1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help! Using a Catalyst 3560-CX with a home modem/router

Discussion in 'Networks & Internet Connectivity' started by Gaijin, Mar 6, 2019.

  1. Gaijin

    Don

    Joined: Feb 18, 2003

    Posts: 8,411

    Location: Brighton/West Wicklow

    Hi guys,

    Hoping someone can help - i'm in IT but far removed from my networking days.

    I currently have a standard home setup with a wireless modem/router (Asus RT-AC52U) which does my wireless and wired connectivity for my home.

    The internet connection is a point-to-point line of sight Wimax-esque connection. I believe it uses double NAT. This will be changing in the coming months to a FTTH connection.

    I have a Cisco 3560-CX IP-base that I would like to use for a number of reasons including:
    • integrated PoE
    • general lab environment for my learning
    • VLAN demarcation using ACL's (not configured yet)
    I'm trying to set this up to work with my home modem/router but am falling short.

    Here's what i've done so far:
    1. Enabled IP routing on the 3560-CX
    2. Created multiple vlans with their own /24 subnets (10.10.10.x/10.10.20.x etc.)
    3. Created SVI's for the vlans
    4. Created DHCP pools where necessary for the vlans and confirmed working
    5. Set gateway of last resort on the 3560-CX to the Asus modem/router (192.168.1.1)
    6. Configured port 14 as a routed uplink port to the Asus modem/router (no switchport, set ip address 192.168.1.239 on the asus subnet 192.168.1.x/24)
    7. Static routes have been set up on the Asus modem/router
    PC's connected to the different vlans can see each other (ping), and can obviously ping the respective vlan gateways, but any attempt to ping onto the 192.168.1.x/24 modem/router subnet times out. Traceroutes stop at the gateway of the respective subnet that the PC resides on. If pinging from the 3560-CX itself in the CLI I can ping both the port 14 IP address and the asus modem/router.

    It's probably something stupid but i'm trying to ascertain the following:
    1. Why can't I ping / connect to the 192.168.1.x subnet from any of my created vlans?
    2. Do I need to do additional configuration on the Asus modem/router? Does it need to be in bridged mode?
    3. Looking for generally connectivity first but all vlans will need internet connectivity - haven't looked at NAT yet.
    Obligatory network diagram:

    [​IMG]

    Thanks in advance!
     
  2. ChrisD.

    Capodecina

    Joined: Sep 20, 2006

    Posts: 22,741

    I'm pretty ill at the moment so brain isn't working right, but have you told the ASUS router how to get traffic onto those VLANs at all? If it doesn't know it'll drop the traffic. Edit just read you have.

    Are you using proper L3 switching or are you going to route on a stick?
     
  3. mrkev

    Gangster

    Joined: Jan 20, 2013

    Posts: 104

    The router doesn't know anything about your 10.10.x.x networks. You need to add a route(s) for those networks and point it to your switch .
     
  4. ChrisD.

    Capodecina

    Joined: Sep 20, 2006

    Posts: 22,741

    He's set static routes on the router.

    If L3 routing isn't functioning or set up right then the link between the ASUS and the switch would need to be a trunk.
     
  5. Caged

    Capodecina

    Joined: Oct 18, 2002

    Posts: 23,097

    Are you sure the static route configuration has been applied to the Asus router, because it doesn't sound like it's working. What happens if you connect a PC in the 192.168.1.0/24 subnet and try and ping one of the subnets configured on your switch? Do you see the traffic arriving on Gi0/14?

    Even if you just chuck a laptop onto that port and tell it to use 192.168.1.239 as the gateway, can you then ping into your LAN?
     
  6. mrkev

    Gangster

    Joined: Jan 20, 2013

    Posts: 104

    Yep. I missed that. Screenshot of Asus config showing route and output of show IP route from switch would be helpful
     
  7. Gaijin

    Don

    Joined: Feb 18, 2003

    Posts: 8,411

    Location: Brighton/West Wicklow

    Thanks for your help guys - I don't have access from here but will try your suggestions tonight and/or get the information you've requested.

    When you say "Do I see it arriving?" How would I check this please?

    So disconnect the Asus from Port 0/14, connect 0/14 to a laptop, give it an IP in the 192.168.1.x range with .239 as the gateway and ping a host in a 10.10.x.x subnet?

    Sorry if these are silly questions - just want to be 100% sure before I do this tonight.

    Thanks again.
     
  8. agw_01

    Capodecina

    Joined: Apr 11, 2004

    Posts: 19,382

    Can you ping 192.168.1.239 from any of the PCs?
     
  9. Gaijin

    Don

    Joined: Feb 18, 2003

    Posts: 8,411

    Location: Brighton/West Wicklow

    Hi guys,

    Sorry - had a busy couple of days.

    So i've made some progress even though I don't recall making any changes.......

    So to answer questions:

    [​IMG]

    [​IMG]

    Ignore the 10.100.40.x entries, they are from connected Wireless Access Points with an old IP configuration that i've yet to change

    Ok, so my main PC is on the existing home network (192.168.1.179) and can now ping a laptop (10.10.30.2) I put in VLAN 30:

    [​IMG]

    I've assuming this isn't relevant due to the above but can absolutely do this if necessary?

    I can ping 192.168.1.239 from the laptop mentioned above (10.10.30.2)


    So basically, i'm pretty sure I have connectivity between then VLAN's and the home/legacy subnet (192.168.1.x/24) - HOWEVER:

    1. Whereas I can ping other devices on the 192.168.1.x/24 subnet, I can't ping the default gateway/Asus Home modem/router (192.168.1.1) from any hosts on the 10.10.x.x VLAN's. It times out.
    2. I can't access the internet from any hosts on the 10.10.x.x VLANs.

    Can you guys please advise on the above two points?

    Thanks so much for the advice so far.
     

    Attached Files:

  10. agw_01

    Capodecina

    Joined: Apr 11, 2004

    Posts: 19,382

    On the Asus, should the gateway for all the 10.x.x.x subnets not be the next hop router, i.e. 192.168.1.239?

    You're basically telling the Asus that to get to 10.10.10.0/24, forward the traffic to the interface on the Cisco switch in the same subnet. The switch knows about the other VLANs and will route the traffic.
     
  11. ChrisD.

    Capodecina

    Joined: Sep 20, 2006

    Posts: 22,741

    Correct, the ASUS has no knowledge of the VLANs as it isn't a trunk, so the traffic needs to go to the switch interface on the same subnet that the ASUS is on.
     
  12. Caged

    Capodecina

    Joined: Oct 18, 2002

    Posts: 23,097

    Delete all your routes in the Asus and put 10.10.0.0 / 255.255.0.0 with the gateway set to 192.168.1.239
     
  13. Gaijin

    Don

    Joined: Feb 18, 2003

    Posts: 8,411

    Location: Brighton/West Wicklow

    Thanks guys, will do so over the weekend. Have a good weekend yourselves!
     
  14. Gaijin

    Don

    Joined: Feb 18, 2003

    Posts: 8,411

    Location: Brighton/West Wicklow

    Hi guys,

    Just to say that altering the GW on the static routes did the trick - internet access all working. Thanks for all the help.

    Will probably post back in a few weeks once I start tinkering with ACL's to restrict access between the VLAN's, but i'm focusing on getting my wireless mesh network up and running for now.

    Thanks again!