cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


19943
Views
30
Helpful
40
Replies
Highlighted
Participant

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Can you ping 8.8.8.8? If not, i recommend a tracert to 8.8.8.8 to see how far you can get.

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi Robert,

I have run a tracert on 8.8.8.8 and I get the following:

1      *     *     * request timed out

2     *     *     * request timed out

3     *     *     * request timed out

etc

Kind Regards

Richard

Rising star

Re: Inter vlan routing on a Cisco SF 300-24 port switch No inter

Hi Richard,

What IP from your ISP are you pinging thats working?

Since you're able to ping the draytek from the vlan 4 computer, and the reverse (and access the LAN), I think your switch is config'd properly at this point, and its something with the draytek.

Best,

David

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

I have taken the WAN IP address from the WAN status page of the router, I dont want to post the IP address though for obvious reasons.

Kind Regards

Richard

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

I did a tracert on the ISP IP address and got the following:

1     *          *               *               Request timed out.

2     <1 ms   <1 ms      <1 ms       ISP IP ADDRESS   

regards

Richard

Rising star

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Thats your public ip, correct? can you ping your ISP's default gateway?

Best,

David

Sent from Cisco Technical Support iPad App

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

How do I find out the ISP's default gateway.

Kund Regards

Richard

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

Just found it, I am unable to ping the GW IP Addr  displayed on the router status page.

Regards

Richard

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

I also cannot ping the primary and secondary dns servers for the ISP.

Regards

Richard

Rising star

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Richard,

I think that you should try and get in touch with Draytek support or follow up on that end.

Check out this thread:

http://www.network-builders.com/draytek-vigor-2600-multi-nat-dmz-vlan-question-t34149.html

I emailed Draytek directly and got the following response:

a. The Vigor can only deal with one subnet. You could still use the

Vigor VLAN facility to separate the ports but you'd need two more

devices to act as the gateway for the other two subnets.

My suggestion prior to reading that would be to set up the subnet on the draytek (if the draytek has multiple interfaces) or use the draytek router to create the vlan, but you may be running into the limits of the router.

Best,

David

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

I have found this on the draytek router:

Would I have to do this here?

Kind Regards

Richard

Rising star

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Richard,

Your guess is as good as mine - I have NEVER used a draytek router. It might be time to find documentation from Draytek on this, or contact their support people.

However, if I could play with the router for a bit, I would first backup the config on the draytek if possible, or take very detailed notes of everything you change.

Then, I would enable the ip routing usage, and put the 192.168.2.254 (lets give that IP to the router, which would now be the default gateway on that subnet's machines), and leave the subnet mask as it is.

I don't know if doing that will automatically create the proper routes? But I'd like to think it does... Obviously, I can't see the rest of the configurable settings on that draytek page, or the rest of the web interface.

Best,

David

Rising star

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Richard,

Just wanted to check in and see how things were progressing. Any luck with the Draytek?

Best,

David

Beginner

Inter vlan routing on a Cisco SF 300-24 port switch No internet

Hi David,

Sorry for not getting back sooner ive been on Holiday, I replaced the Draytek Vigor 2600 with a Draytek Vigor 2830 which allowed me to route two private subnets so I have internet access on both VLAN1 and VLAN4.   

I know need to allow VLAN4 access to the mail server, fileserver and ability to RDP onto the servers in VLAN1 but deny VLAN1 computers access to VLAN4.   I am trying to do this with access control lists but am a bit lost would you be able to point me in the right direction?

Kind Regards

Richard 

Rising star

Re: Inter vlan routing on a Cisco SF 300-24 port switch No inter

Hi Richard,

Hope you enjoyed your holiday!

Are all the vlan 4 machines off the SF300?  Probably the best way to to this is to use the draytek to configure the access policies, but again, I can't be much help with the draytek.

If you want to give it a shot with the SF300:

1. In the GUI, Access Control->IPv4-Based ACL

2. Click add, name the ACL (access control list) and apply.

3. Access Control -> IPv4-Based ACE (access control element), click add

4. In the pop up now: ACEs with higher priority are processed first. I created priority 50, permit all to all.

5. Create priority 40, action deny, protocol any, source user defined (use vlan 1 subnet 192.168.111.0 0.0.0.255), destination ip, user defined, vlan 4 subnet addr 192.168.1.0 0.0.0.255 and then apply.

5. Then create permit rules for the services that you want to have access to the vlan 4, ie AD server priority 30  @ 192.168.111.xxx 0.0.0.0 permit to 192.168.1.0 0.0.0.255

6. Then go to Access Control -> ACL Bindings and apply the ACL to the ports. Edit, check the box, apply, copy settings to other ports. When an ACL is bound to an interface, its ACE rules are applied to packets arriving at that interface.

Just a note with IPv4 based ACLs, packets are checked, but others like ARP are not.

You may need to tweak the priorities, etc as needed but I hope that gives you a good enough idea. 

Let me know how it goes.

Best,

David