Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9107
Views
5
Helpful
3
Replies

need help setting up a routed VLAN on a SG 300-20

dirtdevil
Level 1
Level 1

‎03-25-2011 10:38 PM

I got the SG 300-20 small business L2/L3 switch. I've read through the 325 page pdf manual and I still can't figure out how to do what I need to do. Here is my setup using example ips...

switch layout

-------------------

isp -> p1 (vlan 1)

workstations -> p2 (vlan 2)

ip layout

------------

isp = (170.4.5.5 subnet 255.255.255.248 gw 170.4.5.1)

workstations = (69.30.44.2.34 subnet 255.255.255.0)

I want to be able to have any workstation I put on the workstations vlan to use 69.30.44.2.34 as a gw and from there route to 170.4.5.5 and from there to the outside. Basiclly, I want to be able to route ips from two different subnets on two different vlans. I've read through the docs and so far I have vlan1 setup and vlan 2 setup fine but I have no clue how to get the routing to cross vlans. The docs say the only way to have vlans talk to each other is by routing through the vlans ip interfaces but I have no clue how. There isn't a simple step 1,2,3 chapter that gets you to route between two vlans. What am I doing wrong? I put in some IP route entries but nothing seems to work.

Labels:
0 Helpful
3 Replies 3

nimusell
Level 1
Level 1

‎03-29-2011 12:52 AM

Hello Victor,

Thank you for participating in the support community. My name is Nico Muselle from Cisco Sofia STAC.

Let me try and guide you step by step through the configuration you would like to implement.

First of all, if you want your switch to be routing, you need to set it to layer 3 mode. You cannot do this through the web interface, so you might want to connect either through telnet/ssh, either through the console port. Keep in mind that when you change the mode from L2 to L3, the switch settings will be reset to factory defaults. (if this has already been done, please skip this step)

Secondly, you will create your vlans again like you did in your L2 configuration, and assign the VLANS to the ports. After that, you will assign an IP address to each of the created VLANs.

This being done, and clients connected to each of the VLANs, you will see that the routing table will get populated by the 2 VLANs. Now we need to add a default route to the switch 0.0.0.0  -  0.0.0.0 with the next hop being the default gateway being the IP address of your router connecting to the ISP.

We have a way out now for all traffic not intended for the local VLANs, we also need to configure a way back, so you need to add a static route in your router telling it that for all the traffic with a destination IP in the subnet of VLAN2, the next hop is the switch's VLAN1 IP address, the switch will detect the destination IP as local and route the traffic to the correct VLAN.

Makes sense ?

Best regards,

Nico Muselle

Sr. Network Engineer - CCNA

cope.chris
Level 1
Level 1
In response to nimusell

‎05-10-2011 01:20 AM

Good Morning

I’ve been having difficulties getting this to work;

I have 2 VLAN's Set up and working. my default gateway (next hop) for the router is 81.187.174.129 0.0.0.0/0 connected into VLAN1, this runs fine with DHCP via the router, and i can access/view an IP camera on VLAN 2 192.168.2.100 from VLAN1 but the real issue I’m having is accessing the internet from VLAN 2, I can ping 81.187.174.136 VLAN1 Gateway from VLAN 2 but cannot ping the default gateway on 81.187.174.129 (the apparent next hop) I can also ping any client in VLAN1 from VLAN2.

Questions...

With my router do i need another subnet setup with NAT for the 192.168.2.x network to access the internet or does the switch tag the packet when it leaves the switch looking for the next hop?

And how should i configure my static DNS, should this be the local gateway address, VLAN1 gateway or the Default gateway???

Any help would be greatly appreciated

Regards

Chris

0 Helpful

per
Level 1
Level 1

‎05-10-2011 02:04 PM

You need to switch internal routing use serial console to to activte system mode layer 3.

When changing system mode the switch will get a factory setting.

Here how I did it as well as changing default vlan id to avoid complications from vlan APs

I also turn on ssh and generate certificate that need to be done in serial console

see below for version 1.0.0.27 serial console

Add one IP address per vlan

Turn on arp proxy

Arp proxy means that the switch will answer arp request for known IP - MAC addressess

Layer 3 mode will handle switch local routing.

If you need to use 1000 Mbit jumbo frames in combination with 100Mbit they can't share vlan=collosion domain.

you need assign separate vlan and let the switch handle routning and packet defragmentation.

What i did to get
SG300-20

SW Version:            1.0.0.27 (Date:  28-Apr-2010, Time:  13:33:55)       
Boot Version:          1.0.0.4 (Date:  08-Apr-2010, Time:  16:37:57)        
HW Version:            V30                                               


Howto configure a New Switch with Layer 3 and default vlan id of 63

Using Serial
Login
menu 1,9 reboot to factory defaults

Login
Menu 4 system mode layer3
Reboot

Login
Set new password

Menu 5,1
Vlan ID 63

Backup running to startup
Menu 1,10 reboot system

PING sw2 (192.168.127.14) 56(84) bytes of data.
From qice (192.168.127.17) icmp_seq=2 Destination     Host Unreachable

qic:> ip addr add 192.168.1.253/30 dev eth1
[root@qic ~]# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
From 192.168.1.253 icmp_seq=2 Destination Host Unreachable

No default IP address in Layer3 and no DHCP
No IP -> no Web

On Serial
Menu 1, 6, 1 ,1 IPv4 Address-add
IPv4 Address:         192.168.127.14
Subnet Mask:          255.255.255.0
DHCP Client:          ENABLE
Interface Type:       VLAN
Interface Number:     63

Menu 1, 6, 4 HTTPS Configuration
HTTPS Server:              ENABLE
HTTPS Server Port:         443
HTTPS Certificate:         IS ACTIVE


Menu 1, 6, 3  HTTP Configuration
HTTP Server:              DISABLE

Can't change default route when address is DHCP
Menu 1, 6, 6. IPv4 Default Route
Next Hop IP Address:      192.168.127.127
No such instance ?

Traffic verfied
Ping (IPv4)
IPv4 address/Host Name:  192.168.127.127
Statistics:              4 packets transmitted, 4 packets received,     0 percent
                           round-trip (ms) min/avg/max = 0/5/20

Configs for SNMP and secure connections


Menu 1, 2. General System Information
System Contact:        per@xyz.xx
Host Name:             sw2
System Location:       xxxxxxx


Menu 1, 2, 3, 1. SSH Server Configuration
SSH Server:           ENABLE

Menu 1, 2, 3, 3. SSH Crypto Key Generation

Menu 1, 2, 3, 4. SSH Keys Fingerprints
RSA Fingerprints          11:09:6e:6c:26:f4:e5:b3:e4:34:fe:5c:3e:df:f2:33
DSA Fingerprints          72:4d:05:ed:44:5d:f2:8a:fe:80:bc:d7:71:80:67:d1

Menu 1, 2, 3, 4. SNMP Configuration
SNMP:      ENABLE

Menu 1, 3. Username & Password Settings
Add users

Menu 1, 4, 1. SSL Certificate Generation
Public Key Length               1024
.....


Menu 1, 4, 2. SSL - Show Certificate
Issued by :     C=SE                                                              
  ST=Stockholm                                                                      
.....

Menu 1, 7, 1. Upgrade / Backup (IPv4)
Source File:                 running-config
Destination File:            startup-config

Reboot system


web https://sw2.x.z
SNTP
Add VLAN x y

Use serial to add vlan IP address and default route

Use web for rest.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents