VLAN Internet access

Question

ey Everyone,

I have a N3024 as my Core/Main switch and N1524P's as my edge switches. I have configured 3 VLAN's 100, 990, 999. 100 is the vendor VLAN. 990 is the intenet VLAN, and 999 is the management. IP Routing is active and I can ping all switches from each other and I can ping from vlan 100 to the other vlans. The core/main switch is directly connected to the Ubiquiti USG that is acting as a firewall. The core/main also can ping the internet. None of my other switches or VLAN 100 cannot get out to the internet. What am I missing.

core/main switch config:

SCA_Private_Main#show start

!Current Configuration:
!Software Capability "Stack Limit = 12, VLAN Limit = 4093"
!Image File "N3000Advv6.5.2.35"
!System Description "Dell EMC Networking N3024EF-ON, 6.5.2.35, Linux 3.6.5-e3cd5a07, v1.0.5"
!System Software Version 6.5.2.35
!
configure
vlan 100,990,999
exit
vlan 100
name "Grainger_Devices"
exit
vlan 990
name "Internet"
exit
vlan 999
name "Management"
exit
ip telnet server disable
hostname "SCA_Private_Main"
slot 1/0 8 ! Dell EMC Networking N3024EF-ON
stack
member 1 4 ! N3024EF-ON
exit
interface out-of-band
ip address 192.168.10.100 255.255.255.0 0.0.0.0
exit
no ip http server
ip http secure-server
ip routing
service dhcp
ip dhcp pool "Grainger"
dns-server 65.48.235.249 8.8.8.8
default-router 10.56.200.254
network 10.56.200.0 255.255.255.0
netbios-node-type b-node
exit
interface vlan 1
exit
interface vlan 100
ip address 10.56.200.254 255.255.255.0
exit
interface vlan 990
ip address 10.56.155.253 255.255.255.240
exit
interface vlan 999
ip address 10.56.150.1 255.255.255.240
exit
ip route 0.0.0.0 0.0.0.0 10.56.155.254
username "admin" password 141f9341985b9afa282ec848e7626f56 privilege 15 encrypted
username "N563620" password c70b078cc5aa0365b5fe3e05ff527445 privilege 15 encrypted
username "N510399" password c70b078cc5aa0365b5fe3e05ff527445 privilege 15 encrypted
ip ssh server
application install SupportAssist auto-restart start-on-boot
dhcp l2relay vlan 100
!
interface Gi1/0/1
spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/2
spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/3
spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/4
spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/5
spanning-tree disable
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/6
spanning-tree disable
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/7
spanning-tree disable
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/8
spanning-tree disable
switchport trunk allowed vlan 100,999
exit
!
interface Gi1/0/9
spanning-tree disable
switchport access vlan 100
exit
!
interface Gi1/0/24
spanning-tree disable
switchport access vlan 100
exit
!
interface Te1/0/1
description "Internet"
switchport access vlan 990
switchport trunk allowed vlan 100,990,999
exit
snmp-server engineid local 800002a203886fd4bc7f8f
enable password 141f9341985b9afa282ec848e7626f56 encrypted
eula-consent hiveagent reject
exit

SCA_Private_Main#

Edge Switch config:

SCA_630A#show start

!Current Configuration:
!Software Capability "Stack Limit = 4, VLAN Limit = 512"
!Image File "N1500v6.5.4.4"
!System Description "Dell EMC Networking N1524P, 6.5.4.4, Linux 3.6.5, Not Available"
!System Software Version 6.5.4.4
!
configure
vlan 100,999
exit
vlan 100
name "Grainger"
exit
vlan 999
name "Management"
exit
hostname "SCA_630A"
slot 1/0 3 ! Dell EMC Networking N1524P
stack
member 1 2 ! N1524P
exit
ip routing
interface vlan 1
ip address dhcp
exit
interface vlan 100
exit
interface vlan 999
ip address 10.56.150.2 255.255.255.240
exit
ip default-gateway 10.56.150.1
username "admin" password 5f4dcc3b5aa765d61d8327deb882cf99 privilege 15 encrypted
line telnet
password 141f9341985b9afa282ec848e7626f56 encrypted
exit
spanning-tree mode stp
application install SupportAssist auto-restart start-on-boot
application install hiveagent start-on-boot
!
interface Gi1/0/1
spanning-tree disable
switchport access vlan 100
exit
!
interface Gi1/0/2
spanning-tree disable
exit
!
interface Gi1/0/3
spanning-tree disable
exit
!
interface Gi1/0/4
spanning-tree disable
exit
!
interface Gi1/0/5
spanning-tree disable
exit
!
interface Gi1/0/6
spanning-tree disable
exit
!
interface Gi1/0/7
spanning-tree disable
exit
!
interface Gi1/0/8
spanning-tree disable
exit
!
interface Gi1/0/9
spanning-tree disable
exit
!
interface Gi1/0/10
spanning-tree disable
exit
!
interface Gi1/0/11
spanning-tree disable
exit
!
interface Gi1/0/12
spanning-tree disable
exit
!
interface Gi1/0/13
spanning-tree disable
exit
!
interface Gi1/0/14
spanning-tree disable
exit
!
interface Gi1/0/15
spanning-tree disable
exit
!
interface Gi1/0/16
spanning-tree disable
exit
!
interface Gi1/0/17
spanning-tree disable
exit
!
interface Gi1/0/18
spanning-tree disable
exit
!
interface Gi1/0/19
spanning-tree disable
exit
!
interface Gi1/0/20
spanning-tree disable
exit
!
interface Gi1/0/21
spanning-tree disable
exit
!
interface Gi1/0/22
spanning-tree disable
exit
!
interface Gi1/0/23
spanning-tree disable
exit
!
interface Gi1/0/24
spanning-tree disable
exit
!
interface Te1/0/1
spanning-tree disable
spanning-tree port-priority 0
spanning-tree portfast
switchport mode trunk
exit
!
interface Te1/0/2
spanning-tree disable
spanning-tree port-priority 0
spanning-tree portfast
switchport mode trunk
exit
!
interface Te1/0/3
spanning-tree disable
spanning-tree port-priority 0
spanning-tree portfast
switchport mode trunk
exit
!
interface Te1/0/4
spanning-tree disable
spanning-tree port-priority 0
spanning-tree portfast
switchport mode trunk
exit
snmp-server engineid local 800002a203f8b1568e8dc0
enable password 141f9341985b9afa282ec848e7626f56 encrypted
exit

SCA_630A#

Any and all help greatly appreciated!!!

RacerxV6 · Answer

interface Te1/0/1description 'Internet'switchport access vlan 990switchport trunk allowed vlan 100,990,999exit

RacerxV6 · Answer

Should it be just switchport mode trunk ?only

DELL-Josh Cr · Answer

Hi,   How is the port from the N3024 to the USG configured? Is it a trunk port?

RacerxV6 · Answer

Josh,   Can you answer a question for me that I cannot sem to find.  Do Dell N Series switched have the capability of performing NAT?

DELL-Josh Cr · Answer

No, they don’t, they are designed to be used with a router to do that.

DELL-Josh Cr · Answer

Yeah, Do switchport mode trunk.

RacerxV6 · Answer

Ok, just wanted to check. Back to issue at hand. Now have TE1/0/1 set to switchport mode trunk and no longer have access to inside interface of firewall...ip route 0.0.0.0 0.0.0.0 10.56.155.254 is stil lin place which is the inside interface of the USG. I can ping my TE1/0/1 interface which has an ip of 10.56.155.253

ip route shows all are directly connected:

SCA_Private_Main#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, K - Kernel, S - Static
B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S U - Unnumbered Peer, L - Leaked Route, T - Truncated ECMP Route

* Indicates the best (lowest metric) route for the subnet.

Default Gateway is 10.56.155.254
S *0.0.0.0/0 [1/0] via 10.56.155.254, 00h:08m:57s, Vl990
C *10.56.150.0/28 [0/0] directly connected, Vl999
C *10.56.155.240/28 [0/0] directly connected, Vl990
C *10.56.200.0/24 [0/0] directly connected, Vl100

DELL-Josh Cr · Answer

ok, switch it back to access for now, but it seems like there is something between the main switch and the usg that isn't passing other VLAN traffic.

RacerxV6 · Answer

Yes, the original and now I have no access to the inside interface of the router.  I can no longer ping 12.208.153.74

DELL-Josh Cr · Answer

Is the original problem still there?

Networking General

VLAN Internet access

Was this post helpful?