I'm configuring a new SG350-28P, running with the latest frimware (18.104.22.168).
Layer 3 is supposed to be already active (default settings); I cannot find any choice (Layer 2 / Layer 3) as found on SG300 series.
I have a default router : 192.168.1.1
I configured the following VLAN :
- VLAN 1 : IP 192.168.1.2 / 255.255.255.0
- VLAN 20 : IP 192.168.20.1 / 255.255.255.0
In the IP Configuration -> IPv4 Interface -> IPv4 Routing is enabled.
I configured the following IPV4 Static Route :
|Destination IP||Prefix Length||Route type||Next Hop Router IP||Metric||Outgoing Interface|
From VLAN1 (the switch itself, and any device connected to VLAN1), I can access the Internet.
The IPV4 Forwarding Table contains :
|Destination IP||Prefix Length||Route type||Next Hop Router IP||Route Owner||Metric||Admin. distance||Outgoing Interface|
Problem from VLAN 20 is :
- I can ping the local switch interface 192.168.20.1
- I can ping the VLAN1 switch interface 192.168.1.2
- I cannot ping the default gateway 192.168.1.1
- And I cannot ping anything on the Internet (of course)...
Do you have any idea to solve this issue please ?
Thanks in advance for your help.
Does the router (192.168.1.1) have a route back to 192.168.20.0 /24 via 192.168.1.2 ?
If it is a siply router, then chances are you will not be able to add IP routes to it. So you will need to NAT 192.168.20.0 /24 (and any other VLANs you add to the SG350) onto 192.168.1.0 /24 . The problem is the SG350 does not support NAT.
...so you need a NAT device to sit between the router and SG350.
Let us know where you get stuck above.
Thanks for the answser.
The switch itself is a L3 ! It must do the routing (if not, what does L3 mean) ?
Event with the router disconnected, there is no inter-vlan routing.
From a PC in one VLAN, I cnnot ping a PC in the other VLAN (but I can ping the interface in the other VLAN).
The route has been added, as suggested.
From VLAN1, the packets are routed to the SG350, and then dropped.
- Source of the tracert : PC 192.168.1.182
- Destination of the tracert : PC 192.168.20.101
- Hops :
* 192.168.1.1 (router)
* 192.168.1.2 (SG350)
* then, nothing, no internal routing in the SG350
My old SG300 switches can do that !!
The interVLAN routing is automatic ! Even without any router.
What are the devices you have connected to the SG350? Are they windows machines? By default the windows firewall will not respond to ping requests.
Can two devices in the same VLAN ping each other?
Yes, they are Windows PC, and they can ping each-other when they are connected in VLAN1.
I added the route in the router : Destination 192.168.20.0 /24 - Gtw 192.168.1.2
The router itself can ping the SG350 VLAN20 interface 192.168.20.1.
But, it cannot ping the PC in VLAN20...
Tracert show the (ping to VLAN20 PC) is routed to 192.168.1.2 (SG350) but... no further.
I assume you are using 192.168.20.1 as your default gateway for your client PCs. It would not work for me a couple of years ago when I tried to use 192.168.1.2 as my default gateway for all the other VLAN clients.
Yes I have done this on my SG300-28 L3 switch. I figured out I like a separate router VLAN for my for connection to the router. I use a point to point VLAN for my router VLAN. You might try using a separate router VLAN to see if it works.
Have used both the Cisco RV320 and RV340 routers and they work fine.
Would you be willing to share your running config with me? I have a Cisco 1921 and a SG300-28. I have spent days trying to get router on a stick to work and I am missing something. I would just like to see a working example.
Thanks for your time.
Virtual LANs (VLANs) divide one physical network into multiple broadcast domains. But, VLAN-enabled switches cannot, by themselves, forward traffic across VLAN boundaries. So you need to have routing between these VLANs which is called interVLAN routing.