Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3388
Views
0
Helpful
22
Replies

SG250-08 - VLAN for printers - no communication

Go to solution
GBaumann
Level 1
Level 1

‎06-22-2023 02:22 AM

Hi Cisco community,

I´m new here and hope someone can give me a hint so I can resolve my problem.


I am trying to use the Cisco SG250 (latest firmware -2.5.9.16) for network segregation.

I would like to have two VLAN. 

VLAN 1: Workstations

VLAN 2: Printers

I would like to have two different subnets.

Subnet VLAN 1: 192.168.2.1 - 255.255.255.0 (default)

Subnet VLAN 2: 192.168.20.1 - 255.255.255.0

I would like to control communication protocols (disallow SNMP, RAW printing on TCP9100 etc) through the VLAN setup on the Cisco SG250.

I have so far managed to create the additional VLAN for the printers, make a IP interface (static 192.168.20.1).

I have added port 2 (GE2) to VLAN 2.

I have changed the switchport mode for this port to "Layer 3" (all others are still "Layer 2").

My local computer has the IP 192.168.2.103

I have manually configured the printer to have 192.168.20.100

My router has 192.168.2.1 and is providing DHCP for that subnet.

The problem is, I cannot communicate with the printer at all. I can´t ping it, open the webinterface etc.

What am I not doing correctly? I have followed this video as well: https://www.youtube.com/watch?v=ZdEe7cU3x1Q&ab_channel=Cisco 

In the comments someone says that the port needs to be switched to "Switchport Mode 3" for this to work.

Maybe someone can help me out? I am only using the GUI, not SSH etc.

I wonder if my approach with setting a static IP to a port and VLAN is correct?

My thinking is, I associate a port with VLAN 2 and give that port an IP out of the range I want to use for my printers (Poer -> 192.168.20.1 and then the printer on 192.168.20.100). Should this work?

Also, do I only need to switch the Switchport Mode to Layer 3 for the port the printer is connected to?

I have triad changing the port my computer is connected to the switch to Layer 3 as well. FOr some reason I then loose connection to the switch.

I´m out of ideas.

Hoping for some help Thank you!

Labels:
Preview file
86 KB
Preview file
140 KB
Preview file
118 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GBaumann
Level 1
Level 1
In response to Richard Burts

‎07-18-2023 12:30 AM

Hi Richard, hi community.

finally I have this sorted. Let me outline my current (working) configuration.

My (ISP) router, a AVM FritzBox 7590ax now has the following setup:

IP 192.168.178.1
I added a IPv4 static route to 172.16.10.0 (I wanted to move to a 172 subnet).
This is where I believe the issue was all along. If I add the static route with 172.16.10.1 (this is the static IP on my Cisco for the printer VLAN), it´s not going to work. I needed to configure the static route using the subnets IP with the zero at the end, so 172.16.10.0 (NOT 172.16.10.1).

My Cisco SG 250 has the following config now:

IP is 192.168.178.24 - VLAN1 (DHCP from ISP router)
VLAN 2 has static IP of 172.16.10.1 (Ipv4 routing enabled)

Printer:
IP: 172.16.10.50
Gateway: 172.16.10.1

I´m very thankful for your help and patience!

Bye for now.

 

View solution in original post

0 Helpful
22 Replies 22

Go to solution
Flavio Miranda
VIP
VIP

‎06-22-2023 04:14 AM

Hi

You need to leave interface GE1 and GE2 as Layer2. When you put an interface as layer3 it does not belong to a Vlan anymore.

You create vlan 1 and Vlan2

Assign IP address to both  Vlans

You need to enable "ip routing"

Put interface GE1 in one vlan as layer2

Put interface GE2 in one vlan as layer2

Try to ping from PC to printer and vice-versa

 

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-22-2023 08:43 AM

Thanks for your fast reply, I will give it a go later on.

So the first VLAN is the one the Cisco SG250 is on itself (through DHCP)?

Or do I end up with the DHCP VLAN (that is already there -> the default one) plus two additional VLANS (Workstations and Printers)?

Thank you!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to GBaumann

‎06-22-2023 08:52 AM

I would crate the vlans.  You must  be able to assign DHCP for any vlan you have as long as you create appropriate  DHCP pools for all of them.

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-22-2023 10:47 PM

Thanks for your reply on this. It seems as if the SG250 does not support DHCP host pools unfortunately.

That leads me to the conclusion that I need to configure the IP on my printers statically.

Please correct me if I´m wrong.Thank you!

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-23-2023 12:27 AM

Hello,

I followed your recommendations but still cannot connect to the printer. The ping command on the router (in the Cisco web interface under administration) shows that ping works from the SG250 to the printer, but I can´t ping the printer from my computer and also can´t connect to the printers web interface. I have switched my Windows firewall off completely already.

I´m puzzled. 

What is confusing me it the IP address I give the port (VLAN 2 - 192.168.20.1) in correlation with the static IP I need to give my printer. My assumption being, the printer IP needs to be in the same subnet as the IP address of the port I configured through IPv4 Interfaces, right?

Aside from that, would I need to configure any kind of access control or are all ports and protocols allowed across both VLANs if I have IPv4 Routing enabled (wich I have).

Any other hint would be highly appreciated.

Thanks!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to GBaumann

‎06-23-2023 01:49 AM

If you can ping the printer from the SG but you can not ping from other vlan this means either the Printer has no default gateway configured or you did not enable ip routing on the SG250

 And Yes, if the vlan"s ip address is 192.168.20.1, the printer must have ip on the range 192.168.20.x , same subnet mask you used on SG.

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-23-2023 05:44 AM

Thanks again.

I still don´t have this working.

The printer does have the gateway 192.168.2.1 configured.

I also tried 192.168.20.1.

Makes no difference. Why does this not work?

Is there anything else I need to look at?

Thanks!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to GBaumann

‎06-23-2023 05:58 AM

Let me recap:

Vlan1:

ip address 192.168.2.1 255.255.255.0

PC on this vlan with IP address 192.168.2.x and gateway 192.168.2.1

Vlan2

ip address 192.168.20.1 255.255.255.0

Print on this vlan with IP address 192.168.20.x and gateway 192.168.20.1

Is that the scenario you have?

If so and if you have IP routing enable, they must ping each other.

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-23-2023 06:03 AM

That is 100% my config, yes. 

I also just checked IPv4 Routing and it is enabled.

2023-06-23_15-00-56.jpg

Strange. I must be missing something really obvious I get the feeling.

Anything else I could look into? I save the changes every time too, but that shouldn´t even be necessary with the settings I am changing, right?

Thanks a hundred!

 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to GBaumann

‎06-23-2023 06:16 AM

 Are using 192.168.2.194 as gateway for devices in vlan 1 ?

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Flavio Miranda

‎06-23-2023 07:21 AM

I agree with @Flavio Miranda we had been assuming that the gateway for vlan 1 would be 192.168.2.1 but needs to be 192.168.2.194. The screen print does show that ip routing is enabled, it is good to have verification of that. Please verify the IP address of the printer is in 192.168.20.x, that it has correct subnet mask, and that the gateway is 192.168.20.1.

HTH

Rick
0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Richard Burts

‎06-23-2023 07:34 AM

Thanks @Flavio Miranda This is where I am a bit lost.

My network actually has a router which is providing DHCP, it´s provided by my ISP.
It has the IP 192.168.2.1

VLAN 1 has received a DHCP lease from this router. Do I need to change that somehow?

@Richard Burts when you say "The screen print does show that ip routing is enabled, it is good to have verification of that", I am not quite sure what you mean as the capture shows the tick box "IPv4 Routing as enabled.

Where else would I check that or enable it?

 

Thanks again!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to GBaumann

‎06-23-2023 07:51 AM

@GBaumann 

 Not a problem the ISP router providing the DHCP but you need to check on the machine with "ipconfig" which default gateway you are receiving.

If you are receiving 192.168.2.1 , which probably is, you may have problem because the traffic from vlans will be sent to the ISP Router.

 Can you ask them to change the DHCP scope and assign 192.168.1. 192 as default gateway? If not, you may need to work with static IP only on both vlans.

 

0 Helpful

Go to solution
GBaumann
Level 1
Level 1
In response to Flavio Miranda

‎06-23-2023 08:16 AM

Ah, ok. @Flavio Miranda you are right, my computer has the gateway 192.168.2.1 set.

Unfortunately I cannot change the scop of the DHCP server on this router, it is very limited.

I recall there was some way of adding an alternative IP configuration in Windows, might have a play with that or at least see if it will work when I configure my computers IP statically. That way I have control over the gateway address.

I´ll check that out and come back on results.

Thanks for all your help!

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card