I'm dealing with a S4048T-ON switch.
It has 3 vlans. One for the workstations, one for management of servers etc and one for actuall usage of those server.
VLAN 226 is the first one and everything is fine. I'm dealing with VLAN 227 on which I have no internet access and I cant's resolve external ips, but I can ping and resolve local hosts from 226. That the problem. We need internet connectivity on VLAN 227 aswell.
The switch has been configured by someone before me, so I have to catch up.
Here is the output of the ip show route command:
*S 0.0.0.0/0 via 192.168.26.1, Vl 226
via 192.168.27.1, Vl 227
C 192.168.26.0/24 Direct, Vl 226
C 192.168.27.0/24 Direct, Vl 227
Router NAT config:
target prot opt source destination
SNAT all -- 192.168.26.0/24 !192.168.0.0/16 to:XXXXXXXXX
SNAT all -- 192.168.29.0/24 !192.168.0.0/16 to:XXXXXXXXX
MASQUERADE all -- anywhere anywhere
This is the running config of the switch at the moment
Current Configuration ...
! Version 9.11(2.1)
! Last configuration change at Thu Feb 8 10:30:21 2018 by admin
! Startup-config last updated at Thu Feb 8 09:22:01 2018 by admin
!
boot system stack-unit 1 primary system://A
boot system stack-unit 1 secondary system://B
boot system stack-unit 1 default system://A
!
!
logging coredump stack-unit 1
logging coredump stack-unit 2
logging coredump stack-unit 3
logging coredump stack-unit 4
logging coredump stack-unit 5
logging coredump stack-unit 6
!
hostname core-1
!
protocol lldp
!
redundancy auto-synchronize full
!
enable inverse-mask
!
ip dhcp snooping vlan 226
!
stack-unit 1 provision S4048T-ON
!
stack-unit 1 port 53 portmode quad
!
interface TenGigabitEthernet 1/1
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/2
no ip address
portmode hybrid
switchport
no shutdown
!
interface TenGigabitEthernet 1/3
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/4
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/5
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/6
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/7
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/8
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/9
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/10
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/11
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/12
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/13
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/14
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/15
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/16
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/17
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/18
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/19
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/20
no ip address
switchport
switchport mode private-vlan trunk
no shutdown
!
interface TenGigabitEthernet 1/21
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/22
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/23
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/24
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/25
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/26
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/27
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/28
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/29
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/30
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/31
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/32
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/33
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/34
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/35
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/36
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/37
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/38
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/39
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/40
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/41
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/42
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/43
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/44
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/45
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/46
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/47
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/48
no ip address
switchport
no shutdown
!
interface fortyGigE 1/49
description uplink-fo40-1
no ip address
no shutdown
!
interface fortyGigE 1/50
description uplink-fo40-1
no ip address
no shutdown
!
interface fortyGigE 1/51
description uplink-fo40-2
no ip address
no shutdown
!
interface fortyGigE 1/52
description uplink-fo40-2
no ip address
no shutdown
!
interface TenGigabitEthernet 1/53/1
no ip address
no shutdown
!
interface TenGigabitEthernet 1/53/2
no ip address
no shutdown
!
interface TenGigabitEthernet 1/53/3
description blade-1
no ip address
switchport
no shutdown
!
interface TenGigabitEthernet 1/53/4
no ip address
no shutdown
!
interface fortyGigE 1/54
no ip address
no shutdown
!
interface ManagementEthernet 1/1
no ip address
no shutdown
!
interface ManagementEthernet 2/1
no shutdown
!
interface ManagementEthernet 3/1
no shutdown
!
interface ManagementEthernet 4/1
no shutdown
!
interface ManagementEthernet 5/1
no shutdown
!
interface ManagementEthernet 6/1
no shutdown
!
interface Port-channel 1
description uplink-fo40
no ip address
switchport
spanning-tree mstp loopguard
channel-member fortyGigE 1/49,1/50
no shutdown
!
interface Port-channel 2
description uplink-fo40-2
no ip address
switchport
spanning-tree mstp loopguard
channel-member fortyGigE 1/51,1/52
no shutdown
!
interface Vlan 1
no shutdown
!
interface Vlan 20
description internet
no ip address
untagged TenGigabitEthernet 1/1
no shutdown
!
interface Vlan 226
ip address 192.168.26.253/24
tagged Port-channel 1-2
untagged TenGigabitEthernet 1/2-1/3,1/6-1/19,1/21-1/38
ip helper-address 192.168.26.1
no shutdown
!
interface Vlan 227
description renders
ip address 192.168.27.253/24
tagged Port-channel 1-2
untagged TenGigabitEthernet 1/53/3
ip helper-address 192.168.26.1
no shutdown
!
interface Vlan 228
description managment
ip address 192.168.28.253/24
tagged TenGigabitEthernet 1/2
tagged Port-channel 1-2
untagged TenGigabitEthernet 1/4-1/5,1/20,1/39-1/48
no shutdown
!
ip route 0.0.0.0/0 Vlan 226 192.168.26.1
!
ip domain-name wwfx.co.uk
!
ip ssh server enable
!
line console 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
http-server http
ip http source-interface Vlan 226
!
reload-type
boot-type normal-reload
config-scr-download enable
!
end
Simple topology drawing:
ip route list on the router:
192.168.26.0/24 dev eth1 proto kernel scope link src 192.168.26.1
192.168.27.0/24 via 192.168.26.1 dev eth1 scope link
192.168.28.0/24 via 192.168.26.1 dev eth1 scope link
Best Answer
The issue is that your router doesn't perform NAT for the network pertaining to VLAN 227
You need to add a NAT rule with:
sudo iptables -t nat -A POSTROUTING -s 192.168.27.0/24 ! -d 192.168.0.0/16 -j SNAT --to-source <your public IP address>Be cautious when playing with iptables on a production environment though!