Showing results for 
Search instead for 
Did you mean: 


Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


need help setting up a routed VLAN on a SG 300-20

I got the SG 300-20 small business L2/L3 switch. I've read through the 325 page pdf manual and I still can't figure out how to do what I need to do. Here is my setup using example ips...

switch layout


isp -> p1 (vlan 1)

workstations -> p2 (vlan 2)

ip layout


isp = ( subnet gw

workstations = ( subnet

I want to be able to have any workstation I put on the workstations vlan to use as a gw and from there route to and from there to the outside. Basiclly, I want to be able to route ips from two different subnets on two different vlans. I've read through the docs and so far I have vlan1 setup and vlan 2 setup fine but I have no clue how to get the routing to cross vlans. The docs say the only way to have vlans talk to each other is by routing through the vlans ip interfaces but I have no clue how. There isn't a simple step 1,2,3 chapter that gets you to route between two vlans. What am I doing wrong? I put in some IP route entries but nothing seems to work.


Hello Victor,

Thank you for participating in the support community. My name is Nico Muselle from Cisco Sofia STAC.

Let me try and guide you step by step through the configuration you would like to implement.

First of all, if you want your switch to be routing, you need to set it to layer 3 mode. You cannot do this through the web interface, so you might want to connect either through telnet/ssh, either through the console port. Keep in mind that when you change the mode from L2 to L3, the switch settings will be reset to factory defaults. (if this has already been done, please skip this step)

Secondly, you will create your vlans again like you did in your L2 configuration, and assign the VLANS to the ports. After that, you will assign an IP address to each of the created VLANs.

This being done, and clients connected to each of the VLANs, you will see that the routing table will get populated by the 2 VLANs. Now we need to add a default route to the switch  - with the next hop being the default gateway being the IP address of your router connecting to the ISP.

We have a way out now for all traffic not intended for the local VLANs, we also need to configure a way back, so you need to add a static route in your router telling it that for all the traffic with a destination IP in the subnet of VLAN2, the next hop is the switch's VLAN1 IP address, the switch will detect the destination IP as local and route the traffic to the correct VLAN.

Makes sense ?

Best regards,

Nico Muselle

Sr. Network Engineer - CCNA

Good Morning

I’ve been having difficulties getting this to work;

I have 2 VLAN's Set up and working. my default gateway (next hop) for the router is connected into VLAN1, this runs fine with DHCP via the router, and i can access/view an IP camera on VLAN 2 from VLAN1 but the real issue I’m having is accessing the internet from VLAN 2, I can ping VLAN1 Gateway from VLAN 2 but cannot ping the default gateway on (the apparent next hop) I can also ping any client in VLAN1 from VLAN2.


With my router do i need another subnet setup with NAT for the 192.168.2.x network to access the internet or does the switch tag the packet when it leaves the switch looking for the next hop?

And how should i configure my static DNS, should this be the local gateway address, VLAN1 gateway or the Default gateway???

Any help would be greatly appreciated




You need to switch internal routing use serial console to to activte system mode layer 3.

When changing system mode the switch will get a factory setting.

Here how I did it as well as changing default vlan id to avoid complications from vlan APs

I also turn on ssh and generate certificate that need to be done in serial console

see below for version serial console

Add one IP address per vlan

Turn on arp proxy

Arp proxy means that the switch will answer arp request for known IP - MAC addressess

Layer 3 mode will handle switch local routing.

If you need to use 1000 Mbit jumbo frames in combination with 100Mbit they can't share vlan=collosion domain.

you need assign separate vlan and let the switch handle routning and packet defragmentation.

What i did to get

SW Version:   (Date:  28-Apr-2010, Time:  13:33:55)       
Boot Version: (Date:  08-Apr-2010, Time:  16:37:57)        
HW Version:            V30                                               

Howto configure a New Switch with Layer 3 and default vlan id of 63

Using Serial
menu 1,9 reboot to factory defaults

Menu 4 system mode layer3

Set new password

Menu 5,1
Vlan ID 63

Backup running to startup
Menu 1,10 reboot system

PING sw2 ( 56(84) bytes of data.
From qice ( icmp_seq=2 Destination     Host Unreachable

qic:> ip addr add dev eth1
[root@qic ~]# ping
PING ( 56(84) bytes of data.
From icmp_seq=2 Destination Host Unreachable

No default IP address in Layer3 and no DHCP
No IP -> no Web

On Serial
Menu 1, 6, 1 ,1 IPv4 Address-add
IPv4 Address:
Subnet Mask:
DHCP Client:          ENABLE
Interface Type:       VLAN
Interface Number:     63

Menu 1, 6, 4 HTTPS Configuration
HTTPS Server:              ENABLE
HTTPS Server Port:         443
HTTPS Certificate:         IS ACTIVE

Menu 1, 6, 3  HTTP Configuration
HTTP Server:              DISABLE

Can't change default route when address is DHCP
Menu 1, 6, 6. IPv4 Default Route
Next Hop IP Address:
No such instance ?

Traffic verfied
Ping (IPv4)
IPv4 address/Host Name:
Statistics:              4 packets transmitted, 4 packets received,     0 percent
                           round-trip (ms) min/avg/max = 0/5/20

Configs for SNMP and secure connections

Menu 1, 2. General System Information
System Contact:        per@xyz.xx
Host Name:             sw2
System Location:       xxxxxxx

Menu 1, 2, 3, 1. SSH Server Configuration
SSH Server:           ENABLE

Menu 1, 2, 3, 3. SSH Crypto Key Generation

Menu 1, 2, 3, 4. SSH Keys Fingerprints
RSA Fingerprints          11:09:6e:6c:26:f4:e5:b3:e4:34:fe:5c:3e:df:f2:33
DSA Fingerprints          72:4d:05:ed:44:5d:f2:8a:fe:80:bc:d7:71:80:67:d1

Menu 1, 2, 3, 4. SNMP Configuration

Menu 1, 3. Username & Password Settings
Add users

Menu 1, 4, 1. SSL Certificate Generation
Public Key Length               1024

Menu 1, 4, 2. SSL - Show Certificate
Issued by :     C=SE                                                              

Menu 1, 7, 1. Upgrade / Backup (IPv4)
Source File:                 running-config
Destination File:            startup-config

Reboot system

web https://sw2.x.z
Add VLAN x y

Use serial to add vlan IP address and default route

Use web for rest.

Recognize Your Peers
How would you describe your level of technical expertise?