cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3221
Views
20
Helpful
11
Replies

L3 - SG300-28P and DHCP

RJ RJ
Level 1
Level 1

Hello everyone,

 

I am having a bit of trouble setting up an SG300-28P set for L3 and DHCP. I will attach a basic network diagram and a very short list of my needs.

I am building a temporary network for a 1 day company event that I cannot get working in our office "Lab".

  L3 - SG300-28P connects to our provider using an SFP connection.

  I need to be able to DHCP 300+ IP addresses using the SG300-28P

My problem is, I can ping my 2 test machines(manually configured IP's) on 172.16.0.3 and 172.16.0.4 but cannot ping beyond the switch (internet). Also the DHCP is not distributing IP's for the range 172.16.0.10 - 172.16.1.200

 

VLAN 1 is set to 10.2.2.20 access port (to provider via SFP connection on port 28)

VLAN 100 is set to 172.16.0.2 access port (ports 1-26)

 

I have the WLC and WAP sorted..

 

Is all of this even possible? I know the network EQ is a bit low budget for the amount of users but for a one day company event I just do not have a the budget to purchase better switches.

 

Please excuse the crude network diagram.

 

Thank you in advance. 

 

-RJ

1 Accepted Solution

Accepted Solutions

Thank you for the reply.

With the information you have provided, it appears the only part missing is the route back from the providers device. Unfortunately there is no way around this, and no, you won;t be able to put anything in between as the device doing the NATting is the providers unit.

I think what is happening is that the traffic is actually getting to the provider side but there is no way to get it back as the provider doesn't have a route for the 172.16.x.x subnet.

Out of curiosity, why are you using a different VLAN for the devices connected to the SG300? Could you use Ip addresses on the 10 subnet? If you do this, you will no need to have a route back from the provider as all the devices will be on the same subnet.

View solution in original post

11 Replies 11

cchamorr
Level 5
Level 5

Hello, 

I'm sorry you are having issues getting this configuration to work. I do have a question: 

What device is doing NAT? 

I just ask because, this switch, even on layer 3, is not able to do NAT so you won't have any internet access without a NAT device on the network.

Second, we will need to check your configuration for DHCP, but the device should be capable of providing DHCP for the specified range.

I think the most important part is the NAT issue. 

Now, if you do have a NAT device on a different VLAN, then what you need to do is to create a default route on the switch sending all the tarffic to the IP address of the NAT device (According to your diagram is something on the 10.x.x.x subnet), and on the NAT devicem you will need to have a static route pointing all the traffic destined to the 172.16.x.x network to the IP address of the switch on the 10.x.x.x subnet

Please let us know if this helps

 

Hi,

 

I was given an address of 10.2.2.20 from the company we are renting the space from. It is basically just an ethernet connection off of their existing network. 

 

Currently I have Vlan100 with the IP address of 10.2.2.20 (the IP they gave me) plugged into GE10.

I feel like this is where I am having trouble. Where do I put the 10.2.2.20? Can I have the interface not attached to a VLAN? 

Currently I am able to

ping the gateway of 10.2.2.1 from within the SG300

ping multiple IP's on VLAN 100 172.16.0.3 and 172.16.0.4

ping between the VLANS 100, 101 and 1

Hope this helps explain where I am not stuck....

RJ

Thank you for the quick reply.

This configuration should work; Lets cover a few basics to make sure the configuration is correct:

1- The switch is on layer 3.

2- You are running firmware 1.4.0.88 and boot code 1.3.5 (Important for all the features to work correctly.) Here is a link to the firmware download page just in case you need it:

https://software.cisco.com/download/release.html?mdfid=283019666&catid=268438038&softwareid=282463181&release=1.4.0.88&relind=AVAILABLE&rellifecycle=&reltype=latest

3- You have VLAN 1 with the IP address of 10.2.2.20, this will make the IP address of the switch on VLAN 1 to be 10.2.2.20

4- VLAN 100 has an IP address of 172.16.0.2

5- You are using the SG300 as your DHCP server and you are handing out IP address 172.16.0.2 as the Default gateway to all the devices on the network. (Extremely important for this to work)

6- On the switch, under the IPv4 routes, you created a default route for 0.0.0.0 0.0.0.0 sending all the traffic to 10.2.2.1

7- The last part, and I don't know if you have access to configure this, but it is absolutely necessary for this to work, is to create a static rule on your provider's device sending all the traffic directed to 172.16.0.0 255.255.0.0 to the Ip address of the switch on the 10.x.x.x subnet, which should be 10.2.2.20.

I'm very positive these are all the steps needed for this to work.

The most important things  are to setup the IP address of the switch on vlan 100 as the Default Gateway to all devices on that VLAN, to create the default route pointing to the IP address of the providers device and lastly to have that static route on the providers device sending the traffic back into the switch.

I hope this helps.

Hi,

1. Correct, Switch is on Layer 3

2. firmware 1.4.0.88 bootcode is 1.3.5.06

3. I currently have Vlan 1 set to the default 192.168.1.254 (I tried making VLAN 101 with IP 10.2.2.20 the Uplink port)

4.  VLAN 100 currently has an IP of 172.16.0.1 ( I just changed it to .2

5.  I am trying to set it up. I stopped focusing on the DHCP and am just trying to get the routing working, but yet it is currently setup

6. Yes.

7. I do not have access to the providers router and will not be able to gain access. Can I purchase something to act as the go between. something dumb that takes their IP (10.2.2.20) and NAT's it for me? (I figured this was the case that I would need access to it.

Here is my current running config

 

v1.4.0.88 / R800_NIK_1_4_194_194

CLI v1.0

set system mode router 

 

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 100-101

exit

voice vlan state disabled

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp server

ip dhcp pool network 172.16.*.*

address low 172.16.0.10 high 172.16.255.200 255.255.0.0

default-router 172.16.0.2

dns-server 8.8.8.8

exit

bonjour interface range vlan 1

hostname lw2

no passwords complexity enable

username cisco password encrypted 95bb93205b65a6a6633cafe1ef40e59e9f89f083 privilege 15

ip ssh server

ip name-server  8.8.8.8

!

interface vlan 1

 ip address 192.168.1.254 255.255.255.0

 no ip address dhcp

!

interface vlan 100

 ip address 172.16.0.2 255.255.0.0                    

!

interface vlan 101

 ip address 10.2.2.20 255.255.255.0

!

interface gigabitethernet2

 switchport trunk native vlan 100

!

interface gigabitethernet3

 switchport trunk native vlan 100

!

interface gigabitethernet4

 switchport trunk native vlan 100

!

interface gigabitethernet5

 switchport trunk native vlan 100

!

interface gigabitethernet6

 switchport trunk native vlan 101

!

interface gigabitethernet7

 switchport trunk native vlan 101

!                                                     

interface gigabitethernet8

 switchport trunk native vlan 101

!

interface gigabitethernet9

 description gi

 switchport mode access

 switchport access vlan 100

!

interface gigabitethernet10

 description UPLINK

 switchport trunk native vlan 101

!

exit

ip default-gateway 10.2.2.1

ip route 10.2.2.0 /24 10.2.2.1

ip route 192.168.1.0 /24 10.2.2.1

 

Thank you for the reply.

With the information you have provided, it appears the only part missing is the route back from the providers device. Unfortunately there is no way around this, and no, you won;t be able to put anything in between as the device doing the NATting is the providers unit.

I think what is happening is that the traffic is actually getting to the provider side but there is no way to get it back as the provider doesn't have a route for the 172.16.x.x subnet.

Out of curiosity, why are you using a different VLAN for the devices connected to the SG300? Could you use Ip addresses on the 10 subnet? If you do this, you will no need to have a route back from the provider as all the devices will be on the same subnet.

Hey,

I will need more than 300+ IP's and the 10.2.2.20 network they gave me to use is only a /24

No option to put a routing statement on the SG300 to point all traffic from VLAN 100 out using VLAN 101 (10.2.2.20) ?

 

Hello, 

I think I got it. I'm very sorry it took me a little bit of time to realize how to fix this but I think I have a solution.

What we will need is a combination SG300 plus a router.

I was trying to recommend a router from our division but they are not meant to handle more than 100 to 150 users total. so with that restriction in mind, I think that we can use the SG300 as the main router for, lets say, 250 addresses on the 10.x.x.x subnet, then, for the 50 addresses left you could connect a router to the SG300 and allow that router to do the NAT-ing for the 50 users left. You will have a double NAT situation on those 50 users but they will still be able to get online.

I used your diagram to show what I meant.

Hey cchamorr,

Look like I will be be purchasing a router after all. I managed to get it all working in a test environment using a $100 cisco WAP with NAT built it. 

 

I unfortunately need something with an SFP connection. Do you have any suggestion for a cisco router or any other device that will perform as needed.

 

 

Thanks,

RJ

Hello, 

I'm glad that you were able to get it to work.

If I'm understanding correctly you are looking for a router with an SFP connection, unfortunately we don't have any router on the small business division with those type of ports.

I'm positive you will be able to find it on the enterprise side but I don't have any training on those so I couldn't give you an idea.

Please don't forget to grade or  mark an answer as correct if it was helpful to you so that other members can benefit from it.

I hope this helps.

V K Moorthy
Level 1
Level 1

Hi,

 

Add the static route in switch for internet.By adding this configuration internet will start work.Kindly give the show tech details to review your DHCP configuration on switch.

 

regards

Moorthy

Moorthy,

 

I have everything working except for access to the internet. I believe I need another router to go between the IP given to me and the L3 switch  as it does not perform NAT as mentioned by cchamor.

 

-R

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X