I am re-configuring the SG500 in L3 mode, but have not had success accessing the internet on it. The current configuration is below, and is as far as Cisco Support and I got with the device last week.
Arris Router Subnet: 192.168.0.x/24, Router Gateway Address: 192.168.0.1
SG500 port 16: Access Mode, Subnet: 192.168.0.x/24, Gateway Address: 192.168.0.2, Untagged
Machine connected to port 15: Access Mode, Subnet: 192.168.10.x/24, Untagged
SG500 other config items:
Inter-VLAN routing enabled
From the host machine on 192.168.10.x, I can ping the interface on 192.168.0.2 on the SG500, but cannot reach the gateway at 192.168.0.1.
I relocated for a new job, and am working remotely. The setup, as I've shown, is different than the configuration used when it was working on the internet in the past in other cities. This configuration is what Cisco Support has currently recommended I do. I'm pretty good with configuring the internal VLANs once internet is setup, but this internet connectivity part of the setup has never been completely clear.
It is important that I get it working as soon as I can using separate VLAN's for work and home. The ISP router alone is very problematic. It has almost no configurable interfaces or options and basic things I use for home and work don't exist on it at all. All assistance is welcome and appreciated!
Arris Router Subnet: 192.168.0.x/24, Router Gateway Address: 192.168.0.1
Hope 192.168.0.1 Lan site of the Router where Switch SG500 connected ?
So your setup looks as below :
Internet ISP ( Router Arris) (192.168.0.1)----(192.168.0.2) SG500) LAN 192.168.10.X ?
In the above case, on Arris Router you need a static route for the 192.168.10.X /24 network towards 192.168.0.2 ( for the 192.168.10.X network to reach 192.168.0.1
Also in the Arris router, you need to add 192.168.10.X network in network address translation for that subnet to go to the interenet.
what is the device IP address and Gateway for the Lan side ? Please confirm also.
We do not have details of how the switch is configured but believe that it is probably good enough. I believe that BB has correctly identified 2 issues, either of which would prevent Internet access for devices connected in 192.168.10.0. They need to be addressed on the ISP router. We do not know what device that is but given the comments in the original post about limited capabilities of the ISP router I am concerned whether it will be feasible to get this to work on that device.
Thank you both for your inputs. It is greatly appreciated since this is still causing significant delays for many things right now.
BB, your assumption about how the configuration looks is correct.
The SG500 has, on it's own, setup default routes to the internet from 192.168.10.x, which can be seen in the UI.
Since both routers are in L3 mode, it was my understanding that the usual routing protocols would discover the shortest proper routes to anything inside the class C address space (since they are not route-able on the internet, if indeed they were doing proper routing between each). Since all internal networks on the SG500 are untagged with this configuration as recommended by Cisco, I would assume (maybe incorrectly) that the only IP address the ISP router would communicate with would be the 192.168.1.2 address of the interface of the SG500 and wouldn't need to have knowledge of the other subnets (since not connected to it in trunk mode)... which would imply the SG500 would do translation to the other subnets using it's own tables.
Are you saying that all traffic incoming to the Arris router would need a static route to 192.168.0.2 (interface of the SG500 on the Arris internal Lan)?... Then, the SG500 could use it's own greatly superior hardware to perform translation on a per subnet/VLAN basis and not rely on the highly limited abilities of the ISP router?
The ISP router also has the ability to operate in bridge mode. I have not gone down this path because getting support to get the SG500 as far as I have was very difficult.
Even though the device is essentially new, vastly better than any ISP or consumer router for overall quality and connectivity performance, and there is a very real very protracted silicon shortage, I have not been able to get almost any support for configuring it through formal channels; not even after offering to buy a support package.
I should mention that bridge mode is an option on the ISP router, in full disclosure, in case it would be helpful. But also add that like anyone configuring the Cisco would do, the risk of having it's management interface on the internet would need to be worked out sooner than it would be otherwise.
To answer your other question, I don't have a static WAN IP address.
Thanks again everyone, very much appreciated!
reading through your post, I think it would be easier if you just add a simple schematic drawing showing how the devices are connected, and which IP addresses are configured where.
I am confused by this:
--> that the only IP address the ISP router would communicate with would be the 192.168.1.2 address of the interface of the SG500
Where is 192.168.1.2 configured ?
WAN IP (Dynamic IP) <|> Lan ISP Router IP Management Interface (192.168.0.1)<---Direct Connection---> SG500 L3 Mode IP (192.168.0.2 - Static IP)
SG500 Port connected to Arris Router configured as Access/Untagged, other VLAN's sit on SG500 with the test VLAN 192.168.10.x unable to access internet. Test VLAN port configured as Access/Untagged.
The original poster said "it was my understanding that the usual routing protocols would discover the shortest proper routes to anything inside the class C address space". We do not have any information that any dynamic routing protocol is configured. The only routing information that is enabled by default is routing for locally connected subnets. If the Arris router is to know about 192.168.10.0 then either the Arris router needs a static route for that subnet or needs to be configured for a dynamic routing protocol - and in that case the SG switch also needs to be configured for the dynamic routing protocol.
The original poster also said "which would imply the SG500 would do translation to the other subnets using it's own tables." The SG switch does not have support for nat, so the Arris router would need to be configured to translate the 192.168.10.0 subnet.
Thank you for the clarification.
I've had some resistance to diagnosing issues with internet connectivity with it, but once set the SG works better than anything else I've worked with.
I am trying to understand everything possible about the internet connectivity part, so I can be precise when I go back and ask the ISP to do what's needed to get up and running.
In the past, I used something called PAT, port address translation, and the internet connected port (connected to the Arris local lan) had an IP address assigned to that subnet on that LAN.
If it would be simpler, which it sounds like it would be, which dynamic routing protocol would make the most sense to enable on the SG to allow the device the opportunity to "solve" routs on it's own before going back to the ISP and asking for updates to be made on the back end of the Arris device?
If we enable such a protocol, would the current configuration set (with each port type, connected to local subnets 192.168.x.x for local devices and to 192.168.1.2 for the single port connecting to the Arris device) need to be switched away from Access Port configuration and over to PAT, somehow, with an assigned IP on the Arris connected SG port = 192.168.1.2, as it was in the past?
Ideally, the SG is the device we want to perform routing, since this allows me to maintain independent subnets between work and home devices.
Thanks very much!
You ask which routing protocol to use. There are several possibilities. I might start with OSPF. RIP would also be a possibility. I am not clear what protocols the Arris supports but suspect that it does not support EIGRP.
If you get the routing issue resolved there will also be a need for address translation. So that would be something to ask the ISP about.