Solved

Client PCs not getting internet traffic

Posted on 2014-12-17
5
349 Views
Last Modified: 2014-12-28
Hi Expert!

I need help on configuring a network. you will find attached the illustration of that network. I have a cisco C3560 that I am using to create multiple vlans. this layer 3 switch is connected to a Cisco Meraki security Appliance. The clients machines receive address from the DHCP server and the InterVlan is working fine. each client machine can ping each other on different VLAN. The problem I am facing now the internet is not flowing in the network. It seems it blocked somewhere on the cisco 3560 layer 3 device. Find below the configuration I made:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
on the Cisco Meraki MX80, I setup the lan port ip address to:  10.10.10.2 255.255.255.252 and create a static route: 0.0.0.0 0.0.0.0 10.10.10.1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
on Cisco 3560
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname 3560G
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$7viV$AVBSBmfScyebtHtpcVmNd.
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
!
crypto pki trustpoint TP-self-signed-553539200
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-553539200
 revocation-check none
 rsakeypair TP-self-signed-553539200
!
!
crypto pki certificate chain TP-self-signed-553539200
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
 description to internet firewall Cisco MX80
 no switchport
 ip address 10.10.10.1 255.255.255.252
!
interface GigabitEthernet0/14
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/15
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/16
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/17
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/18
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/19
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/20
 switchport access vlan 24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 192.168.1.30 255.255.255.0
!
interface Vlan20
 description VLAN-Direction-Generale
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 192.168.24.13
!
interface Vlan21
 description VLAN-Direction-Administrative-Financiere
 ip address 192.168.21.1 255.255.255.0
 ip helper-address 192.168.24.13
!
interface Vlan22
 description VLAN-Direction-CR-DT
 ip address 192.168.22.1 255.255.255.0
 ip helper-address 192.168.24.13
!
interface Vlan24
 description VLAN-Management
 ip address 192.168.24.1 255.255.255.0
 ip helper-address 192.168.24.13
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
!
logging esm config
!
!
banner motd authorized access only
!
line con 0
 password 7 094A5C1E54170F51485C55
 logging synchronous
 login
line vty 0 4
 password 7 110F0B125A00134F477A7A
 logging synchronous
 login
 length 0
line vty 5 15
 password 7 110F0B125A00134F477A7A
 logging synchronous
 login
 length 0
!
end
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0
Comment
Question by:Kanga Kangatchi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Expert Comment

by:rharland2009
ID: 40506846
The problem is your default route on your layer 3 switch points to the Meraki, and the default route on the Meraki points back to the VLAN IP address on the layer 3 switch. You need a route on the Meraki to point traffic to the Internet - whatever is configured on the WAN/Internet side of the Meraki.
0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 40508159
Yeah your default routing on the L3 switch and Meraki is creating a routing loop.

your Meraki should look like this:

0.0.0.0 0.0.0.0 WAN-DEFAULT-GATEWAY-IP
192.168.1.0 255.255.255.0 10.10.10.2
192.168.20.0 255.255.255.0 10.10.10.2
192.168.21.0 255.255.255.0 10.10.10.2
192.168.22.0 255.255.255.0 10.10.10.2
192.168.24.0 255.255.255.0 10.10.10.2
0
 

Author Comment

by:Kanga Kangatchi
ID: 40520990
thanks, it solved. I just needed to set my default route on the meraki to point to 10.10.10.2
static route: 192.168.0.0 255.255.0.0 10.10.10.2
0
 

Author Comment

by:Kanga Kangatchi
ID: 40520996
I've requested that this question be closed as follows:

Accepted answer: 0 points for Kanga Kangatchi's comment #a40520990

for the following reason:

the cisco meraki is configuration is quite simple. i was looking for complex configs.
0
 

Author Closing Comment

by:Kanga Kangatchi
ID: 40520997
he put me on the way
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question