Solved: SG250 configuration

Peavy · ‎11-19-2020

I'm trying to configure my new SG250-08 for my home network. I'm not very familiar with configuration of switches and or routers. I managed to create 3 VLAN's on the switch and I'm able to ping between all VLAN's including VLAN1. I can also ping from GE1 (layer 3) in in one of the VLAN's to my (VLAN unaware) router. But I can't ping from the other VLAN's (including VLAN1) to my router. Attached is my startup configuration. My router has an IP-address of 10.210.96.1/19.

I've tried many variations in interface and VLAN configurations but the result stays the same.

What am I doing wrong?

Seb Rupik · ‎11-20-2020

Hi there,

The routed interface Gi1 on the SG250 uses a /24 netmask, but you have configured the same connecting segment on the netgear with a /19 which also covers the VLAN 1 and VLAN 70 subnets. This means your netgear will not send packets to those IPs via a gateway, instead it will try and reach them via Layer2 and fail. I would change the interface on the netgear to a /24 (255.255.255.0). I am not sure why the netgear didn't like those routes, but addressing the /24 issue may fix it.

Your issues with pings failing will be fixed by sorting this routing problem. You next logical step would be to reach out to the internet and for that to work you will need your netgear to know that it must NAT VLANs 1 and 70 .

cheers,

Seb.

View solution in original post

Seb Rupik · ‎11-22-2020

Defining static 1:1 NAT for devices on your new VLANs would be a pain. Using DD-WRT would certainly give you the NAT options you require to get this setup working.

Please mark this question answered if we have covered the original issue.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎11-20-2020

Hi there,

You router has no idea how to reach the VLANs you have configured on the SG250. The router will need routing table entires that direct traffic for these new VLANs towards the switch:

!
ip route 10.210.97.0 255.255.255.0 10.210.96.254
ip route 10.210.125.0 255.255.255.0 10.210.96.254
!

the route will also need to be able to NAT those new VLANs two, this is normally achieved by editing a NAT ACL.

These seem like simple fixes but most ISP routers will not have the capability to be configured beyond changing its default LAN subnet!

What router are you using?

cheers,

Seb.

Peavy · ‎11-20-2020

Hi Seb,

Thanks for your reply. My ISP's cable router is in bridge mode. The SG250 is connected to my private Netgear WNDR3700 router.

I tried setting up static routes like you mentioned in the WNDR but I keep getting a message 'invalid IP address' from my router. I defined 10.210.96.1 as the IP-address for my router with subnetmask 255.255.224.0 and I use the router as a DHCP-server for the range 10.210.96.200 through 10.210.96.253. The switch uses static IP-addresses outside the DHCP-range.

Not sure if NAT is important in my setup, is it?

Any idea why the router wouldn't accept the IP-addresses?

Seb Rupik · ‎11-20-2020

Hi there,

The routed interface Gi1 on the SG250 uses a /24 netmask, but you have configured the same connecting segment on the netgear with a /19 which also covers the VLAN 1 and VLAN 70 subnets. This means your netgear will not send packets to those IPs via a gateway, instead it will try and reach them via Layer2 and fail. I would change the interface on the netgear to a /24 (255.255.255.0). I am not sure why the netgear didn't like those routes, but addressing the /24 issue may fix it.

Your issues with pings failing will be fixed by sorting this routing problem. You next logical step would be to reach out to the internet and for that to work you will need your netgear to know that it must NAT VLANs 1 and 70 .

cheers,

Seb.

Peavy · ‎11-20-2020

Hi Seb,

Your suggestion worked. I didn't realize that the router would try to work on layer 2 because the switch was on the same subnet. So I changed the subnet mask of the router to /24. This probably also explains why the static routes failed, because the IP-addresses were on the same /19 subnet. With the /24 subnet mask I can define the static routes. Now pinging the router from the VLAN's works! Reaching the internet still doesn't work but I will dive into the NAT which is a totally new area for me. I'll let you know how that works out. Thanks a lot for your help so far!

Peavy · ‎11-21-2020

So I assume the problem is that the WNDR doesn't NAT the IP-addresses of the VLANs because they are outside the router's subnet. From what I read so far is that I need to add static IP-addresses in my ISP-IP-range and route them to the IP-addresses of the VLANs. I'm thinking of installing DD-WRT on the WNDR because the factory firmware has almost no NAT configuration options. Do you think I'm on the right track here?

Edit: Or should I define VLAN1 as the external IP for the other VLANs?

Seb Rupik · ‎11-22-2020

Defining static 1:1 NAT for devices on your new VLANs would be a pain. Using DD-WRT would certainly give you the NAT options you require to get this setup working.

Please mark this question answered if we have covered the original issue.

cheers,

Seb.