Solved: Re: SG500 28P L3 Enabled - Internet Access Not Working - Page 2

PH42420 · ‎06-05-2021

I am re-configuring the SG500 in L3 mode, but have not had success accessing the internet on it. The current configuration is below, and is as far as Cisco Support and I got with the device last week.

Arris Router Subnet: 192.168.0.x/24, Router Gateway Address: 192.168.0.1




SG500 port 16: Access Mode, Subnet: 192.168.0.x/24, Gateway Address: 192.168.0.2, Untagged




Machine connected to port 15: Access Mode, Subnet: 192.168.10.x/24, Untagged




SG500 other config items:

Inter-VLAN routing enabled

L3 Mode

From the host machine on 192.168.10.x, I can ping the interface on 192.168.0.2 on the SG500, but cannot reach the gateway at 192.168.0.1.

I relocated for a new job, and am working remotely. The setup, as I've shown, is different than the configuration used when it was working on the internet in the past in other cities. This configuration is what Cisco Support has currently recommended I do. I'm pretty good with configuring the internal VLANs once internet is setup, but this internet connectivity part of the setup has never been completely clear.

It is important that I get it working as soon as I can using separate VLAN's for work and home. The ISP router alone is very problematic. It has almost no configurable interfaces or options and basic things I use for home and work don't exist on it at all. All assistance is welcome and appreciated!

PH42420 · ‎11-21-2021

The Arris router is the COX router. There are only two devices total, the SG switch and the Arris(COX) router.

It also appears several vulnerabilities have been discovered since June of this year (https://www.cisco.com/c/en/us/support/switches/sg500-28-28-port-gigabit-stackable-managed-switch/model.html#~tab-documents). I've got my fingers crossed those have been resolved in the current software. It's been a few years. This device has been packed away after I took time away from work to care for family, unexpectedly. Still, I remember clearly the overall quality and performance of this hardware was excellent.

I'm looking through the current manuals for the command, no switchport. No luck locating it so far, but will keep you posted.

Georg Pauwen · ‎11-27-2021

Hello,

from the CLI, you need to set the mode to layer 3 first:

set system mode router

Then the

no switchport

interface command is available.

PH42420 · ‎12-04-2021

Is that command,

no switchport

, suppose to invoke options for the interface? When I enter it in config mode,

Unrecognized command

is returned.

Richard Burts · ‎12-04-2021

Patrick

There is some confusion about whether the

no switchport

command is supported on this switch. As one step in checking this out would you post the output from this command

show system mode

and as a next step would you post the output of the command "?" when in interface config mode?

I would also comment that

no switchport

is an option - not a requirement. If you are having problems in getting it to work then I suggest that you not worry about it. Simply configure one vlan and its vlan interface for connection to the Arris/ISP router (192.168.0.2) and another vlan with its vlan interface for your inside network (192.168.10.0).

In reading through the discussion again I am paying particular attention to this statement:

From the host machine on 192.168.10.x, I can ping the interface on 192.168.0.2 on the SG500, but cannot reach the gateway at 192.168.0.1.

That suggests that the Arris/ISP router does not have a route to your subnet. The solution for that will need to be done on the Arris/ISP router.

HTH

Rick

PH42420 · ‎12-05-2021

I will take a look and reply with what I find.

For now, this is the current output of that command:

SG500#configure terminal
SG500(config)#interface ge 1/1/12
SG500(config-if)#no switchport
% Incomplete command

Best regards,

PH42420 · ‎11-21-2021

I think I've checked through everything, and it is looking like that command line option remains undocumented.

If anyone finds anything on this, anywhere, lets say hypothetically we want to assign a routed port in gigabit Ethernet 12 with ip address 192.168.0.3 so it is always static and present on COX/Arris 192.168.0.x 255.255.255.0 network.

PH42420 · ‎11-27-2021

Hi All,

It's been a few day's, and I appreciate everyone's support up to now.

Has anyone seen any resources related to where we've got so far?... To summarize:

1) A location where creating a routed port is documented either in CLI or Web UI?

2) Whether vulnerabilities listed in the devices top documentation page are resolved in the newest version of software?

Thanks again,

Patrick

Georg Pauwen · ‎12-05-2021

Hello,

if the router is in router mode (set system mode router) you can configure IP addresses on the interfaces. Attached the CLI guide.

Syntax
If the product is in router mode (Layer 3).

ip address ip-address {mask | /prefix-length}

https://www.sico-systems.de/wp-content/uploads/CLI_500.pdf

Richard Burts · ‎12-05-2021

Thanks for the additional information. This part of it is very interesting:

SG500(config-if)#no switchport
% Incomplete command

The response is not that the command is not valid, but is that the command is incomplete. Please try this and post the results:

SG500(config-if)#no switchport ?

HTH

Rick

PH42420 · ‎12-05-2021

Sure... I had to copy and paste a question mark into the CLI. The terminal moves to a new line every time I attempt to enter "?" using "Shift"+"/".

Richard Burts · ‎12-06-2021

Patrick

Thank you for the output. Clearly this command works very differently on this switch as compared to what I and some of my colleagues are familiar with on other switches. It is not clear that any of the options for this command would accomplish what we were describing, which is to change the switch port from operating as a layer 2 interface into a layer 3 interface. My suggestion is to configure this interface as a member of some vlan, and to configure a vlan interface for that vlan, and configure 192.168.0.2 as the address on the vlan interface. Then configure port 15 to be in some other vlan, configure a vlan interface for that vlan and assign a 192.168.10.x address to that vlan interface. If you do that then see if the computer connected to port 15 can ping the 192.168.0.1 address. If that ping is successful we have made a significant step forward. If the ping is not successful then it indicates that the Arris/ISP router needs a route to the 192.168.10.0 subnet.

HTH

Rick

PH42420 · ‎12-06-2021

Sounds good. I will give that a try and let you know how it goes.

I will just repeat one point for all viewing this thread. The Cisco engineer that helped set the device up long ago, with AT&T, did say that he was using PAT, Port Address Translation. His specific words were that we were going to "Assign an address to the port", and that ports address and configuration on the same subnet as the local LAN of the AT&T router would be unique to all other ports on the switch while it was in L3 mode.

I wonder if we can find that guy? This was in the summer of 2013, if memory serves.

Best regards,

Richard Burts · ‎12-06-2021

Patrick

I would guess that it is a very long shot that we might find the engineer that helped you set this up in 2013 (or whenever). But if by some chance that engineer sees this discussion I hope he will jump in to the discussion.

I wish that we had details of what that engineer did. It sounds like he set up a switch interface (probably a vlan interface with an associated port in that vlan) and used that vlan/subnet to route traffic from other switch ports to the ATT router. That is what we are suggesting now. I do not understand his calling this PAT. As far as I know this switch does not support address translation (neither PAT nor NAT). If someone knows differently please jump in.

HTH

Rick

PH42420 · ‎02-07-2022

Hello,

I wish I knew what he did, but the configuration he helped create was as described. It was in place for at least a year before I had to relocate.

Since I have relocated a second time, I feel as though I'm at a sort of impasse. The SG500 is no longer supported formally; as a result I see no realistic way of proceeding to use it. It is a real disappointment. I haven't used anything that's worked so well before or after.

After moving a second time to my current location, the issues I am experiencing with all my equipment are causing greater consternation and wasted effort than ever. The router provided by my ISP causes my streaming device, and cell phones, to loose connectivity multiple times a day resulting in having to restart devices many many times per day. These things had been functioning properly when connected to an RV160 just a few months ago.

At this point, I think the best course of action would be to take a recommendation from the group on a suitable replacement item which is fully supported by Cisco and which can be configured for ATT's fiber network quickly. I appreciate everyone's help up to now, and lament we were not able to get over the finish line. On the whole, it is better to have a device that has supported software and which will have it's vulnerabilities addressed for the reliability that's really needed in this situation.

Thanks everyone for the time and the help. If you have any thoughts on a comparable replacement similar to the SG500, or the RV series which has the functions of the SG500, that would be great.

Best regards,

Richard Burts · ‎02-08-2022

Patrick

I am sorry that we have not been able to find a solution using the SG500. Given that it is now not supported I agree that replacing it with something that is supported would be a good idea. I am not particularly expert in the Small Business routers area but based on what I do know I believe that there are several options in the RV router series that could be appropriate choices for you. Perhaps this link will be a starting point in selecting one that does what you want.

https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/models-comparison.html

HTH

Rick