Solved

PC on new VLAN no Internet

Posted on 2014-10-01
11
131 Views
Last Modified: 2014-10-06
Hey guys,

We have 1 user who requested their own VLAN today. We have a Cisco 2960 Switch and a Cisco ASA5505 Firewall.

So i made a new VLAN on the 2960, made a DHCP pool for them (which assigned them an IP).

On the ASA, i create a new object network (USER_LAN) with the network 192.168.211.0 for them and natted it to the dynamic interface.

They cannot get online. What am i missing here?
0
Comment
Question by:Cobra25
11 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355396
Did you allow the traffic on the ASA?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355416
Yes, i forgot to add a route on the ASA, but i think i need to enable a route on my 2960, not sure how to do that.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355442
You're routing on the 2960?  Then yeah, you'll need to create a route on the ASA for that new network. But that's different than "allowing" it on the ASA.  Remember, nothing gets through an ASA unless it's permitted. If you add a new network, you need to allow that traffic.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Expert Comment

by:Jonathan Dunn
ID: 40355459
The routing is done at your layer 3 device. So as long as you have the default gateway on the switch to the layer 3 device it should make it to your destination. if that is your 2960 just put the 0.0.0.0 0.0.0.0 public ip address. Also might want to verify nat. Not sure why you nat the vlan, perhaps you should just put pat on outside and let that do the work.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355465
Well i have 2 VLANs now on the 2960 with 2 different SVI's. So i would need routing.

I was told the 2960 could do static routes. But i dont see that capability on mine. I dont have a L3 device in the network.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355475
I was told the 2960 could do static routes. But i dont see that capability on mine.
Did you issue the "ip routing" command in global config?  Until you do that, you won't be able to create any static routes.

I dont have a L3 device in the network.
Sure you do... The ASA.  Depending on the license, you can create up to 20 VLANs on the ASA and do the routing there.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355516
It does not take the ip routing command. From what i read you need the LANBASE template installed to do ip routing.

The ASA only supports 3 VLANs, this is the 5505 BASE license.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355525
Yep.  I assumed you had the IP base license.

Given that and ASA license, I don't see how you're going to be able to add an additional network.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355734
how do i get the lanbase image?
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40355880
It won't do any good. There are hardware differences between the LAN Lite and LAN Base platforms.

Cisco 2960 Q&A

Q. Can I upgrade or downgrade a Cisco Catalyst 2960 Switch between the LAN Base and LAN Lite IOS images?
A. No. Cisco Catalyst 2960 Series Switches cannot be upgraded from LAN Lite to LAN Base and cannot be downgraded from LAN Base to LAN Lite.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40356690
You absolutely need to be able to route packets, otherwise you will not be able to do what you want.
There are small/cheap devices that can do the trick, especially is you fuel them with some alternate firmware such as dd-wrt or openwrt.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question