ASUS Merlin router and Cisco L3 Switch: clients in VLANs not picking up DNS server

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

ewon_c

New Around Here
Long time lurker and first time poster. First of all let me thank @coxhaus, through his posts I learned a lot about Cisco gears and VLAN stuff.

I am trying to build a home network with inter-VLAN capabilities using my trusty AC68U, a newly acquired Cisco SG300-10MPP level-3 switch and a Cisco WAP371 AP, following coxhaus's guide How to setup a Guest network on an Cisco SG300-28 layer 3 switch. I was able to set up multiple VLANs and get internet access on my Linux laptop. However, other clients in the default VLAN and other VLANs do not have internet access due to missing DNS server.

Here is the current configurations on my devices:
  • The router is running Merlin latest stable (386.1_2), the switch is also on the latest firmware (1.4.11.5) and so is WAP371 (1.3.0.7)
  • The router is at 10.1.1.1, with DHCP off. Other settings are kept as factory default. The static route is set to:
    • Network/Host IP: 10.1.0.0
    • Netmask: 255.255.0.0
    • Default Gateway: 10.1.1.254
    • Interface: LAN
  • The switch is in L3 mode, with static IP 10.1.1.254. Default VLAN101, VLAN102 Home, VLAN108 Guest, VLAN109 Work
  • Switch IPv4 Interface has:
    • VLAN 101, 10.1.1.254, 255.255.255.0
    • VLAN 102, 10.1.2.254, 255.255.255.0
    • VLAN 108, 10.1.8.254, 255.255.255.0
    • VLAN 109, 10.1.9.254, 255.255.255.0
  • Switch IPv4 Routes can be seen in the picture
  • Switch ports:
    • Port 1 is access port: 101UP (to router)
    • Port 4 is access port: 101UP (to Linux laptop)
    • Port 5 is trunk, 101UP 102T 108T (to WAP371)
    • Port 9 is access port: 109UP (to Windows workstation)
  • DHCP pools for each VLAN are set up, see picture
  • The DNS Settings are at default, except that I added "cisco-sg300.home" to Default Domain Name (see picture)
On my Linux laptop (VLAN101), I can access internet and ping Windows workstation (VLAN109) and MacBook (VLAN101 or VLAN102, depending on SSID).
Win and Mac cannot open google.com but can open 1.1.1.1. Pinging also doesn't work. If I manually assign DNS server (10.1.1.1) to the connection, they will have internet access and can ping any clients in the LAN.

At this point, I'm convinced that the DNS server is not propagated to end clients (but why Linux laptop is not affected?). I messed around with router's DNS settings, no luck, resulting in factory resetting multiple times. I am also not sure if I had the DNS settings set up correctly in the switch. In coxhaus's post somewhere he mentioned he has DNS problem as well after the initial setup. My next step (after solving this DNS problem, obviously) is to set up ACLs so VLANs will be properly isolated.

Any thoughts on this? Thank your input in advance.
 

Attachments

  • VLAN-Port VLAN Membership.png
    VLAN-Port VLAN Membership.png
    124.3 KB · Views: 27
  • IP Config-IPv4 Interface.png
    IP Config-IPv4 Interface.png
    109.3 KB · Views: 25
  • IP Config-IPv4 Routes.png
    IP Config-IPv4 Routes.png
    488.7 KB · Views: 22
  • IP Config-DHCP Server-Network Pools.png
    IP Config-DHCP Server-Network Pools.png
    132.9 KB · Views: 28
  • IP Config-DNS-DNS Settings.png
    IP Config-DNS-DNS Settings.png
    288.7 KB · Views: 24
Last edited:

ewon_c

New Around Here
After poking a around this morning, I finally fixed it! According to this Cisco community post, the DHCP pools have to be set up with a DNS IP address. So I did, and it works instantly.

IP Config-DHCP Server-Network Pools-fixed DNS.png


Unrelated rant about WAP371: setting up the access point is relatively easy. However, a few quirks have to be looked out for:
  1. The SSID name only accepts dot "." and space, any other characters are not supported. I tried to save the name with dash "-" and it won't let me (see point 3 below)
  2. By default, at least one 5G and one 2.4G SSIDs are up. If you want to disable the last SSID in either band, you will have to turn off the that radio completely
What I don't like is that when I try to save with the "wrong" config, it won't save; it also won't give me any error message. I have to RTFM to figure out why. I lost a couple hours trying to fight this thing

Next, onto setting up ACLs to segregate VLANs
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top