EXOS configuration for VLAN to connect to Internet

  • 0
  • 1
  • Question
  • Updated 3 months ago
  • Answered
Newbie to networking and Extreme Networks switch and trying to set up a simple config at home. I picked up a Summit 450e defaulted to factory config with a 15.6b image.  I have created 4 VLANs - data,voice, guest and inet-gw.  Port 1 is data, Port 2 is voice, Port 3 is guest, Port 12 is inet-gw.  PC attached to each of ports 1, 2 and 3 and a verizon router attached to port 12.   For purposes of simulating using GNS-3 I used the NAT-1 appliance instead of the actual Verizon router. I am able to ping each PC from each of the other PCs connected to the switch.  I am able to ping www.google.com and other publicly accessible internet sites from the inet-gw VLAN on the switch using the console (hence showing that the NAT-1 connection to the switch works).  The problem is that i cannot reach the internet from any of the PCs connected to the switch (i.e. from the data, voice, or guest VLANs).  I followed Drew C's post that showed a very similar set-up but he did not have any actual configuration commands so obviously I am missing something in my config.  Have been messing with it for the last two days but no luck so throwing myself at your mercy now...config schematic below...

* Summit-PC.11 # show vlan
Name            VID  Protocol Addr       Flags                         Proto  Ports  Virtual
                                                                              Active router
data            10      /24  -f--------------------------- ANY    1 /1   VR-Default
Default         1    ------------------------------------------------- ANY    0 /0   VR-Default
guest           30      /24  -f--------------------------- ANY    1 /1   VR-Default
inet-gw         100  -f--------------------------- ANY    1 /1   VR-Default
Mgmt            4095 ------------------------------------------------- ANY    1 /1   VR-Mgmt
voice           20      /24  -f--------------------------- ANY    1 /1   VR-Default
Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration
#bo  Default Route   1    UG-D---um--f- inet-gw    0d:0h:34m:7s
#d       1    U------um--f- data       0d:0h:34m:18s
#d       1    U------um--f- voice      0d:0h:34m:18s
#d       1    U------um--f- guest      0d:0h:34m:18s
#d 1    U------um--f- inet-gw    0d:0h:34m:8s

* Summit-PC.17 # sh dhcp-client state
Client VLAN     Protocol Server          Current State
--------------- -------- --------------- ---------------------------------------
data            None
Default         None
guest           None
inet-gw         DHCP   DHCP state; Bound
Mgmt            None
voice           None

A total of 6 vlan(s) where displayed.

Photo of Bhavdeep Chhabra

Bhavdeep Chhabra

  • 90 Points 75 badge 2x thumb

Posted 3 months ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,194 Points 10k badge 2x thumb
Hello Bhavdeep,

Does know how to get back to the data, voice and guest network? Can the devices in the other VLANs ping
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,354 Points 2k badge 2x thumb
Just a notice that you are currently using the ip-s not from private subnet on vlans 20 and 30

Have you enabled ipforwarding on your vlans?
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
As Partick said above, please check first if the ping to from each PC is successful. If not, you would need to add routing to each vlan (data, voice and guest) in NAT-1 device.
If ping is successful, then I think you need to check NAT configuration since NAT is working well for direct interface ( but other PC networks.
Photo of Bhavdeep Chhabra

Bhavdeep Chhabra

  • 90 Points 75 badge 2x thumb
Patrick and others,

Thanks for the reply.  IP forwarding is enabled on the Vlans.  I can ping on port 12 from the other PCs but not - it cannot see that for some reason.  The NAT1 device in GNS-3 does not allow for any configuration.  Attached below is the config and the message I get back when I ping from VPCS1 (PC 1)...

VPCS> sh ip

NAME        : VPCS[1]
IP/MASK     :
DNS         :
MAC         : 00:50:79:66:68:02
LPORT       : 10012
MTU:        : 1500

VPCS> ping
84 bytes from icmp_seq=1 ttl=64 time=3.267 ms
84 bytes from icmp_seq=2 ttl=64 time=2.130 ms
84 bytes from icmp_seq=3 ttl=64 time=5.607 ms
84 bytes from icmp_seq=4 ttl=64 time=1.596 ms
84 bytes from icmp_seq=5 ttl=64 time=1.368 ms

VPCS> ping icmp_seq=1 timeout icmp_seq=2 timeout icmp_seq=3 timeout icmp_seq=4 timeout icmp_seq=5 timeout

Config File:
configure vlan default delete ports all
configure vr VR-Default delete ports 1-12
configure vr VR-Default add ports 1-12
configure vlan default delete ports 1-12
create vlan "data"
configure vlan data tag 10
create vlan "guest"
configure vlan guest tag 30
create vlan "inet-gw"
configure vlan inet-gw tag 100
create vlan "voice"
configure vlan voice tag 20
configure vlan data add ports 1 untagged
configure vlan guest add ports 3 untagged
configure vlan inet-gw add ports 12 untagged
configure vlan data ipaddress
enable ipforwarding vlan data
configure vlan voice ipaddress
enable ipforwarding vlan voice
configure vlan guest ipaddress
enable ipforwarding vlan guest

# Module fdb configuration.

# Module rtmgr configuration.

# Module mcmgr configuration.

# Module aaa configuration.


# Module msdp configuration.

# Module netLogin configuration.

# Module netTools configuration.
configure dns-client add name-server vr VR-Default
enable dhcp vlan inet-gw

# Module ntp configuration.

# Module ospf configuration.


Any other thoughts?

Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
The ping is not successful, since NAT-1 device in GNS3 doesn't know way how to get to the data, voice and guest network (i.e. there is no routing table for those networks in NAT-1 device). So even though the ping request from each PC is reached at the NAT-1 device but NAT-1 can't reply to that as it doesn't have routing table for the networks.
It is same to normal data traffic. The internet traffic from each PC can go outside after NAT but can't return back on NAT-1 device with same reason.
You should add networks (data, voice and guest) to the route table in NAT-1 device via static or dynamic (e.g. OSPF).
Photo of Bhavdeep Chhabra

Bhavdeep Chhabra

  • 90 Points 75 badge 2x thumb
i'm not sure how to do that since the NAT-1 device in GNS-3 does not have any configuration capability - also, when I ping or from the switch it does go out on the NAT1 device and make it's way back to the switch - is there any configuration commands I can add to the switch to make the traffic flow back to the appropriate PC?
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
The reason why the ping is successful when pinging from switch may be the source address of that ping request is switch's local which NAT-1 device also knows this network ( as its direct interface.
I think the ping won't be successful when you ping from switch with different source address for example, "ping from".
As long as you want to have separated network for each data, voice and guest, appropriate routing is required.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,606 Points 10k badge 2x thumb
You could try one of the free software routers available for GNS3 instead of the NAT-1 device. For example one of the LEDE, OpenWRT, BSDRP or BIRD router appliances. There you can configure static routes towards the client networks.
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,560 Points 5k badge 2x thumb
I agree with Erik.  Lets use a device we have more control over.