01-25-2021 11:31 AM
Hi team,
we purchase sg350 52P Switch , we will connect it to internet modem ( from modem DHCP is enabled so without any configuration we will get internet) range such as 192.168.1.1 to 192.168.1.254.
but i want to create vlans such as ( users, cameras, voice, cctv) and configure inter vlan routing so each vlan can communicate each other,
user network : 172.168.25.0/24
cameras : 172.168.26.0/24
voice : 172.168.27.0/24
cctv: 172.168.28.0/24
Please advice how to configure the switch port which is connect to internet modem.
or i need routing to configure ????
01-25-2021 01:23 PM
Hi there,
You have two options:
Option 1: Configure the routing on the modem. This would require that it supported Layer 3 VLANs, swithport trunking and NAT of multiple source subnets. This would leave your SG350 to act as a layer 2 switch.
Option 2: Configure the SG350 to route these new VLANs. This would require you to add either a static route (or configure an IGP) to direct the modem to send traffic destined to these new VLANs to the SG350. The modem would also still need to NAT these new subnets as the SG350 does not offer this feature.
Depending on the caliber of your modem, none of the above may be possible. In which case you will need to place either a dedicated router or firewall between the modem and the switch.
cheers,
Seb.
01-26-2021 11:22 AM
Option 2: can please provide any config sample ???
Please correct me in SG350 :
i will create may be 3 to 4 vlan with SVIs
After that i will create DHCP server and Intervlan routing so each vlan can communicate each other, and a default route to modem
And i will let ISP to configure NAT the solution work ????
01-27-2021 06:54 AM
Hi there,
As you have stated further down this post, the modem does not support static routes, so it will have no way of sending packets to internal subnets which it is not routing itself.
This type of question comes up a lot and generally the ISP modem is always lacking in features. As I suggested in my first post, if you want a multi-VLAN topology you will need to invest in a dedicated firewall/ router which will have the Layer3/routing/NAT features which you require to make this work.
cheers,
Seb.
01-27-2021 09:23 AM
Thank you for your support
Can you please suggest me low cost Cisco router model in which i can make Layer3/routing/NAT features and run multi vlans.
and as said earlier from ISP side only i will get a dhcp ip ,
please provide me a work around solution or command how can route all my vlan subnet to internet modem after purchasing router
01-28-2021 05:39 AM
Take a look at the RV series:
...and see which one fits your budget, they all support the feature set you require.
cheers,
Seb.
01-28-2021 10:32 PM
hi team,
i find one router 2951 series in our stock after configuring the attach configuration until router i can access internet
from switch side am unable to get ip address from vlan configured
and i can use ip helper address command in sg350 switch.
Router- 2951 series
int g0/0
Desc ##STC(WAN) Interface##
ip add dhcp
ip nat outside
no sh
int g0/1
Desc ##LAN Interface##
ip add 192.168.200.254 255.255.255.252
ip nat inside
no sh
ip dhcp pool vl10
network 172.100.25.0 255.255.255.0
default-router 172.100.25.254
dns-server 8.8.8.8, 8.8.4.4
ip dhcp pool vl11
network 172.100.26.0 255.255.255.0
default-router 172.100.26.254
dns-server 8.8.8.8, 8.8.4.4
ip dhcp pool vl12
network 172.100.27.0 255.255.255.0
default-router 172.100.27.254
dns-server 8.8.8.8, 8.8.4.4
ip dhcp pool vl13
network 172.100.28.0 255.255.255.0
default-router 172.100.28.254
dns-server 8.8.8.8, 8.8.4.4
ip dhcp pool vl14
network 172.100.29.0 255.255.255.0
default-router 172.100.29.254
dns-server 8.8.8.8, 8.8.4.4
ip route 0.0.0.0 0.0.0.0 x.x.x.x( DHCP add from STC)
access-list 1 per 172.100.0.0 0.0.255.255
ip nat inside source list 1 interface g0/0 overload
*****************************************************************
Switch- SG350
vlan 10,11,12,13,14
ip routing
int vl10
ip add 172.100.25.254 255.255.255.0
ip helper-address 192.168.200.254
int vl11
ip add 172.100.26.254 255.255.255.0
ip helper-address 192.168.200.254
int vl12
ip add 172.100.27.254 255.255.255.0
ip helper-address 192.168.200.254
int vl13
ip add 172.100.28.254 255.255.255.0
ip helper-address 192.168.200.254
int vl14
ip add 172.100.29.254 255.255.255.0
ip helper-address 192.168.200.254
01-29-2021 01:24 AM
outstanding work, glad you got a working solution!
cheers,
Seb.
01-29-2021 12:47 PM
@Seb Rupik please help me
Question-1 :
i want to configure Voice and Data on a single port.
for example my data vlan -10 and voice vlan -11
.i configured the below configuration in switch sg-350 but when i make show run it show only (config-if-range)#switchport trunk allowed vlan add 10 and data vlan ip not taken in int gi port config
please provide the correct steps :
(config)#voice vlan id 11
(config)#voice vlan state auto-enabled
(config)#interface gi 1
(config-if-range)#switchport trunk native vlan 11
(config-if-range)#switchport trunk allowed vlan add 10
Question 2: if i configured both data vlan and voice in single port and want to use only laptop or PC it will work or i need to connect compulsory to phone.
Question 3: i want to remove the below macro configuration ( please provide a command for port factory reset as new)
interface GigabitEthernet6
spanning-tree portfast
switchport access vlan 12
no macro auto smartport
Question 4 : Same here i want to remove the all the configuration ( factory reset port as new)
interface GigabitEthernet17
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
Thank you for your support
01-25-2021 01:38 PM
First thing to ask is if the "Internet Modem" is capable of being configured with a static route. You will want to set it so that it sends traffic destined for the 172.16.0.0 255.240.0.0 to the SG350's IP address. If assigning static routes is not an option, you may have to see if the modem will allow you to configure multiple networks on it and use VLAN tagging to send those VLANs to the switch. That will determine how you proceed next.
01-26-2021 10:54 AM
Internet modem is not capable to make static route , just it will provide the ip address ( i can change the modem ips what ever) and no vlan tagging support.
as i said from modem i will receive DHCP IPs to get internet (we choose this switch SG350 thinking that we will create all vlans and use intervlan routing after that we will make confg NAT to modem?
i need any solution or advise if we create vlans in sg350 how can i get internet to all vlan.
01-26-2021 11:20 AM
In that case, the only way to make these VLANs work would be to purchase and install a router or firewall that does have the ability to create static routes or understand 802.1q VLAN tagging. You might be able to continue using the "Internet modem" as purely a modem only but I can't say for sure without knowing the make and model. You may have to purchase a modem as well that only works as a modem.
01-26-2021 11:36 AM
Please advise:
i will create may be 3 to 4 vlan with SVIs
After that i will create DHCP server and Intervlan routing so each vlan can communicate each other, and a default route to ISP modem
And i will let from ISP configure NAT on modem the solution work ????
01-27-2021 11:46 AM
Thank you for your support
Can you please suggest me low cost Cisco router model in which i can make Layer3/routing/NAT features and run multi vlans.
and as said earlier from ISP side only i will get a dhcp ip ,
please provide me a work around solution or command how can route all my vlan subnet to internet modem after purchasing router
01-27-2021 12:07 PM
Not sure what your budget is but my suggestion would be the Cisco Firepower 1010 (https://www.cisco.com/c/en/us/solutions/small-business/security/firewalls.html). It will do all the things we've been talking about in this post and much more.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: