2 vlans and one internet connection

Toggle sidebar Toggle sidebar
S

sho1sho1

Reputable
Apr 20, 2015
4
0
4,510
Hello all! I have been trying to get this to work on my Netgear GSM7324 layer 3 switch with no success.

I have DD-wrt router (192.168.1.1 with dhcp) connected to the internet.

I have vlan10 (vlan interface 192.168.1.20 with no dhcp) and vlan20 (vlan interface 192.168.4.1 with dhcp) setup on the layer 3 switch and intervlan routing is enabled.

vlan10 has a cable going to DD-wrt router, and anything in vlan10 have internet access.
However, none of the pc's on vlan20 have internet access.

Does anyone have any experience in this type of setup?
vlan20 gets internet access via vlan 10.

Please help if you can! Thanks!
 
Solution
B
I knew there was something screwy about the NAT in dd-wrt. It only nats the "connected" interfaces so it will only do 192.168.1.0/24

Take a look at this document.
http://www.patrikdufresne.com/en/multiple-subnets-routing-with-dd-wrt/

The key one is to put in the long IPTABLES command to allow it to nat both subnets.
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,279
2,741
125,640
You have to have configure the router to send 192.168.4.0/24 to 192.168.1.20. The switch also needs a default route set to 192.168.1.1. The router also must be configure to nat 192.168.4.0/24 when it is sent to the internet. I forget if you need to explicitly tell it to nat the second ip block or it just nats everything.
 
Upvote 1 Downvote
L

lyner10

Distinguished
Aug 18, 2010
38
0
18,540
Your vlan 20 doesn't have any PAT configuration. Ip nat outside/inside and no default route and access list. You have a L3 switch. It should be capable of those things.

The reason why vlan 10 has internet access is because your DD-WRT act as the default gateway for vlan10 and both in the same subnet.
Tell the router to use 192.168.1.1, 255.255.0.0, so everyone gets internet access though this is not how you do it.
 
Upvote 0 Downvote
F

FiL

Distinguished
Feb 4, 2002
588
0
19,010
my guess is that the DHCP on vlan 10 is giving the default route as itself, 192.168.1.20

where as in fact the default route on vlan 10 should be 192.68.1.1


vlan20 works because the switches dhcp correctly gives the default route on vlan 20 as the L3 switch, which then routes inter vlan (so vlan 20 has internet)
 
Upvote 0 Downvote
U

Urumiko

Distinguished
Dec 28, 2013
505
0
19,160
You might be able to cheat by telling the router the local subnet mask is 255.255.0.0 which encompasses both vlans, but make sure DHCP only covers vlan 10. You still need a default route on vlan 20. Though Bill001g's answer is the correct way.
 
Upvote 0 Downvote
F

FiL

Distinguished
Feb 4, 2002
588
0
19,010
You have to have configure the router to send 192.168.4.0/24 to 192.168.1.20. The switch also needs a default route set to 192.168.1.1.
Click to expand...

problem i have with that is you'll have the router continually chucking out ICMP redirects to 192.168.1.1 as the "correct" router is on the same vlan.

ideally the switch's DHCP on vlan 10 should reference the router's IP as the gateway, not its own.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,279
2,741
125,640


But you read his initial statement incorrectly the switch is not running the DHCP for vlan 10 the router is. If the switch was the DHCP server for vlan 10 it would be best to have it use the router as the gateway.

 
Upvote 0 Downvote
S

sho1sho1

Reputable
Apr 20, 2015
4
0
4,510
First, thanks for all of your inputs! Lets go step-by-step.

DD-wrt set as gateway connected to internet, DHCP enabled 192.168.1.1/24 has NAT.

I put 0.0.0.0 0.0.0.0 192.168.1.1 for a default route on layer 3 switch.
Under VLAN routing, I put 192.168.4.0 255.255.255.0 192.168.1.20.

From 192.168.4.2 (pc connected to vlan20), I can ping 192.168.4.1, 192.168.1.20, and 192.168.1.1.

When I tried to ping 8.8.8.8, it stops at DD-wrt 192.168.1.1 and it goes no further...

So, it looks like 192.168.4.0 knows to go to 192.168.1.1, but from there, it's lost...

Puzzled...


 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,279
2,741
125,640
I knew there was something screwy about the NAT in dd-wrt. It only nats the "connected" interfaces so it will only do 192.168.1.0/24

Take a look at this document.
http://www.patrikdufresne.com/en/multiple-subnets-routing-with-dd-wrt/

The key one is to put in the long IPTABLES command to allow it to nat both subnets.
 
Upvote 0 Downvote
Solution
L

lyner10

Distinguished
Aug 18, 2010
38
0
18,540
DDWRT only knows the subnet mask of 192.168.1.0 /24. Try adding a static route of 192.168.4.0 255.255.255.0 pointing to an exit interface (probably the switch) on the router.
 
Upvote 0 Downvote
S

sho1sho1

Reputable
Apr 20, 2015
4
0
4,510
You guys are so awesome! I have been puzzled at this for a couple of months now... and I can finally get internet access from vlan20!

Since inter-vlan routing is enabled... to ensure privacy between vlans, do I just put in access list to prevent traffic from one vlan to another?

Thanks!
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom