cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9067
Views
10
Helpful
16
Replies

No inter-VLAN routing on SG300-52

Athena1390
Level 1
Level 1

Hello,

I have a basic configuration on this SG300-52 :

  • L3 is enabled
  • Latest Firmware is installed (1.4.0.88)
  • VLAN1 IP is 10.0.0.1 /24
  • A PC is connected to switch port 1 (with IP 10.0.0.3)
  • VLAN99 IP is 192.168.0.2 /29
  • A router is connected to switch port 49 (with IP 192.168.0.1, and Internet access from the router is OK)
  • Default gateway on SG300-52 is 192.168.0.1

 

From the SG-300 :

  • I can ping default gateway (192.168.0.1) and any Internet address, using 192.168.0.2 as Source IP
  • I cannot ping default gateway (192.168.0.1) or any Internet address, using 10.0.0.1 as Source IP
  • I can ping my PC (10.0.0.3), using 10.0.0.1 as Source IP
  • I cannot ping my PC (10.0.0.3), using 192.168.0.2 as Source IP

 

There is no inter-VLAN routing, but I cannot find how to enable it...

 

The complete configuration is the following :

SG300-52#show run
config-file-header
SG300-52
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 99
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SG300-52
username cisco password encrypted c464af817287343305cbd6493c593885695df531 privilege 15
ip ssh server
snmp-server server
ip telnet server
!
interface vlan 1
 ip address 10.0.0.1 255.255.255.0
 no ip address dhcp
!
interface vlan 99
 name WAN
 ip address 192.168.0.2 255.255.255.248
!
interface gigabitethernet49
 switchport mode general
 switchport general allowed vlan add 99 untagged
 switchport general pvid 99
!
exit
ip default-gateway 192.168.0.1

 

Do you have any idea about the issue ?

Thanks in advance for your help.

 

16 Replies 16

I figured out the problem, the unmanaged router.

SG300 doesn't have nat and so I can managed only one vlan with this router.

Thank for your support.

Aleksandra Dargiel
Cisco Employee
Cisco Employee

Hi Athena1390,

Another approach to such a design is, when the firewall does not support multiple VLANs or you would not like to forward all broadcast up to the firewall is simply to add:

1. static route on the firewall pointing out that 10.0.0.1 /24 is accessible via 192.168.0.2

2. ensure that your firewall would do NAT on the subnets which are not directly connected interfaces.

That should be the easiest solution.

Aleksandra

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X