Completely puzzled

jamet

I am not sure what I am messing up.  I have my configuration pretty basic at the moment and yet I can not get my vlans to talk to the outside world

|–------> Cisco SF300-48P
                                                      |
PFSENSE -------->  Cisco SG300-20 --|
                                                      |
                                                      |--------> Cisco SG300-10MPP---------> UniFi AP-AC-Pro

PFSENSE CONFIGS:

| | |
| | |
| | |

• DHCP on all internal networks

• All VLANS currently have the same firewall rules

• All switches in layer2 config

All Switches:

• All switches are able to grab a management IP address from VLAN99 DHCP Reserved IPs

• All switches are able to ping gateways of all VLANS

• All switches are able to ping LAN gateway

• All switches are able to ping 8.8.8.8 (Google DNS)

• All switches FAIL to ping hostname google.com

Switch1 CONFIGS:

• GE17  PFSENSE - TRUNK

• GE19  SWITCH 2 - TRUNK

• GE20  SWITCH 3 - TRUNK

| | |
| |

Switch2 CONFIGS:

• GE1  AP1 - TRUNK

• GE10  SWITCH 1 - TRUNK

| | |
| |

Switch3 CONFIGS:

• GE4  SWITCH 1 - TRUNK

| | |
| |

GentleJoe

Did you configure, Firewall-NAT-Outbound ?

Did you enable a DHCP server to exist/allow access on each vlan?

jamet

Yes there is a DHCP on each VLAN.  I did not configure any thing in the NAT rules.  Only the automatic rules have been created

If I am on the default vlan/LAN then I have internet access.

Derelict

All switches are able to grab a management IP address from VLAN99 DHCP Reserved IPs
    All switches are able to ping gateways of all VLANS
    All switches are able to ping LAN gateway
    All switches are able to ping 8.8.8.8 (Google DNS)
    All switches FAIL to ping hostname google.com

That is the only actual trouble description you gave so…

Your switches cannot resolve DNS. Fix that.

johnpoz

If you want your switches to resolve dns, that has to be set

https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=5fa907c56103465e86b7f56ca946efe7_Configuration_of_a_DNS_Server_on_a_SF200_Series_Device.xml&pid=2&converted=0
Add a DNS Server on the 200/300 Series Managed Switches

georgeman

I'm not sure I understand your problem. Your switches can ping 8.8.8.8 so indeed they can talk to the outside world. What is what does not work? Regular hosts plugged onto those switches are the ones that can't?

Also, why all ports on all switches are set up as trunks? Shouldn't you have at least some access ports where you plug in your hosts?