATd on the ADSL router?

 

[ProUser]

Hi Vince,

I have no idea to be honest. If you can explain me how to check that I can do it.