Can't get Internet on second VLAN

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Okay, so here is what we want:

Wired LAN - 10.3.0.0/23 - VLAN130
Wireless Secure WLAN - 10.4.0.0/23 - VLAN40
Wireless Guest WLAN - 10.10.2.0/23 - VLAN102

The wired is working as it should. But I can't get 10.4's and 10.10's on the internet. DHCP is working as it should. The Secure SSID is handing out 10.4's and the Guest is handing out 10.10's but no internet. I've attached the pic where it references the VLAN in the config we're working on.



What else do you need to know to help us? It's greatly appreciated.
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
  • frustrated

Posted 5 years ago

  • 1
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
Oh by the way, here is how the ports that the AP330's are plugged into on an HP Procurve 2910al:

VLAN130 - Untagged
VLAN102 - Tagged
VLAN40 - Tagged
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Personal preference for me is to separate mgmt traffic from user traffic
I would create a VLAN just for AP mgmt
I would create a native vlan that has no ip addressing
I would create a vlan for your PSK SSID - would call is secure though and assign the vlan in the user profile
I would create a vlan for for the guest and assign it via user profile

make sure you dhcp is assignning DNS

Use the vlan probe to test the vlans

A
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
That's exactly what I thought I did. Separate VLANs for Secure (40) and for Guest (102). DHCP works, but no internet. We are using an old BEC modem/router, could be a static route issue, right?
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
could be anything

I would check dns resolution
NAT at the firewall or router
Routing
Photo of Loren

Loren

  • 48 Posts
  • 2 Reply Likes
Take the wireless out of the equation. Assign a switch port to the Vlans and see what happens. Then you will know if the problems is on the wired side, which I believe it is.
Photo of Larry

Larry

  • 55 Posts
  • 1 Reply Like
Yeah, that's what I'm going to do. I'm sure now its because there is no static route for the new subnets in the Modem/router.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
assuming all routing is done at your router and not on your switch. Then what you are looking at is a router on a stick, the router interface would need to trunk into each vlan and have the Default Gateway ip address configured on a sub interface associated with the new vlans.

If your switch is layer 3 capable you would have to create the virtual routing interface in each vlan and have a default route to your router and return routes to your switch in the router.

you may also need NAT at your router for your new vlans

http://www.bitmindframes.info/inter-v...

really depends on your equipment