Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
0
Helpful
1
Replies

Setup VLANs on Cisco SG500-28 Port - L3 Mode

syadav001
Level 1
Level 1

‎07-08-2015 03:02 AM - edited ‎03-03-2019 07:55 AM

I have Cisco SG-500-28 Port Gigabit switch, I need to setup VLANs on the switch and need to access internet from all VLANs.

 

Existing Setup:

1) 2 Internet Links are terminated on UTM- Cyberoam CR25iNG box

2) 2 LANs connected directly on UTM-Cyberoam

3) In both LAN gateway is Cyberoam e.g 10.100.0.1 and 172.16.10.10

4) Primary DNS IPs are same as gateway and secondary DNS IPs 10.100.0.17 and 172.16.10.100 ( DNS domain IP)

 

Proposed Setup:

1) VLAN 10  - Server

2) VLAN 20 - Management ( This VLAN can access all VLANs but should not be accessible from any other VLAN)

3) VLAN 30 - Development

4) VLAN 40 - QA

 

Except VLAN 20 all other VLAN should be accessible between each other, all users from all VLANs should have internet access.

I appreciate help with step-by-setups to complete this task.

SG-500 has web GUI.

 

P.S. We dont have any other router except UTM-Cyberoam Firewall.

 

E-Mail: syadav@surelinesystems.com

Labels:
0 Helpful
1 Reply 1

Mark Malone
VIP Alumni
VIP Alumni

‎07-08-2015 04:49 AM

Hi first thing to do if your intervlan routing on an SG is go to system mode before configuring anything and set it to layer 3 mode
you can try this below, you will need to tweak it to allow all your vlans and your specific ips etc, guide attached shows you how to do some as well this is just an example

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/administration_guide/500_Series_Admin_Guide.pdf

ip access-list extended MARK
permit ip 192.168.10.0 0.0.0.255 (internet ip routed port to firewall)---allow to internet
permit ip 192.168.20.0 0.0.0.255 (internet ip routed port to firewall)
permit ip 192.168.30.0 0.0.0.255 (internet ip routed port to firewall)
permit ip 192.168.40.0 0.0.0.255 (internet ip routed port to firewall)
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255--deny talking to other vlans
deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
exit


interface vlan 10
 ip address 192.168.10.1 255.255.255.0
 ip dhcp relay enable
!
interface vlan 20
 ip address 192.168.20.1 255.255.255.0
 ip dhcp relay enable

interface gigabitethernet1
 service-acl input MARK
 switchport mode access
 switchport access vlan 10
 switchport forbidden default-vlan

interface gigabitethernet1
 service-acl input MARK
 switchport mode access
 switchport access vlan 20
 switchport forbidden default-vlan

ip route 0.0.0.0 0.0.0.0 (firewall ip)

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card