Hello Boris,

Boris Bahes · ‎03-07-2017

Hi!

I'm having this situation like this:

UNIFI WLAN AP <-> CISCO SG200-26 #1<-> CISCO SG200-26 #2 <-> CISCO SG300-10SFP <-> CYBEROAM CR100ING

The idea is to have clients connect on UNIFI WLAN AP to Guest SSID which is set to VLAN 10 and have this VLAN limited internet access on CYBEROAM CR100ING.

CISCO SG200-26 #1

GE10: connected to UNIFI AP

GE26: "uplink" to CISCO SG200-26 #2

CISCO SG200-26 #2:

GE13: "uplink" to CISCO SG200-26 #1

GE25: "uplink" to CISCO SG300-10SFP

CISCO SG300-10SFP:

GE5: "uplink" to CISCO SG200-26 #2

GE10: "uplink" to Cyberoam CR100iNG

Cyberoam CR100iNG:

The problem is that when I connect to SSID I don't even get IP address from DHCP for that VLAN.

I have even made port 10 access port for VLAN 10 on CISCO SG200-26 #1:

and connected PC to this port but even then I don't get IP address from DHCP.

What am I doing wrong?

Thanks for help!

jonrodr2 · ‎03-10-2017

Hello Boris,

I hope you are doing well, my name is Jonathan and I am one of the Engineers here at Cisco's Small Bussines, as i understand the problem with this configuration, you are not getting the correct ip address for vlan 10, it seems that the configuration you are trying is correct, the vlans should be 1U,10T for the uplink ports connecting the different networks, so with this in mind you tested as well an access port on the first sg200. with this in mind let me know the following.

-have you tried to check with a pc directly to the sg300 as we might not be getting an ip to that switch as well, so if you put an access port on the sg300 let me know if it is happening the same

-as well, have you tested directly connected to the CR100ING i mean if you tested on the same uplink port that you are connecting the sg300, if not please try it and let me know if you get the correct ip.

-what is the current firmware version on the switches, the latest is 1.4.7.6 , if you don't have it on the units, please do the upgrade.

-as well, some cases that we have had, and that could be a similar issue, is that for example, the device connecting to the internet has to know the vlans, sometimes through a route pointing to them, and the switch in this case usually has a default route pointing to the device in this case the CR100ING

-as stated the configuration of the uplink ports seemed to be fine, so please give it a try and let me know.

thanks.

Boris Bahes · ‎03-10-2017

Thanks Jonathan for your response!

-have you tried to check with a pc directly to the sg300 as we might not be getting an ip to that switch as well, so if you put an access port on the sg300 let me know if it is happening the same

I have today. Here is the config of SG300-10SFP:

After connecting PC to port GE9, client got VLAN10 ip address correctly.

-as well, have you tested directly connected to the CR100ING i mean if you tested on the same uplink port that you are connecting the sg300, if not please try it and let me know if you get the correct ip.

I can't test this now because this uplink is for entire network, nearly 150 PC's :)

-what is the current firmware version on the switches, the latest is 1.4.7.6 , if you don't have it on the units, please do the upgrade.

They all had older firmware:

SG300-10SFP: 1.4.1.3

SG200-26 #1: 1.4.2.4

SG200-26 #2: 1.4.1.3

Now they all have: 1.4.7.06

-as well, some cases that we have had, and that could be a similar issue, is that for example, the device connecting to the internet has to know the vlans, sometimes through a route pointing to them, and the switch in this case usually has a default route pointing to the device in this case the CR100ING

The switches all have management vlan1 with gateway set to vlan1 gateway.

Regards!

Boris Bahes · ‎03-10-2017

I have to appologize, the mistake is solely on me.

On switch CISCO SG200-26 #2 trunk was set to incorrect port.

After I configured correct port as trunk everything worked as expected!

Thank you both for quick response!

Have a nice day!

Nagaraja Thanthry · ‎03-10-2017

Hello Boris,

To check if it is an issue with the switches, could you configure a Layer 3 interface on the SG300 and have it get an IP from the DHCP server? Also, I noticed on the CyberRoam that the interface status for the virtual interface is blank (seems like, per CyberRoam documents, it should show "Connected" with speed/duplex information). Can you please check the CyberRoam to see if the VLAN interface is setup properly? Also, you could try configuring one of the CyberRoam interfaces in the said VLAN, set the corresponding interface on SG300 as an access port, and try to see if that helps?

CyberRoam VLAN configuration Document:

https://kb.cyberoam.com/default.asp?id=1984

Thanks,

Raj

Boris Bahes · ‎03-10-2017

Thanks for your response Nagaraja!

You have sharp vision. Yes the interface for VLAN does not show Status as Connected. It's something I have contacted Cyberoam support to resolve. They stated it's old documentation and that VLAN interface does not show Status since newer firmware releases.

Since client that connected to GE9 on SG300-10SFP got IP address for correct subnet 192.168.124.0/24 I think we can be safe that Cyberoam part of configuration is correct and that SG300-10SFP is also correct. Now I have to check SG200-26 configurations again.

Regards!

Karamelos · ‎04-16-2018

It's ok we solved it

SG200 VLAN configuration