VLANs can't see internet

Couple things to take note of.

- The gloabl ip address command assigns an IP address to the management VLAN, which by default is VLAN 1. On the 6200 switches, the management VLAN is not routable. It is intended to use this VLAN as a form of OOB management.

- In this scenario the static routes are directing traffic to the next hop in the network. This sounds like it will be the device plugged into port 2.

With this in mind, what device is plugged into port 2?

Daniel,  Thanks for helping out...  OK.  I had the internet connection plugged into a Dell 3424 and then a cable going to the 6224 on port 2.

I took the 3424 out of the mix and plugged the internet connection directly in to port 2 on the 6224.  But, I still can't get to the internet from a machine plugged in to vlan 10 or vlan 20...

-Michael

Here are some steps that should get you headed in the right direction.

It would probably be best to perform these steps from console.

If you want VLAN 1 to be routed you will need to make another VLAN and assign it to be the management VLAN. Then assign 192.168.1.3 to VLAN 1 interface.
console(config)#vlan database
console(config-vlan)# vlan 100
console(config-vlan)# exit
console(config)# ip address vlan 100
console(config)# no ip address
console(config)# interface vlan 1
console(config-if)# ip address 192.168.1.3 255.255.255.0

Here is a KB article covering this in some more detail: http://dell.to/1FiQhu7

Port 2 should already be set to untagged for VLAN 1, but if it is not, then set it to access mode for VLAN 1.

console(config)# interface ethernet 1/g2
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 1

Now we need to configure the static route to direct traffic out to the internet device.

console(config)# ip route 10.10.0.0 255.255.255.0 192.168.1.1
console(config)# ip route 10.20.0.0 255.255.255.0 192.168.1.1

Traffic should now be able to get out of the network. However it will have issues when returning. For this we have to configure a static route on the internet device that directs traffic back into your network. I am not sure what device this is, but it would look something along the lines of this.

# ip route 10.10.0.0 255.255.255.0 192.168.1.3
# ip route 10.20.0.0 255.255.255.0 192.168.1.3

Keep us posted with any updates.

Thank you Daniel.  its been a busy week.  I will try these steps tomorrow and let you know how it goes.

I appreciate all you help...   stay tuned...

Daniel,  Thank you for your patience while I try to wrap my brain around this...  I started entering in your suggested commands and the CLI.  once I got to this line and entered the command.  I lost all connection to the switch.  
console(config)# no ip address

I have rebooted the switch and reset to factory defaults.  if it's not too much to ask.  can you give me the entire sequence of commands to setup the switch from the beginning?

my goal is to have two VLANs on the switch.  each VLAN will have three computers in it.  the computers in each vlan need to be able to see each other as well as get out to the internet...

I have a comcast cable modem the is connected to a NetGear wireless router (192.168.1.1).  The Netgear serves out DHCP to all the home computers.

The powerconnect 6224 (192.168.1.3)  is plugged into the netgear. I don't want the computers in the two VLANs to obtain IP addresses from the Netgear.  I want to setup a DHCP server with in each of the vlans to serve ip addresses to each of the machines in their vlans.   Does this all make sense?

I apologize, I should have been a little clearer when I suggested to make these changes from console. Here is an example config you can start with. I always like to take the approach of configuring the basic needs first. Then once communication is good, you can then add in additional features one at a time.

configure

vlan database

vlan 10,20,99

exit

ip routing

ip route 10.10.0.0 255.255.255.0 192.168.1.1

ip route 10.20.0.0 255.255.255.0 192.168.1.1

interface vlan 10

ip address 10.10.0.1 255.255.255.0

exit

interface vlan 20

ip address 10.20.0.1 255.255.255.0

exit

interface vlan 99

name "WAN"

ip address 192.168.1.3 255.255.255.0

Exit

username "admin" password 4f87869237d36d241ed31f8fe95ad8d6 level 15 encrypted

interface ethernet 1/g2 (Connection to router)

Switchport mode access

Switchport access vlan 99

The other ports that connect to clients will need to be set to access mode for VLAN 10 or VLAN 20, just as you had previously.

I am not sure which model Netgear you are using, but here is a KB article that covers adding static routes.

http://bit.ly/2fyBP8X

You will need to make two static routes. Here is an example of what the settings would look like.

VLAN 10:

Destination IP address: 10.10.0.0
IP Subnet Mask: 255.255.255.0
Gateway IP Address: 192.168.1.3

VLAN 20:

Destination IP address: 10.20.0.0
IP Subnet Mask: 255.255.255.0
Gateway IP Address: 192.168.1.3

Let me know if this works for you. If everything works, you can then move on to other tasks, such as locking down management access.

http://bit.ly/1XqY6Vk

Keep us posted.

Daniel.  sorry for the late reply...  busy week...

I started entering in your commands and got stuck.. it would not let me give the vlan 99 the IP address.

************Here is how far I got*****************

User:admin
Password:********

console#configure

console(config)#vlan database

console(config-vlan)#vlan 10,20,99
Warning: The use of large numbers of VLANs or interfaces may cause significant
delays in applying the configuration.

console(config-vlan)#exit

console(config)#ip routing

console(config)#ip route 10.10.0.0 255.255.255.0 192.168.1.1

console(config)#ip route 10.20.0.0 255.255.255.0 192.168.1.1

console(config)#interface vlan 10

console(config-if-vlan10)#ip address 10.10.0.1 255.255.255.0

console(config-if-vlan10)#exit

console(config)#interface vlan 20

console(config-if-vlan20)#ip address 10.20.0.1 255.255.255.0

console(config-if-vlan20)#exit

console(config)#interface vlan 99

console(config-if-vlan99)#name "WAN"

console(config-if-vlan99)#ip address 192.168.1.3 255.255.255.0

Subnet conflict between specified IP Address and current configuration.
All routing interfaces, service ports and network ports must be configured on
different subnets.

console(config-if-vlan99)#

That message is indicating that a different VLAN already has an IP address in the 192.168.1.X subnet. You can us e the command # show ip interfaces, to see what IP addresses have been assigned. Then change or remove the IP address for the VLAN with the conflicting address. 

Daniel,  This environment I am trying to create doesn't neccesarily need to have VLAN 1 in the mix.  if I can accomplish my goal of having two vlans on the 6224 switch and have the computers in those vlans have access to the internet as well as see each other.  that is all I need right now.  so,  if I create three(3) vlans.  10,20 & 99.  and don't even use vlan 1.  that would be fine.  I'll remind you that I do not know/understand these powerconnect switches as much as I should.  so the more specific and detailed you can be the better.

Here is my running config.   what do i need to add/change to accomplish my goal?

vlan database
vlan 10,20,99-100
exit
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0 ( I don't recall setting up this IP address.. not sure what it is for?)
ip address vlan 100
ip routing
ip route 10.10.0.0 255.255.255.0 192.168.1.1
ip route 10.20.0.0 255.255.255.0 192.168.1.1
interface vlan 1
routing
ip address 192.168.1.3 255.255.255.0
exit
interface vlan 10

routing
ip address 10.10.0.1 255.255.255.0
exit
interface vlan 20
routing
ip address 10.20.0.1 255.255.255.0
exit
interface vlan 99
name "WAN"
routing
exit
username "admin" password 4f87869237d36d241ed31f8fe95ad8d6 level 15 encrypted
exit

Looks like you just need to remove those IP addresses and then you can apply to the desired vlan.

console(config)# no ip address
console(config)#interface vlan 1
console(config-if-vlan1)#no ip address
console(config-if-vlan1)#exit
console(config)#interface vlan 99
console(config-if-vlan99)#ip address 192.168.1.3 255.255.255.0

Hello Daniel,  I feel like a real noob...  Thanks for your patience. I reset the switch back to factory defaults.  and ran through the setup wizard. I tried to do the command 

console(config)#interface vlan 1
console(config-if-vlan1)#no ip address

but, it said command no complete.  so I created a vlan 100 and set it with no ip address.

Then left vlan 1  with the IP of 192.168.1.3 255.255.255.0  .

so, computers in each vlan can ping each other as well as the ip address for their vlan.  for example.  the ip address for vlan 10 is 10.10.0.1  

But, they can't ping anything on the internet   for example ping 8.8.8.8 gives destination unreachable

I must have missed something...

here is the running config.

User:admin
Password:********

console#show run
!Current Configuration:
!System Description "Dell 24 Port Gigabit Ethernet, 2.0.0.12, VxWorks5.5.1"
!System Software Version 2.0.0.12
!
configure
vlan database
vlan 10,20,100
exit
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0
ip address vlan 100
ip routing
ip route 10.10.0.0 255.255.255.0 192.168.1.1
ip route 10.20.0.0 255.255.255.0 192.168.1.1
interface vlan 1
routing
ip address 192.168.1.3 255.255.255.0
exit
interface vlan 10

routing
ip address 10.10.0.1 255.255.255.0
exit
interface vlan 20
routing
ip address 10.20.0.1 255.255.255.0
exit
username "admin" password 4f87869237d36d241ed31f8fe95ad8d6 level 15 encrypted
!
interface ethernet 1/g12
switchport access vlan 20
exit
!
interface ethernet 1/g13
switchport access vlan 20
exit
!
interface ethernet 1/g14
switchport access vlan 20
exit
!

interface ethernet 1/g15
switchport access vlan 20
exit
!
interface ethernet 1/g16
switchport access vlan 10
exit
!
interface ethernet 1/g17
switchport access vlan 10
exit
!
interface ethernet 1/g18
switchport access vlan 10
exit
!
interface ethernet 1/g19
switchport access vlan 10
exit
!
interface ethernet 1/g20

switchport access vlan 10
exit
exit

console#config

console(config)#interface ethernet 1/g2

console(config-if-1/g2)#switchport access vlan 1
Warning: The use of large numbers of VLANs or interfaces may cause significant
delays in applying the configuration.

console(config-if-1/g2)#exit

console#copy running-config startup-config

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Configuration Saved!
console#
console#show run
!Current Configuration:
!System Description "Dell 24 Port Gigabit Ethernet, 2.0.0.12, VxWorks5.5.1"
!System Software Version 2.0.0.12
!
configure
vlan database
vlan 10,20,100
exit
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0 (Still don't know why this is here and how to remove it)
ip address vlan 100
ip routing
ip route 10.10.0.0 255.255.255.0 192.168.1.1
ip route 10.20.0.0 255.255.255.0 192.168.1.1
interface vlan 1
routing
ip address 192.168.1.3 255.255.255.0
exit
interface vlan 10

routing
ip address 10.10.0.1 255.255.255.0
exit
interface vlan 20
routing
ip address 10.20.0.1 255.255.255.0
exit
username "admin" password 4f87869237d36d241ed31f8fe95ad8d6 level 15 encrypted
!
interface ethernet 1/g12
switchport access vlan 20
exit
!
interface ethernet 1/g13
switchport access vlan 20
exit
!
interface ethernet 1/g14
switchport access vlan 20
exit
!

interface ethernet 1/g15
switchport access vlan 20
exit
!
interface ethernet 1/g16
switchport access vlan 10
exit
!
interface ethernet 1/g17
switchport access vlan 10
exit
!
interface ethernet 1/g18
switchport access vlan 10
exit
!
interface ethernet 1/g19
switchport access vlan 10
exit
!
interface ethernet 1/g20

switchport access vlan 10
exit
exit

console#ping 8.8.8.8
Pinging 8.8.8.8 with 64 bytes of data:

----8.8.8.8 PING Statistics----
4 packets transmitted,0 packets received,100% packet loss
round-trip (ms) min/avg/max = 0.000/NaN/0.000

console#

The config looks fine, and your internal traffic is all able to communicate now? So the issue with external connection probably is with the Netgear. were you able to add the static routes to the Netgear?

http://bit.ly/2fyBP8X

Daniel,  I think I might have found the issue.  I rely on your expertise to confirm this...

I did a Show Ip interfaces command and it showed this.

Notice there is no default gateways on the switch or the vlans.  this makes me think that the switch and the computers connected to it don't know how to get out...  also, the switch IP address is 192.168.2.1.  I didn't set that.  

User:admin
Password:********

console#show ip interface

Management Interface:

IP Address..................................... 192.168.2.1
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 0.0.0.0
Burned In MAC Address.......................... 001E.C98D.****
Network Configuration Protocol Current......... None
Management VLAN ID............................. 100

Routing Interfaces:
Netdir Multi
Interface IP Address IP Mask Bcast CastFwd
---------- --------------- --------------- -------- --------
vlan 1 192.168.1.3 255.255.255.0 Disable Disable
vlan 10 10.10.0.1 255.255.255.0 Disable Disable
vlan 20 10.20.0.1 255.255.255.0 Disable Disable

console#