Accepted Solutions
Hi Jarey,
Are you sure you want to do this on the switch as opposed to the router? Are you going to use static IP addresses for the vlans or do you want your router to issue DHCP?
To proceed, using the switch for inter-vlan routing, make sure the SG300 is in layer 3 mode.
1. If you are currently in layer 2 mode, open a CLI connection and issue command:
set system mode router
Take note that this will delete your current config and the switch will reboot.
2. Create the vlans on your switch under VLAN Management -> create vlan
3. Go to IP Configuration -> ipv4 interface and assign each vlan a static IP for the switch in the subnet for the new vlan
4. Vlan Management -> Interface settings. I would leave all the ports as trunk ports, or change the ports to trunk if you have previously changed them.
5. Vlan Management -> Port VLAN membership. Assign your vlans to the appropriate ports.
6. When everything is all plugged in, you should be able to see the switch created static routes for you already under IP Configuration -> IPV4 static routes. Make sure all your subnets are there and are showing route type local
7. You may need to add a route such as 0.0.0.0 with the next hop being your router
At this point, you should be up and running, with all vlans connected to each other and to the internet.
If you want to restrict access across the vlans, you'll have to create access control lists.
You need to first create an ACL (Access control -> IPV4 based ACL) and give it a name. then go over to IPV4 based ACE where you put the actual access control rules.
This is a sample set of rules I made, it will block all access between two subnets (each vlan you created above will have to be its own subnet) and allow certain traffic such as 3389 - remote desktop, etc. You'll need to customize based upon your needs and subnet IPs. So for ex, to allow the Xboxes to access the file server, rather than any - any, you put the xbox subnet or specific IPs as the source, the file server as the destination, and the ports used as source ports. Remember to make the converse of the rule as well.
Then, go to Access Control -> ACL bindings and bind the access control list to the applicable ports.
Hope that helps, good luck with your set up.
Best,
David
Please remember to rate helpful posts and identify correct answers.
Hi Jarey,
Are you sure you want to do this on the switch as opposed to the router? Are you going to use static IP addresses for the vlans or do you want your router to issue DHCP?
To proceed, using the switch for inter-vlan routing, make sure the SG300 is in layer 3 mode.
1. If you are currently in layer 2 mode, open a CLI connection and issue command:
set system mode router
Take note that this will delete your current config and the switch will reboot.
2. Create the vlans on your switch under VLAN Management -> create vlan
3. Go to IP Configuration -> ipv4 interface and assign each vlan a static IP for the switch in the subnet for the new vlan
4. Vlan Management -> Interface settings. I would leave all the ports as trunk ports, or change the ports to trunk if you have previously changed them.
5. Vlan Management -> Port VLAN membership. Assign your vlans to the appropriate ports.
6. When everything is all plugged in, you should be able to see the switch created static routes for you already under IP Configuration -> IPV4 static routes. Make sure all your subnets are there and are showing route type local
7. You may need to add a route such as 0.0.0.0 with the next hop being your router
At this point, you should be up and running, with all vlans connected to each other and to the internet.
If you want to restrict access across the vlans, you'll have to create access control lists.
You need to first create an ACL (Access control -> IPV4 based ACL) and give it a name. then go over to IPV4 based ACE where you put the actual access control rules.
This is a sample set of rules I made, it will block all access between two subnets (each vlan you created above will have to be its own subnet) and allow certain traffic such as 3389 - remote desktop, etc. You'll need to customize based upon your needs and subnet IPs. So for ex, to allow the Xboxes to access the file server, rather than any - any, you put the xbox subnet or specific IPs as the source, the file server as the destination, and the ports used as source ports. Remember to make the converse of the rule as well.
Then, go to Access Control -> ACL bindings and bind the access control list to the applicable ports.
Hope that helps, good luck with your set up.
Best,
David
Please remember to rate helpful posts and identify correct answers.
