cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
23
Replies
kick534
Beginner

SG 350 configuration guidance

Hi team,

we purchase sg350 52P Switch , we will connect it to internet modem ( from modem DHCP is enabled so without any configuration we will get internet) range such as 192.168.1.1 to 192.168.1.254.

 

but i want to create vlans such as ( users, cameras, voice, cctv) and configure inter vlan routing so each vlan can communicate each other,

user network : 172.168.25.0/24

cameras : 172.168.26.0/24

voice : 172.168.27.0/24

cctv: 172.168.28.0/24

Please advice  how to configure the switch port which is connect to internet modem.

or i need routing to configure ????

 

 

23 REPLIES 23
Seb Rupik
VIP Advisor

Hi there,

You have two options:

Option 1: Configure the routing on the modem. This would require that it supported Layer 3 VLANs, swithport trunking and NAT of multiple source subnets. This would leave your SG350 to act as a layer 2 switch.

 

Option 2: Configure the SG350 to route these new VLANs. This would require you to add either a static route (or configure an IGP) to direct the modem to send traffic destined to these new VLANs to the SG350. The modem would also still need to NAT these new subnets as the SG350 does not offer this feature.

 

Depending on the caliber of your modem, none of the above may be possible. In which case you will need to place either a dedicated router or firewall between the modem and the switch.

 

cheers,

Seb.

@Seb Rupik 

Option 2: can please provide any config sample ???

 

 

Please correct me in SG350 :

i will create may be 3 to 4 vlan with  SVIs

After that i will create DHCP server and Intervlan routing so each vlan can communicate each other, and a default route to modem

And i will let ISP to configure NAT  the solution work ????

Hi there,

As you have stated further down this post, the modem does not support static routes, so it will have no way of sending packets to internal subnets which it is not routing itself.

 

This type of question comes up a lot and generally the ISP modem is always lacking in features. As I suggested in my first post, if you want a multi-VLAN topology you will need to invest in a dedicated firewall/ router which will have the Layer3/routing/NAT features which you require to make this work.

 

cheers,

Seb.

@Seb Rupik 

 

Thank you for your support

 

Can you please suggest me low cost Cisco router model in which i can make Layer3/routing/NAT features and run multi vlans.

and as said earlier from ISP side only i will get a dhcp ip ,

please provide me a work around solution or command how can route all my vlan subnet to internet modem after purchasing router

 

Take a look at the RV series:

https://www.cisco.com/c/en_uk/products/routers/small-business-rv-series-routers/models-comparison.html

 

...and see which one fits your budget, they all support the feature set you require.

 

cheers,

Seb.

hi team,

 

i find one router 2951 series in our stock after configuring the attach configuration until router i can access internet

from switch side am unable to get ip address from vlan configured

and i can use ip helper address command in sg350 switch.

Router- 2951 series


int g0/0
Desc ##STC(WAN) Interface##
ip add dhcp
ip nat outside
no sh


int g0/1
Desc ##LAN Interface##
ip add 192.168.200.254 255.255.255.252
ip nat inside
no sh

ip dhcp pool vl10
network 172.100.25.0 255.255.255.0
default-router 172.100.25.254
dns-server 8.8.8.8, 8.8.4.4

ip dhcp pool vl11
network 172.100.26.0 255.255.255.0
default-router 172.100.26.254
dns-server 8.8.8.8, 8.8.4.4

ip dhcp pool vl12
network 172.100.27.0 255.255.255.0
default-router 172.100.27.254
dns-server 8.8.8.8, 8.8.4.4

ip dhcp pool vl13
network 172.100.28.0 255.255.255.0
default-router 172.100.28.254
dns-server 8.8.8.8, 8.8.4.4

ip dhcp pool vl14
network 172.100.29.0 255.255.255.0
default-router 172.100.29.254
dns-server 8.8.8.8, 8.8.4.4

ip route 0.0.0.0 0.0.0.0 x.x.x.x( DHCP add from STC)

access-list 1 per 172.100.0.0 0.0.255.255
ip nat inside source list 1 interface g0/0 overload

 

*****************************************************************


Switch- SG350

vlan 10,11,12,13,14

ip routing

 

int vl10
ip add 172.100.25.254 255.255.255.0
ip helper-address 192.168.200.254

 

int vl11
ip add 172.100.26.254 255.255.255.0
ip helper-address 192.168.200.254

 

int vl12
ip add 172.100.27.254 255.255.255.0
ip helper-address 192.168.200.254

 

int vl13
ip add 172.100.28.254 255.255.255.0
ip helper-address 192.168.200.254

 

int vl14
ip add 172.100.29.254 255.255.255.0
ip helper-address 192.168.200.254

 

 

 

 

 

outstanding work, glad you got a working solution!

 

cheers,

Seb.

@Seb Rupik  please help me

Question-1 :

i want to configure Voice and Data on a single port.

for example my data vlan -10 and voice vlan -11

.i configured the below configuration in switch sg-350 but when i make show run it show only (config-if-range)#switchport trunk allowed vlan add 10 and data vlan ip not taken in int gi port config

please provide the correct steps :

(config)#voice vlan id 11

(config)#voice vlan state auto-enabled

(config)#interface gi 1

(config-if-range)#switchport trunk native vlan 11

(config-if-range)#switchport trunk allowed vlan add 10

 

Question 2: if i configured both data vlan and voice in single port and want to use only laptop or PC it will work or i need to connect compulsory to phone.

 

Question 3: i want to remove the below macro configuration ( please provide a command for port factory reset as new)

interface GigabitEthernet6

spanning-tree portfast

switchport access vlan 12

no macro auto smartport

 

Question 4 : Same here i want to remove the all the configuration ( factory reset port as new)

 

interface GigabitEthernet17

spanning-tree link-type point-to-point

switchport mode trunk

macro description switch

!next command is internal.

macro auto smartport dynamic_type switch

 

 

Thank you for your support

Tyson Joachims
Rising star

First thing to ask is if the "Internet Modem" is capable of being configured with a static route. You will want to set it so that it sends traffic destined for the 172.16.0.0 255.240.0.0 to the SG350's IP address. If assigning static routes is not an option, you may have to see if the modem will allow you to configure multiple networks on it and use VLAN tagging to send those VLANs to the switch. That will determine how you proceed next.

 

@Tyson Joachims 

Internet modem is not capable to make static route , just it will provide the ip address ( i can change the modem ips what ever) and no vlan tagging support.

 

as i said from modem i will receive DHCP IPs to get internet (we choose this switch SG350 thinking that we will create all vlans and use intervlan routing after that we will make confg NAT to modem?

 

i need any solution  or advise if we create vlans  in sg350 how can i get internet to all vlan.

 

 

In that case, the only way to make these VLANs work would be to purchase and install a router or firewall that does have the ability to create static routes or understand 802.1q VLAN tagging. You might be able to continue using the "Internet modem" as purely a modem only but I can't say for sure without knowing the make and model. You may have to purchase a modem as well that only works as a modem.

Please advise:

 

i will create may be 3 to 4 vlan with SVIs

After that i will create DHCP server and Intervlan routing so each vlan can communicate each other, and a default route to ISP modem

And i will let from ISP configure NAT on modem the solution work ????

 

 

Thank you for your support

 

Can you please suggest me low cost Cisco router model in which i can make Layer3/routing/NAT features and run multi vlans.

and as said earlier from ISP side only i will get a dhcp ip ,

please provide me a work around solution or command how can route all my vlan subnet to internet modem after purchasing router

Not sure what your budget is but my suggestion would be the Cisco Firepower 1010 (https://www.cisco.com/c/en/us/solutions/small-business/security/firewalls.html). It will do all the things we've been talking about in this post and much more.

Content for Community-Ad