cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


3645
Views
15
Helpful
6
Replies
rdgengineering
Beginner

SG 300 Set-up

Hi,

I have recently purchased 2 SG 300 switches, 1 x SG 300 52 & 1 x SG 300 10, and I am hoping someone can help me in getting the following set-up working.

To assist I have drawn the following simple network diagram (below) which hopefully makes it a little clearer what I am trying to do:

Basic Diagram.jpg

I have 2 companies occupying a single office with the requirement to share printers/devices etc... so basically I am looking to set-up 2 VLANS (say VLAN 10 & VLAN 20) with inter-vlan routing. To add a little complexity the main comms area is located in the basement of the building, this houses the 2 DSL routers and 2 Servers, one for each company. I am proposing putting the SG 300 10 port switch in here and then use the 3 uplinks I have been given to connect back to the SG 300 52 which is in a patch cabinent 2 floors up. I want to use 2 uplinks (in a LAG) for Company A and 1 uplink for Company B. FYI. DHCP is being served out by each respective router.

Some things I am trying to understand are:

Should both switches be in Layer 3 mode or just one of them, if one which one?

What IP's should the switches have?

How do I get VLAN 10 & 20 to route to their respective DSL gateways for internet access?

Many thanks in advance for your help!

Colin.

1 ACCEPTED SOLUTION

Accepted Solutions

Colin,

You're getting close,

The clients will keep their pervious setting, so you won’t have to make any changes to them.

One SG300 switch will be in layer 3 mode, this will route between both companies.

So in the layer 3 switch each vlan will have an address within it’s company’s subnet

Company A = Vlan1 10.0.2.254 (this can be any address you specify)

Company B = Vlan2 192.168.102.252 (“” “”)

Now you will need to create one static route in Company A router looking like this,

Destination IP = 192.168.102.0

Dest Netmask = 0.0.0.255 (reverse mask)

Gateway = 10.0.2.254

Now you will need to create a static route in Company B router

Destination IP = 10.0.2.0

Dest Netmask = 0.0.0.255 (reverse mask)

Gateway = 192.168.102.252 (this will be vlan on layer 3 switch within that segment)

After completing these few steps you now should be able to route between both companies’s

If you don’t want to allow all traffic, then you will have to create ACL’s to allow and deny specific traffic.

Really don't matter which switch you use a layer 3.

Thanks,

Jasbryan

View solution in original post

6 REPLIES 6
jasbryan
Frequent Contributor

Colin,

First Question - you only need one switch running in layer 3 - since each segment will have its own respective router - The only job of the switch in layer 3 mode is to route between each company.

Second Question - each company network will flow normally out its respective router. Now since we have a switch at the back plane with two separate vlan interfaces with addressed: this will be our gateways across to each company segment. We can set a static route in company (A) router to point back to switched vlan interface,

Route would look something like this,

Company A router

Destination IP - 192.168.102.0

Subnet - 255.255.255.0

Gateway - 10.0.2.250 (Company’s (A) vlan interface on Layer 3 switch)

Company B router

Destination IP - 10.0.2.0

Subnet - 255.255.255.0

Gateway - 192.168.102.250 (Company's (B) vlan interface on layer 3 switch)

Next make sure everything is routing correctly, now you will have to start setting up ACL (access control list) to allow or deny what traffic you want to cross over the Layer 3 switch.

That solution should work for you,

Hope this helps,

Jasbryan

jasbryan
Frequent Contributor

Colin,

Also if you need faster assistance you can give SBSC @ 1-866-606-1866 and open a support case and have next available engineer assistance with your configuration.

Thanks,

Jasbryan

Thanks for your help Jasbryan, I think I've got it now. Just for my own clarity I assume in the setup you describe:

Clients on each VLAN will have each Routers IP (not the Layer 3 VLAN interface) set as their default gateways i.e.

VLAN 10 (Company A) Clients

IP: 10.0.2.0

Mask: 255.255.255.0

D/G: 10.0.2.1 --> Company A Router

VLAN 20 (Company B) Clients

IP:192.168.102.0

Mask: 255.255.255.0

D/G: 192.168.102.254 --> Company B Router

and with this being the case a request to another VLAN will traverse to the respective router and then come back along the static route to the L3 switch - is that right?

With all things being equal does it matter which switch is in Layer 3 mode? Would it better for the SG 300 10 or the SG 300 52 to be the Layer 3 switch in this set-up?

Thanks again.

Colin.

Colin,

You're getting close,

The clients will keep their pervious setting, so you won’t have to make any changes to them.

One SG300 switch will be in layer 3 mode, this will route between both companies.

So in the layer 3 switch each vlan will have an address within it’s company’s subnet

Company A = Vlan1 10.0.2.254 (this can be any address you specify)

Company B = Vlan2 192.168.102.252 (“” “”)

Now you will need to create one static route in Company A router looking like this,

Destination IP = 192.168.102.0

Dest Netmask = 0.0.0.255 (reverse mask)

Gateway = 10.0.2.254

Now you will need to create a static route in Company B router

Destination IP = 10.0.2.0

Dest Netmask = 0.0.0.255 (reverse mask)

Gateway = 192.168.102.252 (this will be vlan on layer 3 switch within that segment)

After completing these few steps you now should be able to route between both companies’s

If you don’t want to allow all traffic, then you will have to create ACL’s to allow and deny specific traffic.

Really don't matter which switch you use a layer 3.

Thanks,

Jasbryan

jasbryan
Frequent Contributor

Colin,

Also if you're registered user , then you should be able to look up my e-mail if you want to e-mail me directly

Jasbryan

Thanks again Jasbryan, think I've got it now! I will be adding ACL's after I've got all the routing working, I spotted another post on the forum that explained this pretty well so I don't think I will have any trouble with that.

I have the pleasure of setting this up this weekend, so hopefully I will get it all working by Monday.

Oh and thanks for the offer of emailing you directly, I will definitely do so if I get stuck!

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?