Solved

PC on new VLAN no Internet

Posted on 2014-10-01
11
121 Views
Last Modified: 2014-10-06
Hey guys,

We have 1 user who requested their own VLAN today. We have a Cisco 2960 Switch and a Cisco ASA5505 Firewall.

So i made a new VLAN on the 2960, made a DHCP pool for them (which assigned them an IP).

On the ASA, i create a new object network (USER_LAN) with the network 192.168.211.0 for them and natted it to the dynamic interface.

They cannot get online. What am i missing here?
0
Comment
Question by:Cobra25
11 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355396
Did you allow the traffic on the ASA?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355416
Yes, i forgot to add a route on the ASA, but i think i need to enable a route on my 2960, not sure how to do that.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355442
You're routing on the 2960?  Then yeah, you'll need to create a route on the ASA for that new network. But that's different than "allowing" it on the ASA.  Remember, nothing gets through an ASA unless it's permitted. If you add a new network, you need to allow that traffic.
0
 

Expert Comment

by:Jonathan Dunn
ID: 40355459
The routing is done at your layer 3 device. So as long as you have the default gateway on the switch to the layer 3 device it should make it to your destination. if that is your 2960 just put the 0.0.0.0 0.0.0.0 public ip address. Also might want to verify nat. Not sure why you nat the vlan, perhaps you should just put pat on outside and let that do the work.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355465
Well i have 2 VLANs now on the 2960 with 2 different SVI's. So i would need routing.

I was told the 2960 could do static routes. But i dont see that capability on mine. I dont have a L3 device in the network.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355475
I was told the 2960 could do static routes. But i dont see that capability on mine.
Did you issue the "ip routing" command in global config?  Until you do that, you won't be able to create any static routes.

I dont have a L3 device in the network.
Sure you do... The ASA.  Depending on the license, you can create up to 20 VLANs on the ASA and do the routing there.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355516
It does not take the ip routing command. From what i read you need the LANBASE template installed to do ip routing.

The ASA only supports 3 VLANs, this is the 5505 BASE license.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40355525
Yep.  I assumed you had the IP base license.

Given that and ASA license, I don't see how you're going to be able to add an additional network.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40355734
how do i get the lanbase image?
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40355880
It won't do any good. There are hardware differences between the LAN Lite and LAN Base platforms.

Cisco 2960 Q&A

Q. Can I upgrade or downgrade a Cisco Catalyst 2960 Switch between the LAN Base and LAN Lite IOS images?
A. No. Cisco Catalyst 2960 Series Switches cannot be upgraded from LAN Lite to LAN Base and cannot be downgraded from LAN Base to LAN Lite.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 40356690
You absolutely need to be able to route packets, otherwise you will not be able to do what you want.
There are small/cheap devices that can do the trick, especially is you fuel them with some alternate firmware such as dd-wrt or openwrt.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now