I got the SG 300-20 small business L2/L3 switch. I've read through the 325 page pdf manual and I still can't figure out how to do what I need to do. Here is my setup using example ips...
isp -> p1 (vlan 1)
workstations -> p2 (vlan 2)
isp = (22.214.171.124 subnet 255.255.255.248 gw 126.96.36.199)
workstations = (188.8.131.52.34 subnet 255.255.255.0)
I want to be able to have any workstation I put on the workstations vlan to use 184.108.40.206.34 as a gw and from there route to 220.127.116.11 and from there to the outside. Basiclly, I want to be able to route ips from two different subnets on two different vlans. I've read through the docs and so far I have vlan1 setup and vlan 2 setup fine but I have no clue how to get the routing to cross vlans. The docs say the only way to have vlans talk to each other is by routing through the vlans ip interfaces but I have no clue how. There isn't a simple step 1,2,3 chapter that gets you to route between two vlans. What am I doing wrong? I put in some IP route entries but nothing seems to work.
Thank you for participating in the support community. My name is Nico Muselle from Cisco Sofia STAC.
Let me try and guide you step by step through the configuration you would like to implement.
First of all, if you want your switch to be routing, you need to set it to layer 3 mode. You cannot do this through the web interface, so you might want to connect either through telnet/ssh, either through the console port. Keep in mind that when you change the mode from L2 to L3, the switch settings will be reset to factory defaults. (if this has already been done, please skip this step)
Secondly, you will create your vlans again like you did in your L2 configuration, and assign the VLANS to the ports. After that, you will assign an IP address to each of the created VLANs.
This being done, and clients connected to each of the VLANs, you will see that the routing table will get populated by the 2 VLANs. Now we need to add a default route to the switch 0.0.0.0 - 0.0.0.0 with the next hop being the default gateway being the IP address of your router connecting to the ISP.
We have a way out now for all traffic not intended for the local VLANs, we also need to configure a way back, so you need to add a static route in your router telling it that for all the traffic with a destination IP in the subnet of VLAN2, the next hop is the switch's VLAN1 IP address, the switch will detect the destination IP as local and route the traffic to the correct VLAN.
Makes sense ?
Sr. Network Engineer - CCNA
I’ve been having difficulties getting this to work;
I have 2 VLAN's Set up and working. my default gateway (next hop) for the router is 18.104.22.168 0.0.0.0/0 connected into VLAN1, this runs fine with DHCP via the router, and i can access/view an IP camera on VLAN 2 192.168.2.100 from VLAN1 but the real issue I’m having is accessing the internet from VLAN 2, I can ping 22.214.171.124 VLAN1 Gateway from VLAN 2 but cannot ping the default gateway on 126.96.36.199 (the apparent next hop) I can also ping any client in VLAN1 from VLAN2.
With my router do i need another subnet setup with NAT for the 192.168.2.x network to access the internet or does the switch tag the packet when it leaves the switch looking for the next hop?
And how should i configure my static DNS, should this be the local gateway address, VLAN1 gateway or the Default gateway???
Any help would be greatly appreciated
You need to switch internal routing use serial console to to activte system mode layer 3.
When changing system mode the switch will get a factory setting.
Here how I did it as well as changing default vlan id to avoid complications from vlan APs
I also turn on ssh and generate certificate that need to be done in serial console
see below for version 188.8.131.52 serial console
Add one IP address per vlan
Turn on arp proxy
Arp proxy means that the switch will answer arp request for known IP - MAC addressess
Layer 3 mode will handle switch local routing.
If you need to use 1000 Mbit jumbo frames in combination with 100Mbit they can't share vlan=collosion domain.
you need assign separate vlan and let the switch handle routning and packet defragmentation.
What i did to get
SW Version: 184.108.40.206 (Date: 28-Apr-2010, Time: 13:33:55)
Boot Version: 220.127.116.11 (Date: 08-Apr-2010, Time: 16:37:57)
HW Version: V30
Howto configure a New Switch with Layer 3 and default vlan id of 63
menu 1,9 reboot to factory defaults
Menu 4 system mode layer3
Set new password
Vlan ID 63
Backup running to startup
Menu 1,10 reboot system
PING sw2 (192.168.127.14) 56(84) bytes of data.
From qice (192.168.127.17) icmp_seq=2 Destination Host Unreachable
qic:> ip addr add 192.168.1.253/30 dev eth1
[root@qic ~]# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
From 192.168.1.253 icmp_seq=2 Destination Host Unreachable
No default IP address in Layer3 and no DHCP
No IP -> no Web
Menu 1, 6, 1 ,1 IPv4 Address-add
IPv4 Address: 192.168.127.14
Subnet Mask: 255.255.255.0
DHCP Client: ENABLE
Interface Type: VLAN
Interface Number: 63
Menu 1, 6, 4 HTTPS Configuration
HTTPS Server: ENABLE
HTTPS Server Port: 443
HTTPS Certificate: IS ACTIVE
Menu 1, 6, 3 HTTP Configuration
HTTP Server: DISABLE
Can't change default route when address is DHCP
Menu 1, 6, 6. IPv4 Default Route
Next Hop IP Address: 192.168.127.127
No such instance ?
IPv4 address/Host Name: 192.168.127.127
Statistics: 4 packets transmitted, 4 packets received, 0 percent
round-trip (ms) min/avg/max = 0/5/20
Configs for SNMP and secure connections
Menu 1, 2. General System Information
System Contact: email@example.com
Host Name: sw2
System Location: xxxxxxx
Menu 1, 2, 3, 1. SSH Server Configuration
SSH Server: ENABLE
Menu 1, 2, 3, 3. SSH Crypto Key Generation
Menu 1, 2, 3, 4. SSH Keys Fingerprints
RSA Fingerprints 11:09:6e:6c:26:f4:e5:b3:e4:34:fe:5c:3e:df:f2:33
DSA Fingerprints 72:4d:05:ed:44:5d:f2:8a:fe:80:bc:d7:71:80:67:d1
Menu 1, 2, 3, 4. SNMP Configuration
Menu 1, 3. Username & Password Settings
Menu 1, 4, 1. SSL Certificate Generation
Public Key Length 1024
Menu 1, 4, 2. SSL - Show Certificate
Issued by : C=SE
Menu 1, 7, 1. Upgrade / Backup (IPv4)
Source File: running-config
Destination File: startup-config
Add VLAN x y
Use serial to add vlan IP address and default route
Use web for rest.