VPN in different VLANS
Hello - I have searched for hours and looked through tons of answers, but I can't seem to get this to work. Due to an unfortunate situation, I suddenly became our network instead of our domain servers administrator. There is a problem with the fact that I was struggling, and I hope you can help out me. I don't know anything about Cisco ASA.
We have a multi-site network, all hung over VPN across multiple devices Cisco ASA 5505. One of our sites has 2 VLAN going to 2 different subnets. The second site has only one VLAN. 2 sites are able to communicate with each other through the VPN, but site 2 can not ping all devices on the VLAN 2nd the first site. I hope that's not too complicated. Here is a breakdown:
Site 1:
Vlan1 is the 10.10.1.0 internal subnet.
VLAN2 is external WiFi.
VLAN12 is the 10.10.12.0 internal subnet.
Site2:
Vlan1 is the 10.10.20.0 internal subnet
VLAN2 is external WiFi.
Site2 VLAN1 (10.10.20.1) is connected via VPN to Site1 VLAN1 (10.10.1.5). Site1 can ping 10.10.12.0 without problem. Site2 can ping 10.10.1.0 without problem. Site2 DO ping 10.10.12.0. How can I get Site2 to subnet ping the 10.10.12.0 to Site1?
Joint are my configurations - I'm not sure if they are correct. I inherited this unexpected work. Thanks in advance for your help.
Add this site one:
access-list 101 extended allow ip 10.10.12.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list extended 150 permit ip 10.10.12.0 255.255.255.0 10.10.20.0 255.255.255.0
- - - - - - - - - - - - - - - - - - - - - - -- - - - - -
FYI...
Remove this site line two:
No traverse private address via the public cloud, without going through the tunnel, so your allowed private lines are of no use on outside_access_in.
access extensive list ip 10.10.12.0 outside_access_in allow 255.255.255.0 any
- - - - - - - - - - - - - - - - - - - - - - -- - - - - -
Add these lines on the site two.
109 extended access-list allow ip 10.10.20.0 255.255.255.0 10.10.12.0 255.255.255.0
access-list 110 extended allow ip 10.10.20.0 255.255.255.0 10.10.12.0 255.255.255.0
Thank you
Rizwan James
Tags: Cisco Security
Similar Questions
-
How to configure the different VLANs (using the E3200)?
Hello.
I want to implement different VLANs (using the E3200) so that I can have two different networks that cannot access each other.
The E3200 is connected to a modem for internet access.
I would like that the two networks to access the internet.
The only E3200 does support the creation of VLANs?
If not, is there another way I can satisfy the requirement by using the single E3200 (using something else than VLANs)?
At the end of the day, I think that I would need at least another router.
Thus, for example,.
Router a (E3200) is connected to the configuration / modem to DHCP with a rank 192.168.1.1/24 LAN IP address.
Router B is connected to the router and Setup for DHCP by using a LAN IP range 192.168.2.1/24.
This peripheral way connected to the router A should not have access to devices connected to router B and vice versa, correct? For example, X device connected to the router cannot ping or browse files on the device is connected to router B and vice versa, correct?
Do I need to configure anything else on router B? For example, do I need the DNS configuration settings so that devices connected to router B can connect to the internet without problem? Do I need to specify that these VLANs are not bridged and which router, or both?
I already know how to configure a static IP address, DHCP, beaches LAN IP and static DNS settings on a router, etc.
With respect to wireless devices, I think that they would follow the same model; for devices connected to the router wireless (E3200) have access to other devices Wi-wired and connected to the router, but not to devices with or without wire, connected to router B and vice versa. However, if the wireless devices have currently access to wired devices was also connected to the router, so it's good for now.
Thank you very much!
-Rami
The E3200 has no support VLAN according to the manual. There is no way to configure two separate networks with this single router.
You need to add network electronics.
Ex:
Managed with VLAN switch
Another wireless router with VLAN
If your modem provides several public or private IP addresses, then you could put a switch after the modem and two wireless routers that are attached to the switch.
-
Wake on LAN (WOL) through different VLAN on SG-300-10
Hello
I try to get WOL working through different VLAN on a Switch SG-300-10 in layer 3 Mode. To achieve this, I set up a UDP relay (GUI menu Configuration IP) for UDP Port 7 to 255.255.255.255 (this should inundate all interfaces with the package), however, does not work WOL in different VLANS. When I am connected directly to the VLAN corresponding, WOL works fine in the same subnet. Am I missing something here?
All comments appreciated!
Thank you very much!
Hi Romeo,.
A few minutes to try it on my SG300 - 10 p mode layer 3.
My NAS unit is capable WOL and I thought I would use it in my test environment...
Ran a basic test to check my sender of packet Magic from my PC "awakened" my NAS unit.
As you would expect, on the same subnet, the magic packet WOL caused my NAS unit to power, no problem.
But this isn't really the test, just a test database to check that my sender of the packet magic WOL and NAS was working well.
The screenshot below shows WOL software I used on my PC. Why use this software, no reason except that it was available for free. Also, I'm sure other WOL software out there for different platforms that work just as well or with more features.
First of all, I see according to your question, you used relays UDP destination port 7, well it is the default setting on the UDP relay on my switch.
I wonder why you used or stayed with destination UDP port 7, because the Magic packet mailers may use different destination UDP ports?
I had to use wireshark to see the real destination UDP port that uses my sender of the magic packet WOL.
Notice of capturing wireshark above, that my magic packet software uses the UDP port destination 9, NOT the default value that you can see on the switch. Ignore what wireshark labels this port.
OK, I then created a VLAN that I named "VLAN2' with a = 2 VID on my SG300 - 10 p (SRW2008P-K9-NA)
I added a 192.168.2.1/24 IP interface to VLAN2, which is a different network from the default VLAN.
I then added three ports this VLAN newly created as a member untagged VLAN2.
The default VLAN (VID = 1) an IP network 192.168.10.0/24.
My NAS (WOL capable) unit has an IP address of 192.168.10.61.
I plugged my PCt to the vlan 2 and statically assigned 192.168.2.2/24. It is the PC that has the magic package software.
I added a route static to my router WAN, just so that I could access the router my PC attached to the VLAN2 WAN.
I tried the magic packet WOL software and will not turn on my NAS. He expected that the magic packet broadcast would never jump over a limit of LAN in one VLAN different...
Now, I tried to install a UDP relay so that the Magic Packet WOL "would be" the VLAN2 network interface VLAN1.
So I configure and add to my SG300 UDP relay entry - 10 p. See the screen capture below.
I have to admit, I'm used to using UDP relay normally take a netbios broadcast and unicast to a server Ms.
But check the screenshot below, I put the switch to send the UDP relay to the broadcast address of VLAN1 network... The magic packet Wakeup sent from my PC into 2 VLANS must have passed over the limit VLAN that my NAS unit woke.
In order to check the destination port UDP to your WOL software using wireshark, and then create an appropriate UDP relay.
Experiment and play with that, once you get your device WOL properly powereing successfully.
Best regards, Dave
If I answered your question, please rate the relevance of this response
-
WIndows Server with multiple IP addresses in different VLANS
What I'm trying to achieve: -.
A Server Windows 2008 R2 Virtual machine with of 6 vNIC each with an IP different address of VLAN different & connected to the corresponding ports on VIRTUAL LAN group.
Now how to make sure that traffic is properly flowing as traffic for VLAN specific are coming and get out of that vnic so that it can flow through port designated group
As a single gateway can be mentioned, I guess we need to add static routes for that to work, but if it's static routes, then please explain to me how these roads will need to be added for each IP address.
Or if there is another way to make her even if you please let me know.
Thanks in advance...
I was wondering what I really need to add roads since I am not asking that two different VLAN is talking to each other. Guess that's when I need the static routes.
I guess in this case if I have 3 NIC with 3 different IP addresses would not be the traffic corresponding VLAN will come automatically the corresponding card.
That would not be in the range 1.2.3.x traffic flows automatically NIC1 & 5.6.7.x runs automatically NIC2 & etc.?
-
Can you have vCenter and your database server on different VLAN?
According to the title, can you have vCenter and your database server on different VLANS or must they reside on the same?
Also if we want to change the current IP Address/Subnet Mask vCenter, are there factors that we take into account?
Thanks in advance for any help
Yes they can, so you must only be sure to have enough bandwidth network and speed between them will not affect the performance of VC.
To change the IP of vCenter, keep an eye on this: http://kb.vmware.com/kb/1001493
-
App 5.1 server does not not on different VLANS
Helloooo
I just installed a new server and I use the server application. Everything seemed to work fine until I moved my iMac to a VLAN different. Profiles and update settings do not push to the iMac and sit at a stadium in waiting. Also to register the new iMacs on the server I get to the login server window and it crashes it and does not authenticate. Screen opens by saying that I can open a second window and registration. When I try to register, I get an unknown error and that it fails. It seems timeless. I tried to change a lot of settings prescribed by other users, but nothing helped. Someone at - it advice on what could be the problem.
See you soon
Sean
Hello
I took the easy on this way and bring a USB ethernet to my mac so that I have two physical interfaces. An in each VLAN.
There are other ways to do this, and this is a good article:
https://blog.Pivotal.IO/Labs/Labs/using-deploystudio-across-Subnets-a-Path-Not-t Aken
Kind regards
Erik
-
Assign different VLAN wireless authentication
Dear Stephen,
I want this product fits the following situation?
The user will use their laptop to assign the internet by the following situtaion.
1. they will go to a web portal to choose their internet service provider and connecting to services.
2. once they got successful connection, they can use their PC to access the internet.
What I think is that they will have access to a vlan public web portal, once they got the authentication. Their links will assign to differnet vlan (different service provider). Eventually they get the IP address of the DHCP server on MS and go to the internet.
I can't find a solution for above situation, can you help me?
I suggest that you go for the Cisco unified wireless solution. More information about the Cisco solution unified are available at http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_package.html
For your scenario, I suggest that you create two VLANS. One for guest users and the other for internal users. An example configuration that is available at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
-
Between Cisco ASA VPN tunnels with VLAN + hairpin.
I have two Cisco ASA (5520 and 5505) both with version 9.1 (7) with Over VPN and Security Plus licenses. I try to understand all the internet a traffic tunnel strategy VLAN especially on the 5520 above the 5505 for further routing to the internet (such as a hair/u-turn hairpin). A few warnings:
- The 5505 has a dynamically assigned internet address.
- The 5505 has sometimes no device turned on behind her, bringing interfaces down to the inside (which can cause problems from site to site).
- The 5520 cannot be a client of ezvpn due to its current role as a server of webvpn (anyconnect).
Let me know if I need to post my current config. Basically, I'm starting from scratch after several attempts.
Thank you!
- The 5505 has a dynamically assigned internet address.
You can use the following doc to set up the VPN and then this document to configure Hairping/U tuning
2. the 5505 has sometimes no device turned on behind her, bringing interfaces down to the inside (which can cause problems from site to site).
Make sure that the interface is connected to a switch so that it remains all the TIME.
3. 5520 the may not be a ezvpn customer due to she has current as one role anyconnect webvpn ()) server.
You can use dynamic VPN with normal static rather EZVPN tunnel.
Kind regards
Dinesh MoudgilPS Please rate helpful messages.
-
Hi all
My RADIUS server is on Vlan different and I have configured AAA on my switch located on one Vlan different. Is it possible to point RADIUS server to use the Vlan I want?
Any help will be much appreciated.
Thank you.
Hello
Are you talking about the switch using a VLAN different?
If the command you are looking for is:
radius of the source interface IP Vlan
Thank you
Chris
Edit: Your VLANS will need a layer 3 interface.
-
Client VPN access to VLAN native only
I have a router 2811 (config below) with VPN set up. I can connect through the VPN devices and access on the VLAN native but I can't access the 10.77.5.0 (VLAN 5) network (I do not access the 10.77.10.0 - network VLAN 10). This question has been plagueing me for quite a while. I think it's a NAT device or ACL problem, but if someone could help me I would be grateful. Client VPN IP pool is 192.168.77.1 - 192.168.77.10. Thanks for the research!
Current configuration: 5490 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
2811-Edge host name
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
!
AAA new-model
!
AAA authentication login userauthen local
AAA authorization groupauthor LAN
!
AAA - the id of the joint session
!
IP cef
No dhcp use connected vrf ip
DHCP excluded-address IP 10.77.5.1 10.77.5.49
DHCP excluded-address IP 10.77.10.1 10.77.10.49
!
dhcp Lab-network IP pool
import all
Network 10.77.5.0 255.255.255.0
router by default - 10.77.5.1
!
pool IP dhcp comments
import all
Network 10.77.10.0 255.255.255.0
router by default - 10.77.10.1
!
domain IP HoogyNet.net
inspect the IP router-traffic tcp name FW
inspect the IP router traffic udp name FW
inspect the IP router traffic icmp name FW
inspect the IP dns name FW
inspect the name FW ftp IP
inspect the name FW tftp IP
!
Authenticated MultiLink bundle-name Panel
!
voice-card 0
No dspfarm
!
session of crypto consignment
!
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 2
life 7200
!
Configuration group customer isakmp crypto HomeVPN
key XXXX
HoogyNet.net field
pool VPN_Pool
ACL vpn
Save-password
Max-users 2
Max-Connections 2
Crypto isakmp HomeVPN profile
match of group identity HomeVPN
client authentication list userauthen
ISAKMP authorization list groupauthor
client configuration address respond
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac vpn
!
Crypto-map dynamic vpnclient 10
Set transform-set vpn
HomeVPN Set isakmp-profile
market arriere-route
!
dynamic vpn 65535 vpnclient ipsec-isakmp crypto map
!
username secret privilege 15 5 XXXX XXXX
username secret privilege 15 5 XXXX XXXX
Archives
The config log
hidekeys
!
IP port ssh XXXX 1 rotary
!
interface Loopback0
IP 172.17.1.10 255.255.255.248
!
interface FastEthernet0/0
DHCP IP address
IP access-group ENTERING
NAT outside IP
inspect the FW on IP
no ip virtual-reassembly
automatic duplex
automatic speed
No cdp enable
vpn crypto card
!
interface FastEthernet0/1
no ip address
automatic duplex
automatic speed
No cdp enable
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
IP 10.77.1.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
IP 10.77.5.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
IP 10.77.10.1 255.255.255.0
IP access-group 100 to
IP nat inside
IP virtual-reassembly
!
interface FastEthernet0/0/0
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet0/1/0
no ip address
Shutdown
automatic duplex
automatic speed
!
router RIP
version 2
10.0.0.0 network
network 172.17.0.0
network 192.168.77.0
No Auto-resume
!
IP pool local VPN_Pool 192.168.77.1 192.168.77.10
no ip forward-Protocol nd
!
IP http server
no ip http secure server
overload of IP nat inside source list NAT interface FastEthernet0/0
!
IP extended INBOUND access list
permit tcp any any eq 2277 newspaper
permit any any icmp echo response
allow all all unreachable icmp
allow icmp all once exceed
allow tcp any a Workbench
allow udp any any eq isakmp
permit any any eq non500-isakmp udp
allow an esp
allowed UDP any eq field all
allow udp any eq bootps any eq bootpc
NAT extended IP access list
IP 10.77.5.0 allow 0.0.0.255 any
IP 10.77.10.0 allow 0.0.0.255 any
IP 192.168.77.0 allow 0.0.0.255 any
list of IP - vpn access scope
IP 10.77.1.0 allow 0.0.0.255 192.168.77.0 0.0.0.255
IP 10.77.5.0 allow 0.0.0.255 192.168.77.0 0.0.0.255
!
access-list 100 permit udp any eq bootpc host 255.255.255.255 eq bootps
access-list 100 permit udp host 0.0.0.0 eq bootpc host 10.77.5.1 eq bootps
access-list 100 permit udp 10.77.10.0 0.0.0.255 eq bootpc host 10.77.5.1 eq bootps
access-list 100 deny tcp 10.77.10.0 0.0.0.255 any eq telnet
access-list 100 deny ip 10.77.10.0 0.0.0.255 10.77.5.0 0.0.0.255
access-list 100 deny ip 10.77.10.0 0.0.0.255 10.77.1.0 0.0.0.255
access ip-list 100 permit a whole
!
control plan
!
Line con 0
session-timeout 30
password 7 XXXX
line to 0
line vty 0 4
Rotary 1
transport input telnet ssh
line vty 5 15
Rotary 1
transport input telnet ssh
!
Scheduler allocate 20000 1000
!
WebVPN cef
!
end
If you want to say, that after the way nat rules which I have proposed, you lost the connection to the VLAN native, so yes, it's because the subnet VLANs native has not been included in this acl with Deny statement. So that the ACL should look like this:
NAT extended IP access list
deny ip 10.77.5.0 0.0.0.255 192.168.77.0 0.0.0.255
deny ip 10.77.1.0 0.0.0.255 192.168.77.0 0.0.0.255 //This is not respected
allow an ip
In addition, if you want to go throug the other tunnel inside the subnet not listed above, then you should include that subnet to the NAT exemption rule with Deny statement.
-
Firewall VPN, VMs and VLAN
It is just a simple example to help me understand.
Let's salsa in my data center, I have a simple setup with 1 firewall (LAN port) connected to the server physical 1' data network port. The server has two network, 1 data and 1 management ports.
3 branch offices are connected to the WAN port on the firewall via VPN, and each office is on a separate subnet. The firewall is capable of creating VLANs of course. For example, I can direct traffic to office 1 to go to the VLAN 1 which is the 1st Port of the firewall.
The requirement is that each office wants their own virtual machines. Virtual machines for an office are not allowed to talk to other virtual machines for other offices.
How can I set up? How I would order traffic to office 1 to go to the VLAN1 where VMs for Office 1 would also live and then do the same for Office 2 & 3? I need 3 network ports (one for each office) on the physical server to accomplish this or I could use "vSwitch' function?
No additional need to NICs. We establish Setup with existing maps.
1. create 3 VLANs (for example: 11,12 and 13) for each office.
2. set the switch port physical/firewall which is connected to taking data network of servers in TRUNK mode. Its to allow the traffic of all the VLANS.
3. create 3 exchanges in vswitch (for example: 1, 2 and 3 office)
4 VLANs for each card exchanges.
VLAN 11-> office1
VLAN 12-> office2
VLAN 13-> guidelines3
5. connect the virtual machines to their respective trade.
-
Several iSCSI SAN on different VLANS
I have a little trouble to get this configured.
In our environment, we have 4 guests and 2 EqualLogic iSCSI San. Each host has 3 NICs dedicated to iSCSI traffic, and they have been implemented to use the plugin for Multipathing of Dell with 3 VMKernel iSCSI ports, each bound to a NETWORK adapter physical and then linked to the iSCSI software adapter.
We want to add a new SAN QNAP out some VMs test & dev environment of low cost data warehouses. The QNAP San not supporting Jumbo frames, we want to move them to their own VIRTUAL local area network.
Can someone tell me how I can get this set up? I need of course a new VMKernel port running on the VLAN again, but after that I'm stuck.
Thank you
First: the initiator will be gracefully demote by using standard images.
Second, there is nothing that prevents you from using the same trade for the qnap. If it does not manage the same way MPIO, you may need to add more exchanges and vmknics. If you place moderate to heavy load on the qnap it would interfere with the ability of the EMM to balance the load properly but allows to measure.
We have a group EQL and a Celerra making MPIO in different ways. With Celerra you add several portals (ip addresses) network on different subnets so ideally you set up your trade in this way. For us, this meant adding a second portgroup and vmknic on each vmnic, resulting in a whole bunch of paths to the Celerra said. If our use of Celerra was far from being weak to non-existent I probably don't have it.
-Anders
-
NFS/iSCSI ports vmkernel - different VLAN?
I have a question, if you already have a vmkernel port defined for NFS (in vlanX), and if you want to set the iSCSI on the same physical network adapter vmkernel port/ports, then you would give this NIC iSCSI even vlan like NFS or vlanY for iSCSI?
If you have found this device or any other answer useful please consider useful or correct buttons using attribute points
I would create different VGA (and VLAN) for the types of traffic. It's simple, and it will stand the test of time and changes in your iSCSI environment. You can add network cards later, you can separate the iSCSI network in main switch.
My situation is a little different to yours I have NFS coming through vPC on Nexus s 2148 (here 1000V) and traffic iSCSI in France via 3750 s (here 1000V). The NFS traffic using vPC and iSCSI traffic uses MAC pinning and iSCSI MPIO. Very different profiles. A time ago I would have found myself in a situation similar to yours, and I took a simple approach to share the same VLAN I would be regret and detangle it right about now
Andrew.
-
Hello
I have a prolem routing dhcp requests between the vlan management where DHCP server resides and the other VLANs.
I have the scenario of base with three VLANS: vlan 10 (management vlan), 20, 30, configured on a Powerconnect 6224 switch L2 mode. This switch is connected to a pfsense router. The router is configured at the package of road between the VLANS and it does it well.
In Vlan 10, I have a configured DHCP server to use the ip addresses of all the VLANS (10, 20, 30). VLAN 10 client computers receive ip address but not others from other VLANs.
When I put the ip address in the appropriate range of VLANs manually on computers, I ping the server and I have connectivity.
This suggests that the problem is with the dhcp package.
The following is the configuration of the switch:
Configure
database of VLAN
VLAN 10,20,30
VLAN 1 1 routing
VLAN 20 2 routing
VLAN 30 3 routing
output
SNTP server time.nist.gov
clock timezone 1 minutes 0
battery
1 1 member
2 2 Member
output
DHCP IP address
IP address vlan 10
name of the IP-server 172.16.10.1bootpdhcprelay cidridoptmode
interface vlan 1
Routing
IP 172.16.1.1 255.255.255.0
output
interface vlan 20
Routing
address 172.16.20.1 IP 255.255.255.0
output
interface vlan 30
Routing
IP 172.16.30.1 255.255.255.0
output
level of 20fc49459a1898b923ed3ec7b3e81276 user name 'admin' password encrypted 15
No spanning tree
spanning tree priority 0
l2relay DHCP
DHCP l2relay VLANs 10, 20-30
DHCP l2relay circuit-id VLANs 10, 20-30
!
interface ethernet 1/g2l2relay DHCP
switchport access vlan 20
output
!
interface ethernet 1/g3
l2relay DHCP
switchport access vlan 30
output
!
interface ethernet 1/g21
switchport access vlan 10
output
!
interface ethernet 1/g22
switchport access vlan 10
output
!
interface ethernet 1/g23
switchport access vlan 10
output
!interface ethernet 1/g24
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
output
Server SNMP community EyesOfNetwork ro
SNMP-server community public ro
outputI followed the instructions in the powerconnect 6224 user guide, but no progress on this issue.
Any help will be be grateful.
Thank you
Zoubeir
The DHCP server stores information that could be useful? May need to configure monitoring ports and something as wireshark to monitor DHCP packets. This would help determine where the package is stopping.
example:
Console (config) #monitor session 1 source interface 1/g8
Console (config) #monitor session 1 destination interface 1/g10
session mode 1 #monitor console (config)
right now I don't see anything in the config of the switch that stands out. If the DHCP server is configured for option 82, then you will need to include the following command on the switch.
Example:
Trust l2relay console #dhcp (config-if-1/g1)
But I don't think that's our scenario here.
-
Internet connection through different VLAN
Could someone help me here please.
Have a cisco SG500 2 (mode layer 3) configured with 3 VLAN connected to a modem adsl (Trendnet) - vlan voice 1 data, vlan 2, vlan 3 tests. Routing between VLANs is ok I can ping any device in any vlan and have access to the internet through the vlan 1 but no internet access on the other vlan is the vlan 2 and 3. No ping to adsl, if I plugged in a device in the vlan 2 or 3. My question is do I have a router or firewall in order to provide internet access through all my VLAN or is it possible with the SG500 connected to adsl? a turn on ip Routing and the default route in my SG500, but still no luck. need internet connection for the PC as well as voip devices.
Thank you
Hi Paul, the switch performs no NAT function so if your modem is only a modem giving public IP addresses then you would need a router to support the NAT function and support the vlan or the static routes.
If your modem works as a router, need you a static route on the modem to point to the SVI to the switch to allow the clients of vlan connection to connect to the modem to turn, what makes the internet work.
-Tom
Please mark replied messages useful
Maybe you are looking for
-
Bookmark toolbar folders show empty drop down box
Basically since the last update, about half of the time when I try to open one of the folders on my bookmarks toolbar, it will show a drop translucent drop-down rather than show the bookmarks in that folder. You can always click where none of those b
-
Since yesterday, 15. August, whenever I take the laptop to sleep, all I get is a black screen and after a minute, a cursor on a black screen. The laptop does not revocer of this State. Only solution is to force the reboot. A reinstall of Win 10 has n
-
Re: Satellite A210 - 11 p: how to change the GPU shared memory
Hi all,I recently bought this laptop with 2 GB of memory.I just bought 4 GB of Crucial, after doing the scan and it recommends the right Ram purchase. I installed it and when check in information system's watch than 3.3 GB.Now that I'm confused becau
-
WEIRD update on my Satellite Pro A120
Please help - recently, I have tried to update my Satellite Pro A120 player combo (PSAC1) on a DVD rw (NEC OPTIARC) - the new drive is powered and you can hear the disc spinning long. HoweverI do not this drive appears in my computer as a drive, and
-
Mini IPad 2 didn't BT pair with phone g motorcycle
Matching by Bluetooth mini iPad 2 and Motorola moto g smartphone has failed. The ipad will be displayed as a paired device on the phone, but not vice versa. Is it possible to get this working on the side of the ipad?