cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gtb
New Contributor II

VLAN set up - 2nd vlan fails to access internet

I have a Netvanta 3120 which had 1 vlan connected to all 4 switchports and all worked.  This was on subnet 192.168.15.192/26 with gateway 192.168.15.193; DHCP active in the 192.18.90.200 - 250 range.  I could access internet from any of these ports; DHCP would assign IP address in the proper subnet on all as they should

I wanted to create a second VLAN, which I called VLAN90, which I configured on 192.168.90.192/26 with gateway 192.168.90.193; DHCP active in the 192.168.90.200 - 250 range just like I had on the default subnet.  I then set switch port 4 for VLAN90, leaving switch ports 1, 2, and 3 on the default vlan.

When I connect pc to switch ports 1, 2, or 3, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.15.192/26 as I should; I can access internet, ping public DNS servers, and all works as it should.

When I connect pc to switchport 4, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.90.192/26 as I should; I cannot access internet, ping public DNS servers, and nothing works as it should.  It acts like I am not being allowed to access the Internet - or like I did not enter the default gateway for VLAN 90 to find a way to the Internet.  I am probably missing something rather fundamental but I am stuck.  I would appreciate any guidance you can provide

Below are the critical parts of the show run which may help

ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
ip dhcp pool "192.168.15.192/26"
  network 192.168.15.192 255.255.255.192
  dns-server 75.75.75.75 75.75.76.76
  default-router 192.168.15.193
  lease 0 4 0
  timezone-offset -5:00
!
ip dhcp pool "192.168.90.192/26"
  network 192.168.90.192 255.255.255.192
  dns-server 75.75.75.75 75.75.76.76
  default-router 192.168.90.193
  lease 0 4 0
!
!
!
!
!
!
!
vlan 1
  name "Default"
!
vlan 90
  name "Voice VLAN"
!
!
interface eth 0/1
  description ComCast
  ip address  xx.zz.yy.dd  255.255.255.252
  ip access-policy Public
  crypto map VPN
  no awcp
  no shutdown
  no lldp send-and-receive
!
!
interface switchport 0/1
  no shutdown
!
interface switchport 0/2
  no shutdown
!
interface switchport 0/3
  no shutdown
!
interface switchport 0/4
  no shutdown
  switchport access vlan 90
!
!
!
interface vlan 1
  description first vlan
  ip address  192.168.15.193  255.255.255.192
  ip access-policy Private
  no rtp quality-monitoring
  no shutdown
!
interface vlan 90
  description - visitor wired use
  ip address  192.168.90.193  255.255.255.192
  ip mtu 1500
  no awcp
  no shutdown
!
!
!
!
ip access-list standard wizard-ics
  remark Internet Connection Sharing
  permit any
!

ip access-list extended self
  remark Traffic to UNIT
  permit ip any  any     log
!
!
!
!
ip policy-class Private
  nat source list wizard-ics interface eth 0/1 overload

!
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
!

0 Kudos
2 Replies
jayh
Honored Contributor
Honored Contributor

Re: VLAN set up - 2nd vlan fails to access internet

You don't have a policy allowing VLAN 90 to NAT to the Internet.

I'm assuming that you don't want the visitor network on VLAN 90 to access resources on VLAN 15.

Add the following:

interface vlan 90

  ip access-policy Visitor

ip policy-class Visitor

  nat source list wizard-ics interface eth 0/1 overload

Anonymous
Not applicable

Re: VLAN set up - 2nd vlan fails to access internet

I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Eric