I have a Netvanta 3120 which had 1 vlan connected to all 4 switchports and all worked. This was on subnet 192.168.15.192/26 with gateway 192.168.15.193; DHCP active in the 192.18.90.200 - 250 range. I could access internet from any of these ports; DHCP would assign IP address in the proper subnet on all as they should
I wanted to create a second VLAN, which I called VLAN90, which I configured on 192.168.90.192/26 with gateway 192.168.90.193; DHCP active in the 192.168.90.200 - 250 range just like I had on the default subnet. I then set switch port 4 for VLAN90, leaving switch ports 1, 2, and 3 on the default vlan.
When I connect pc to switch ports 1, 2, or 3, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.15.192/26 as I should; I can access internet, ping public DNS servers, and all works as it should.
When I connect pc to switchport 4, do an ipconfig /release then ipconfig /renew I am assigned an IP address in 192.168.90.192/26 as I should; I cannot access internet, ping public DNS servers, and nothing works as it should. It acts like I am not being allowed to access the Internet - or like I did not enter the default gateway for VLAN 90 to find a way to the Internet. I am probably missing something rather fundamental but I am stuck. I would appreciate any guidance you can provide
Below are the critical parts of the show run which may help
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
ip dhcp pool "192.168.15.192/26"
network 192.168.15.192 255.255.255.192
dns-server 75.75.75.75 75.75.76.76
default-router 192.168.15.193
lease 0 4 0
timezone-offset -5:00
!
ip dhcp pool "192.168.90.192/26"
network 192.168.90.192 255.255.255.192
dns-server 75.75.75.75 75.75.76.76
default-router 192.168.90.193
lease 0 4 0
!
!
!
!
!
!
!
vlan 1
name "Default"
!
vlan 90
name "Voice VLAN"
!
!
interface eth 0/1
description ComCast
ip address xx.zz.yy.dd 255.255.255.252
ip access-policy Public
crypto map VPN
no awcp
no shutdown
no lldp send-and-receive
!
!
interface switchport 0/1
no shutdown
!
interface switchport 0/2
no shutdown
!
interface switchport 0/3
no shutdown
!
interface switchport 0/4
no shutdown
switchport access vlan 90
!
!
!
interface vlan 1
description first vlan
ip address 192.168.15.193 255.255.255.192
ip access-policy Private
no rtp quality-monitoring
no shutdown
!
interface vlan 90
description - visitor wired use
ip address 192.168.90.193 255.255.255.192
ip mtu 1500
no awcp
no shutdown
!
!
!
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
ip access-list extended self
remark Traffic to UNIT
permit ip any any log
!
!
!
!
ip policy-class Private
nat source list wizard-ics interface eth 0/1 overload
!
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
!
You don't have a policy allowing VLAN 90 to NAT to the Internet.
I'm assuming that you don't want the visitor network on VLAN 90 to access resources on VLAN 15.
Add the following:
interface vlan 90
ip access-policy Visitor
ip policy-class Visitor
nat source list wizard-ics interface eth 0/1 overload
I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Eric