cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


7200
Views
10
Helpful
16
Replies
Athena1390
Beginner

No inter-VLAN routing on SG300-52

Hello,

I have a basic configuration on this SG300-52 :

  • L3 is enabled
  • Latest Firmware is installed (1.4.0.88)
  • VLAN1 IP is 10.0.0.1 /24
  • A PC is connected to switch port 1 (with IP 10.0.0.3)
  • VLAN99 IP is 192.168.0.2 /29
  • A router is connected to switch port 49 (with IP 192.168.0.1, and Internet access from the router is OK)
  • Default gateway on SG300-52 is 192.168.0.1

 

From the SG-300 :

  • I can ping default gateway (192.168.0.1) and any Internet address, using 192.168.0.2 as Source IP
  • I cannot ping default gateway (192.168.0.1) or any Internet address, using 10.0.0.1 as Source IP
  • I can ping my PC (10.0.0.3), using 10.0.0.1 as Source IP
  • I cannot ping my PC (10.0.0.3), using 192.168.0.2 as Source IP

 

There is no inter-VLAN routing, but I cannot find how to enable it...

 

The complete configuration is the following :

SG300-52#show run
config-file-header
SG300-52
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 99
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SG300-52
username cisco password encrypted c464af817287343305cbd6493c593885695df531 privilege 15
ip ssh server
snmp-server server
ip telnet server
!
interface vlan 1
 ip address 10.0.0.1 255.255.255.0
 no ip address dhcp
!
interface vlan 99
 name WAN
 ip address 192.168.0.2 255.255.255.248
!
interface gigabitethernet49
 switchport mode general
 switchport general allowed vlan add 99 untagged
 switchport general pvid 99
!
exit
ip default-gateway 192.168.0.1

 

Do you have any idea about the issue ?

Thanks in advance for your help.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Anthena1390

 

My email will be iarroyo@cisco.com. When you respond back to the email can you let me know what devices will be communicating on VLAN 99. Is there a major reason for SG300 to pass DHCP as suppose your router? Well i would like to attach some screenshots, they will show you how to properly configure a P2p link, assign DHCP pools, how to properly add default routes. Send an email and lets get your issue resolved.

View solution in original post

16 REPLIES 16
Ismael Arroyo
Beginner

 

Let me know if you have further questions

Hello Ismael,

Thanks for your answer.

VLAN 1 already has an IP ( ip address 10.0.0.1 255.255.255.0).
However, how can I create a default gateway for VLAN 1, as its interface (10.0.0.1) configured inside the SG300, and used as default gateway for network 10.0.0.0 ?

How could I define another gateway for this network ?

When trying to add 10.0.0.1 as gateway for it, I receive an error message "Gateway cannot be one of the addresses configured on this device".

 

Hi Athena1390

 

If you have assigned ip address for VLan 1 under Ip Configuration>>>Ipv4 Interface. Then its all set for an SVI and DG. Instead of using the SG300 ping tool. Can you ping from vlan1 and vlan 99 on 2 different PC'? 

 

Hi Ismael,

Yes, 10.0.0.1 has been assigned to IPv4 Interface of VLAN1.

No, I cannot ping from one VLAN to the other.  Even the SG300 interface cannot be reached from the other VLAN (I cannot ping 10.0.0.1 from NW 192.168.0.0 and vice-versa).

I set the "Interface VLAN mode" of port 1 to "General"; and I'm now able to ping a switch port of a VLAN from another VLAN (I can ping 192.168.0.2 from PC 10.0.0.3).

But I'm still unable to ping default gateway 192.168.0.1 from PC 10.0.0.3

 

Any idea about the issue and a potential solution ?
 

Hi Anthena1390

 

Is the router's gateway and SG300 on 192.168.0.1? If this is the case you will most definitely not be able to get those pings to communicate. Router would have to be on a P2P link with a /30 on its own DG. If you provide me an email i can send you several screenshots of how to get this to work. On interface 1 i believe if you have a pc on it, you would only need to set it as an access port. General port will not do any good as the pc will only understand untagged traffic.

Hi Ismael,

Router's gateway is on 192.168.0.1; and SG300 interface is on 192.168.0.2.

From the 192.168.0.2 inbterface of SG300, I can ping 192.168.0.1.   But from any other device on other VLAN, no (but they can ping 192.168.0.2).

Network 192.168.0.0 (between router and SG300) has a /27 mask.

OK, I will try to set port 1 as "Access".

Currently, the ports configuration are :

  • Port 1 : 1UP - general
  • Port 49 : 99UP - general

How can I send you a PM ?

Hi Anthena1390

 

My email will be iarroyo@cisco.com. When you respond back to the email can you let me know what devices will be communicating on VLAN 99. Is there a major reason for SG300 to pass DHCP as suppose your router? Well i would like to attach some screenshots, they will show you how to properly configure a P2p link, assign DHCP pools, how to properly add default routes. Send an email and lets get your issue resolved.

View solution in original post

Hi Ismael,

Thanks a lot four your help, it work much better now.
From every VLAN, I can now reachthe Internet.

However, I cannot ping from one VLAN to another.
I can ping every SG300 interface from every VLAN, but I cannot reach the PC installed in the VLAN itself (except for the WAN (default gateway) VLAN).

Therefore, routing via the default gateway works fine, but routing from 1 VLAN to another not.

How can this issue be solved ?

Thanks in advance for your help.

Ping from other VLAN were blocked by local (PC) Firewall.

I allowed the PC to answer ICMPv4, and it works !!!

Hi,

I have the same problem, you can help me pubblishing the solution,  please.

thank you in advance.

 

Hi auhcec001,

 

I followed the step-by-step configuration example.

http://networklessons.com/switching/cisco-small-business-switch-vlan-configuration/

And, it works to provide Internet access for each VLAN.

However, the VLAN to VLAN routing remain a problem...

Hi Athena1390,

thank you for your reply.

I have no internet access in one vlan.

where can I find how to assign ip route ?

 

Try this :

1) Connect 1 device in this VLAN and check its IP and gateway (his VLAN interface IP)

2) Add a default-gateway in the IPv4 configuration menu of the SG300 :

  • Destination : 0.0.0.0
  • Mask : 0.0.0.0
  • Next hop : your router internal IP

 

Hope this help