cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


230
Views
0
Helpful
1
Replies
mallmen00
Beginner

SG250-08 vlan configuration

Hi - my goal is to configure a private network (I need it isolated to use its own DHCP server, not my cable modem/router DHCP).

 

I have this setup:

 

internet connection -> cable modem (192.168.0.0/24) -> wifi mesh router (192.168.68.0/24) -> SG250-08.

 

The SG250 has port 1 connected to the mesh router, and I have configured a static IP address (192.168.68.103).  Anything on the default VLAN1 can access the internet like it was connected directly to the mesh router or using wifi (using default gateway of 192.168.68.1).

 

I want a second VLAN, let's say 172.16.0.0/24.  I create a second VLAN2.  I want that VLAN to be able to use the uplink at 192.168.68.103 to access the internet.  To do this, my understanding is that I need intervlan routing set up.  But I also believe I need something configured so requests to the Internet on VLAN2 uses the link at port 1 to ultimately access the Internet though that default gateway.  

 

I could use some guidance as I don't understand network routing at this level well enough to decipher the documents on how to get this configured.

1 REPLY 1
Seb Rupik
VIP Advisor

Hi there,

Your issue is two fold:

Traffic from VLAN2 destined to the internet will be routed on the SG250 and forwarded on VLAN1 egressing Port1 towards the wifi-router and onwards to the cable modem. At this point the modem has received a packet with a source address of 172.16.0.0/24 (VLAN2), it will have a NAT rule probably very rigid which will only translate traffic sourced from 192.168.68.0/24, it will therefore not route VLAN2 traffic any further. Assuming NAT did work, the cable modem has no idea how to route traffic back towards VLAN2. You would need to a add a static route directing traffic towards the SG250, again this feature is probably not available.

 

What you need is a 'proper' router which will allow you to configure NAT before traffic is forwarded into VLAN1.

 

cheers,

Seb.