No Internet on VLAN but websites are resolving

[nelsonsk2]

I've recently set up a VLAN on my Cisco 1811 router and HP 1910-24G switch, VLAN20 ip 192.168.3.0/24. I've set up the VLAN with IP help address pointing to my PDC on main VLAN1. I've also added VLAN to AD Sites and Services and added scope to DHCP. I've also added an access list entry "permit ip 192.168.3.0 0.0.0.255 any". I have not made any ip nat entries for VLAN. Presently I have 1 VM connected to this VLAN which has been properly assigned an IP in VLAN.

I am able to ping between VLAN's. I can ping both VLAN1 and VLAN20 default gateways but when I try to ping

http://www.google.com

from VM on VLAN I get "Pinging

http://www.google.com

[74.125.28.99]... Request timed out..."

Below is the output for the VLAN from show ip int. Is there something I'm missing in this config? Do I need to set up IP NAT for this VLAN? I also noticed it says Outgoing/Inbound access list is not set. I haven't configured a VLAN access-list just the IP access-list record for the subnet. Do I need to set it up for the VLAN?

Vlan20 is up, line protocol is up
Internet address is 192.168.3.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is 192.168.1.4
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

 

[VinceWhirlwind]

When you say you have setup the VLAN on both router and switch, what do you mean?
What IP address in 192.168.3.0 is on the router, what address is on the switch, what address is on the VM?
What is the VM's default GW?

Yes, you need to be NATing for 192.168.3.0 for a device on 192.168.3.0 to access the internet.

 

[nelsonsk2]

I've added the VLAN to the vlan database and configured the int VLAN20. I'll have to go back through my notes though because I thought I had assigned the VLAN to fa9 on the router but nothing is showing under that interface. In addition to the other information you requested I've included the IP Routing from the router. It's my understanding from Cisco and other posts that if the entry for the VLAN is correctly showing in the IP Routing and configured in the ACL (currently ACL Extended 101 & 102 - permit ip 192.168.3.0 0.0.0.255 any) there is no need to NAT.

To clarify my OP, the PC has no problem accessing either VLAN1 or 20. It is getting it's domain config from my DC in VLAN1, including application of GPO and network mapping. The only problem is internet access.

The addresses are as follows
Router
VLAN20 assigned 192.168.3.1
Switch
GE1/0/2 (Trunk for VLAN) assigned 192.168.3.254
PC
192.168.3.2 assigned properly by reservation in DHCP on Windows Server 2003 Domain controller.
Default Gateway is currently set as 192.168.3.1, however I've tried assigning 192.168.1.1 (VLAN1 default gateway) with same results.

I've also configured the switch based on the recommendations from the posts at

http://vmfocus.com/2012/09/26/how-to-configure-layer-3-static-routes-vlans-on-hp-v1910-24g/

Vlan on Router

Router(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003

VLAN ISL Id: 20
Name: VLAN0020
Media Type: Ethernet
VLAN 802.10 Id: 100020
State: Operational
MTU: 1500

Router#show int vlan20
Vlan20 is up, line protocol is up
Hardware is EtherSVI, address is 001b.d4ed.e94c (bia 001b.d4ed.e94c)
Internet address is 192.168.3.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:59, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
464345 packets input, 71814594 bytes, 0 no buffer
Received 208675 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
97240 packets output, 122500351 bytes, 0 underruns
0 output errors, 1 interface resets
0 output buffer failures, 0 output buffers swapped out

show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is <Outside IP> to network 0.0.0.0

C 192.168.1.0/24 is directly connected, BVI1
<Outside IP> is subnetted, 1 subnets
C <Outside IP> is directly connected, FastEthernet1
C 192.168.3.0/24 is directly connected, Vlan20
S* 0.0.0.0/0 [1/0] via <Outside IP>


VLAN on switch
VLAN20 ports
GE1/0/2 Untagged Member of VLAN20 Link Type Trunk
GE1/0/3-12 Untagged Members of VLAN20 Link Type Access

VLAN Interface
VLAN20 IP=192.168.3.254/24 Admin Status=Up Method=Manual

 

[VinceWhirlwind]

Please show the router physical interface config.
Please clarify which physical router interface connects to which physical switch interface.
Please show that switch physical interface config.

Can the PC ping its default GW?

 

[nelsonsk2]

Router port
FastEthernet9 is up, line protocol is up
Internet protocol processing disabled

router fa9 connects to port ge1/0/2

Port Details GE1/0/2
Port State - Enabled[Active]
Flow Control - Disabled
MDI - Auto
Duplex - Auto[Full]
Broadcast Suppression - 100%
Multicast Suppression - 100%
PVID - 20
Link Type - Trunk
Speed - Auto[100M]
Max MAC Count - No Limit
Unicast Suppression - 100%

As stated in my OP, I can ping all internal network locations including the default gateway. I also ran a tracert to google and a couple of other sites yesterday from the VLAN20 PC. The first hop is to 192.168.3.1 then it stops. This leads me to believe I have more set up to do on the router pointing the VLAN to the default gateway. That VLAN can see the gateway but apparently doesn't realize that is the channel to the internet.

 

[nelsonsk2]

So now I've created a new problem. I was going back through the router port config following this document.Link According to what I was seeing the trunking wasn't set up on the interface to the VLAN so I followed the instructions to configure the switchport mode trunk. Now I can only ping from VLAN20 to VLAN1 but not the other direction. Internet access from VLAN 20 is unchanged. I've included the int switchport config below.

Name: Fa9
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 20 (VLAN0020)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none

 

[nelsonsk2]

Resolved the last problem. I changed the Access Mode Vlan to 20 and can ping between VLAN's and PC. I can also RDP to the PC on VLAN20 from my PC on VLAN1 again. Still no joy regarding internet access from PC on VLAN20.

 

[nelsonsk2]

You can disregard this thread. I discovered the problem which was I hadn't applied the ip nat inside to the interface. It is all working now.