Solved: Router on stick? RV345+SG200

ManoaChris · ‎01-27-2021

I am trying to use multiple VLANs with an RV345 router and SG200 50-port switch. The VLANs themselves and internet access are working great, but I cannot ping from one VLAN to the other.

Details:

InterVLAN Routing is selected for all VLANs on the RV345 VLAN settings page
VLANs are correctly tagged on the SG200, and intra-VLAN and internet access work fine
hosts on different VLANs connected directly to RV345 ports *can* connect
hosts on different VLANs connected to SG200 ports *cannot* conenct
tried: changing SG200 VLAN interface settings to disable ingress filtering and admit all frame types
tried: using VLANs 2 and 3 (based on reports of VLAN1 problems on RV34x routers
tried: disabling the firewall on the RV345
tried: adding static routes on the RV345

Any suggestions?

ManoaChris · ‎02-03-2021

Unfortunately, I have been unable to resolve this. Although the SG200 provides basic VLAN support, there does not appear to be a way to implement inter-VLAN routing, at least with an RV345 router. I wonder if the issue is that the SG200 can only have a single IP address in a single VLAN, and so support is limited to preserving and forwarding VLAN tags onto the router.

Anyway, I purchased an SG500, enabled layer 3, and inter-VLAN routing is working fine now.

View solution in original post

balaji.bandi · ‎01-27-2021

Where is this VLAN Layer 3 configured on SG200 or RV 345 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ManoaChris · ‎01-27-2021

Thanks - SG200 isn't layer 3 capable, so all it is doing is mapping and supporting tags on the ports. RV345 has the VLANs configured with cross-VLAN routing enabled (and working as long as it doesn't touch the SG200).

balaji.bandi · ‎01-27-2021

Appolgies, i was in impression SMB switches do Layer3, but SG200 not,

if RV doing all VLAN Interface and routing, you need to Look Inter-vlan routng document which you might have read.

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1393-Inter-VLAN-Routing-with-Targeted-ACL-Restrictions.html

check this thread :

https://community.cisco.com/t5/small-business-routers/rv345-static-routing-inter-vlans-not-working/td-p/4136400

Still an issue, if any new firmware available upgrade and test please.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ManoaChris · ‎01-27-2021

Thanks for the suggestions - some thoughts:

1.Yes, I saw that documentation previously. Basically you just need to check the box for interVLAN routing. I have no ACLs, and interVLAN works on the RV345 ports, but not passing through the SG200.

2. Hadn't seen the thread you shared, but reading through it, issue seemed to be a misunderstanding of tagging -- consistent with the advice given, I have my trunks correctly tagged (untagged for native VLAN, tagged for others).

3. I'm already on the latest firmware for both devices.

I suspect I am missing some other configuration requirement on the SG200, but it doesn't seem to be obvious.

balaji.bandi · ‎01-27-2021

just input may help you ( i may be not expert of SGswitches )

All Trunk ports must have tagged vlan added to them including the uplink going to the router RV.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ManoaChris · ‎01-27-2021

Yes, the trunks have all VLANs tagged (except for the native VLAN which is untagged) on both the SG200 and corresponding ports on the RV345.

balaji.bandi · ‎01-27-2021

Just for reference :

https://www.megajason.com/2016/03/03/how-to-set-up-vlans-when-you-dont-understand-vlans/

can you post show run from SG200 to look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ManoaChris · ‎01-27-2021

No SSH support on SG200, but the web UI does allow download of a config file:

—

config-file-header
switch305808
v1.4.9.4 / R800_NIK_1_4_205_011
CLI v1.0
set system
file SSD indicator plaintext
@
port jumbo-frame
vlan database
vlan 2-3
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
green-ethernet energy-detect
green-ethernet short-reach
hostname switch305808
ip http authentication aaa login-authentication http none
no passwords complexity enable
username cisco password encrypted 36ef150d24bf8bfd5a5833b1179a2c22ef0be893 privilege 15
snmp-server server
ip http timeout-policy 0
no ip http secure-server
ip domain timeout 1
ip domain polling-interval 4
!
interface vlan 2
name "VLAN2"
!
interface vlan 3
name "VLAN3"
!
interface gigabitethernet1
switchport mode general
switchport general allowed vlan add 2 tagged
switchport general ingress-filtering disable
lldp med disable
!
interface gigabitethernet2
switchport mode general
switchport general allowed vlan add 2 tagged
switchport general ingress-filtering disable
lldp med disable
!
interface gigabitethernet3
switchport mode general
switchport general allowed vlan add 2 tagged
switchport general ingress-filtering disable
lldp med disable
!
interface gigabitethernet4
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet5
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet6
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet7
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet8
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet9
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet10
channel-group 3 mode auto
lldp med disable
!
interface gigabitethernet11
channel-group 2 mode auto
lldp med disable
!
interface gigabitethernet12
channel-group 2 mode auto
lldp med disable
!
interface gigabitethernet13
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet14
lacp timeout short
channel-group 1 mode auto
qos cos 3
lldp med disable
!
interface gigabitethernet15
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet16
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet17
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet18
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet19
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet20
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet21
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet22
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet23
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet24
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet25
switchport mode general
switchport general allowed vlan add 2 untagged
switchport general ingress-filtering disable
switchport general pvid 2
lldp med disable
switchport default-vlan tagged
!
interface gigabitethernet26
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet27
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet28
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet29
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet30
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet31
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet32
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet33
switchport mode general
switchport general allowed vlan add 2 untagged
switchport general ingress-filtering disable
switchport general pvid 2
lldp med disable
switchport default-vlan tagged
!
interface gigabitethernet34
channel-group 3 mode auto
lldp med disable
!
interface gigabitethernet35
channel-group 2 mode auto
lldp med disable
!
interface gigabitethernet36
channel-group 2 mode auto
lldp med disable
!
interface gigabitethernet37
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet38
lacp timeout short
channel-group 1 mode auto
qos cos 3
lldp med disable
!
interface gigabitethernet39
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet40
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet41
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet42
switchport mode general
switchport general allowed vlan add 2 untagged
switchport general ingress-filtering disable
switchport general pvid 2
lldp med disable
switchport default-vlan tagged
!
interface gigabitethernet43
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet44
switchport mode general
switchport general allowed vlan add 2 untagged
switchport general ingress-filtering disable
switchport general pvid 2
lldp med disable
switchport default-vlan tagged
!
interface gigabitethernet45
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet46
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet47
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet48
switchport trunk allowed vlan add 2
lldp med disable
!
interface gigabitethernet49
lacp timeout short
channel-group 4 mode on
qos cos 3
lldp med disable
!
interface gigabitethernet50
lacp timeout short
channel-group 4 mode on
qos cos 3
lldp med disable
!
interface Port-channel1
flowcontrol on
description workstation
qos cos 3
switchport mode general
switchport general allowed vlan add 2-3 tagged
switchport general ingress-filtering disable
!
interface Port-channel2
flowcontrol auto
description NAS
switchport mode general
switchport general allowed vlan add 2-3 tagged
switchport general ingress-filtering disable
!
interface Port-channel3
flowcontrol on
description DVR
switchport mode general
switchport general allowed vlan add 3 tagged
switchport general allowed vlan add 2 untagged
switchport general ingress-filtering disable
switchport general pvid 2
switchport default-vlan tagged
!
interface Port-channel4
flowcontrol auto
description LAG4
qos cos 3
switchport trunk allowed vlan add 2-3
!
exit

ManoaChris · ‎01-27-2021

I looked at this link:

https://www.megajason.com/2016/03/03/how-to-set-up-vlans-when-you-dont-understand-vlans/

He suggests that the trunk ports between switches be set up with all VLANs tagged (and nothing untagged). Such a configuration isn't possible on either the RV345 or the SG200 -- each port must have at least one VLAN untagged (native) or in the words of the Cisco web error message must be a member of at least one VLAN.

balaji.bandi · ‎01-27-2021

thank you, can you please point me which interface connected to RV ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ManoaChris · ‎01-27-2021

Yes, it's LAG4 (which is an aggregate of the uplink ports 49+50). FWIW, I also tried it with the LAG removed but saw same issue.

ManoaChris · ‎02-03-2021

Unfortunately, I have been unable to resolve this. Although the SG200 provides basic VLAN support, there does not appear to be a way to implement inter-VLAN routing, at least with an RV345 router. I wonder if the issue is that the SG200 can only have a single IP address in a single VLAN, and so support is limited to preserving and forwarding VLAN tags onto the router.

Anyway, I purchased an SG500, enabled layer 3, and inter-VLAN routing is working fine now.