Solved: Re: Can not get internet after creating vlans on cisco sf300-24 switch?

bangalore.samanta08 · ‎10-30-2019

I have a cisco sf300 switch. So I created a 4 vlans on cli mode and I had given a four static ip on vlan Those are vlan10 192 168 10 1 vlan20 192 168 20 1 so on I connected the default vlan 1 with a sophos firewall which gives a ip address 172 16 16 17 automatic So I am not getting internet access to my al vlans I was trying to change static route but I am unable to make it success. What do I do What are mistakes causing problems?

Jo Kern · ‎11-01-2019

The Sophos needs to know about the 192.168.10.0/24 etc Subnets and you need to set a static route on the Sophos to point 192.168.10.0/24 to172.16.16.17.

One entry for each subnet.

The switch needs to have an entry like this in the forwarding table:

In your case it should have as next hop the ip address of uor sophos and as VLAn it should have VLAN1

This should be created automatically when the switch gets the IP address from the Sophos via DHCP.

View solution in original post

bangalore.samanta08 · ‎11-03-2019

Hi Sir,
But I am getting internet on my default vlan that is vlan1, This vlan has
default route. I can not enter static route to my all vlan like
vlan10,20,30

View solution in original post

balaji.bandi · ‎10-31-2019

sf300-24 - is a switch - the natting and routing need to take place on your router or Firewall.

you need to NAT your 192.x.x,x IP with 172.X.X

or configured Sophos to act as a router and NAT 192.X.X with your ISP Public IP address.

here is a good discussion about Sophos FW how you can achieve your requirement

https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/34347/vlan-setup-on-sophos-utm-9-with-cisco-sg500-layer-3-switch#pi2353=2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bangalore.samanta08 · ‎11-03-2019

Hi Sir,
But I am getting internet on my default vlan that is vlan1, This vlan has
default route. I can not enter static route to my all vlan like
vlan10,20,30

Jo Kern · ‎11-01-2019

The Sophos needs to know about the 192.168.10.0/24 etc Subnets and you need to set a static route on the Sophos to point 192.168.10.0/24 to172.16.16.17.

One entry for each subnet.

The switch needs to have an entry like this in the forwarding table:

In your case it should have as next hop the ip address of uor sophos and as VLAn it should have VLAN1

This should be created automatically when the switch gets the IP address from the Sophos via DHCP.

bangalore.samanta08 · ‎11-05-2019

Nice I got yours point sir thank you very much.

One more query sir. Do need I need to do on my sophos same routing table?

I have given ip ip address like this folllowing 192.168.10.1 for vlan10 Its not correct I think. Can I give like 192.168.10.254 on cli of sf300?

2nd is I had given same routing table on the sf300 routing table but sf300 does not accept all this?

What to do?

May be this default routing is causing problems?

Jo Kern · ‎11-06-2019

You might need to change the SF300 to "layer3" mode in systems settings.

And yes you need to add an entry on the Sophos to route all subnets to the SF300

bangalore.samanta08 · ‎11-06-2019

Thank you Sir, I got proper solution from you. As I am new to the Cisco networking. So I need to know that What is the meaning of destination, source, next hops..

Suppose vlan 10 got 192.168.10.1 and 192.168.20.1 vlan 20 So What do I write on the

and sophos getway is 172.16.16.16 so What shall I write on routing table

Source: ?????

Destination:???????:

On SF300 destination:?????

and NextHops:??????

???=IPs .

Thank you.

Jo Kern · ‎11-10-2019

The routing table on the Sophos needs an entry like:

On the SF300 you need

Destination Subnet 0.0.0.0 Next Hop 172.16.16.16

Vlan 10 got 192.168.10.1

VLAN 1 has IP address 172.16.16.17

Sophos Gatway is 172.16.16.16

On the Sophos you need for VLAN 10:

Destination Network 192.168.10.0 Next Hop 172.16.16.17

Best

Jo

bangalore.samanta08 · ‎11-19-2019

Hi Sir,
I need to know one more thing tried the same thing. But its not happening.
I got the dhcp ip from the Sophos. Is this the cause this problems?
One more thing If I use RV042 router One routing table of this router is asking for some information like destination and mask and getway.
Destination information will be the vlan 10 network address.
mask and what shall be ip on getway on the router?
Suppose
vlan 10 192.168.10.0 255.255.255.0
vlan 1 ip is 172.16.16.17
vlan1 router default getway is 172.16.16.16

on Switch I will made this
ip route 0.0.0.0 0.0.0.0 172.16.16.17

Please tell the where is the wrong on my concepts?

bangalore.samanta08 · ‎11-05-2019

great sir. I understand the solution. Still I have questions. Please answer.