cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8469
Views
5
Helpful
14
Replies

Connect 2 SG200-26 switches using two separate vlans

solo_admin
Level 1
Level 1

B"H

Okay, I'm going to cry uncle and ask the cisco community for help here...here's what i'm looking to accomplish.  I have two cabinets in a datacenter with four available cross connect cables.  I would like to set up two LAGs between the two switches each of which will carry one vlan across to the other.   My default vlan contains all of my servers on it (10.0.0.0/8), and my backup vlan (192.168.200.0/24) will only be used for iscsi traffic and data backups.  At the moment, I have one cable connecting the two switches and it works fine for the default vlan.  When I add in a second cable and set it to vlan 200, no matter what settings I try it just doesn't pass traffic.  I'm sure i'm doing something stupidly wrong, but hey, i never claimed to be a networking expert, so that's why I'm here asking for help!   

I've made several attempts to get the second connection working, tagged, untagged, trunk, access, etc.  Can someone either tell me what the real solution is, or point me at the proper documentation so I can solve this issue?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Hello Yitz,

The SG 200 switch does not support MSTP or PVST, PVST+. None of the small business products at this time support any proprietary protocol that is not IEEE or equivalant. The exception to this idea is CDP which was added about 18 months ago in the MRv 1.1 releases to better integrate with the voice solutions, onplus and interoperate with enterprise networks.

The work around that we have discussed yetserday within your case is to globally disable spanning tree and set the bpdu to filtering.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

14 Replies 14

Tom Watts
VIP Alumni
VIP Alumni

Hello Yitz,

After creating the lags, all you should have to do is set the lag to the appropriate vlan as untagged. It is no different than running 2 seperate wires to a respective vlan.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

B"H

Hi Thomas, 

     Thanks for the quick reply.  oddly enough, that was the first thing I tried and it just didn't work.  is it stp that's getting in the way?  here's my port vlan membership tables for both switches.  the wires (at the moment) are  between ports 1 and 1 for the first connect, and 26 and 26 for the second connect.  If I can get them working, i'll then go ahead and try to combine them into a LAG and have two each...at the moment, I cannot ping anything on the other side, only on the same side of the switch.

This is correct, you will not have access to anything on the other side. The traffic from the vlan 1 will talk to only vlan 1, the same said for vlan 200.

The router must understand both subnets to have the intervlan routing. Otherwise it will be 100% seperate. If your router can't understand the vlans or multiple subnet, you will require a layer 3 switch. That will get the intervlan communication up, then your router would need to support a static route to be able to get the other subnet to communicate with the internet correctly.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

B"H

Ah, that's just it though, I *don't* need inter-vlan traffic whatsoever!  The idea is to separate the two switches into four pretty much.  My backups vlan is to be completely separate from the main vlan and never the twain shall meet.  Vlan 200 will never see any traffic whatsoever except for specific hosts on that subnet (same servers, but separate nics on each).  I know I have the servers networking set up correctly, since I can ping from one to the other over the backup vlan...just *can't* get traffic from one switch to the other....

ugh, this is frustrating...did I forget to click the 'don't do stupid things' checkbox somewhere in the settings? 

Thanks again for your help here!

Hello Yitz,

I'm not clear if your question is answered so I will clarify to ensure we have good understanding. The challenge I feel you're facing or will be facing is as such;

  • A LAG cannot be configured while as a member of a VLAN

This means when you need to create both LAG before having a physical connection, otherwise spanning tree will knock one of them down

  • Once both LAG are created, you need to assign the LAG to the correct VLAN

VLAN Management > Port to VLAN, from here you choose the port or LAG and click GO. Specify the LAG to which VLAN you need

  • Spanning tree should not affect your switches provided the LAGs are created and correctly assigned, remember the switch is a layer 2 device, it does not have any care in the world about IP addresses so it's just a matter of everything matching for the LAG and VLAN configuration
-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

B"H

Okay, I think that may solve the issue. 

  • A LAG cannot be configured while as a member of a VLAN

This means when you need to create both LAG before having a physical connection, otherwise spanning tree will knock one of them down

I've been trying to make changes and assign vlans while the cables were already in place....silly me, what was I thinking?  Oddly enough, I suspected that stp was killing off the second connection in the first place.  I have to run up to the colo and pull some cables, but i'll let you know how it works out later today.

Thanks again!

B"H

Nope, no love here so far.   Cleaned everything up, set one LAG to the default vlan, one LAG to vlan 200 (with the cables out of course) fired them up, but no go.  it looks like everything is configured properly, there's just no traffic across the 200 LAG/vlan.  well, each individual switch has traffic from one machine to another on the separate vlans, no problem, and vlan 1 can pass traffic from one switch to another...but vlan 200 will not allow anything through from one switch to another. 

Any ideas how to debug/diagnose this?

Thanks in advance!

Yitz, give the SBSC a call

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

If you like, you can request the case assigned to me. Make sure to have your Cisco ID, device serial number and this community post link for the agent that answers the phone.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Yitz, I have labbed your topology.

I have a SG300 switch acting as a router with 2 vlan interfaces.

I also have 2 SG200 switches.

Port 1 from SG300 to port 1 of SG200 = vlan 1 access ports

Port 48 from SG300 to port 48 of SG200 = vlan 200 access ports

SG200#1 has LAG #1 port 2,3

SG200#1 has LAG #2 port 4,5

SG200#2 has LAG #1 port 2,3

SG200#2 has LAG #2 port 4,5

LAG #1 = vlan 1

LAG #2 = vlan 2

Oddly enough, spanning tree put my connections in vlan 200 in to discarding state, for both the lag and individual connection.  This is very odd behavior for me as it is pretty common practice to separate networks in this manner especially if you have 2 gateways, but it is also not rare to have a single router with 2 distinct interfaces. Additionally, on the spanning-tree pages, the status will record "N/A" for the LAG ports.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

B"H

Hi Thomas,

     So, does that mean it worked in your lab setup?  On mine, the RSTP Port role says disabled for the LAG on vlan 200.   My router has no knowledge of vlan 200 at all, as there is no need for my backup/iscsi traffic to ever go beyond the vlan.  it's just weird...i'm able to reach machines on either side of the LAG, but nothing passes between the two switches over vlan 200/LAG.  I know they're connected, as I get green lights on them, so it's not the cables...it's got to be something set incorrectly in the switch(es). 

Sorry for my n00bness, i'm just trying to get something to work that should 'just work'(tm), but it just isn't. 

No, it means spanning tree is misbehaving and it shouldn't be. For whatever reason, the spanning tree is viewing both LAG as a redundant link, when it fact, it shouldn't be.

A simplified example:

Switch #1

Port 1 untagged, access, vlan 1

Port 2 untagged, access vlan 2

Switch #2

Port 1 untagged, access vlan 1

Port 2 untagged, access vlan 2

Spanning tree should not put any port in to discarding state as it is 2 separate lan segments. If you would like to persue this issue, I implore you to call the SBSC as mentioned in my above post then request the service request to be assigned to me.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

B"H

yah, I was planning on calling in the morning...  can't do it now. 

Thanks!  i'm sure we'll get to the bottom of this!

Hello Yitz,

The SG 200 switch does not support MSTP or PVST, PVST+. None of the small business products at this time support any proprietary protocol that is not IEEE or equivalant. The exception to this idea is CDP which was added about 18 months ago in the MRv 1.1 releases to better integrate with the voice solutions, onplus and interoperate with enterprise networks.

The work around that we have discussed yetserday within your case is to globally disable spanning tree and set the bpdu to filtering.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

abelardocarioca
Level 1
Level 1

Hi Yitz,

I'm trying to accomplish a similar thing that you mention on your post.

I have two SG200 switches which I want to divide into 2 totally independent VLANs.

My guess was that I could create a VLAN #2 and assign  ports 1- 24 to VLAN #1 (default) and ports 25-48 to VLAN #2.

Do the same thing with the second switch.

And finally connect a cable from port 1 on switch 1 to port 1 on switch 2 and

another cable from port 25 on switch 1 to port 25 on switch 2.

For some reason, devices can bee "pinged" on the same vlan ports on switch 1 but cannot reach the devices on switch 2.

Did you manage to solve this issue?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X