cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SG300-10 as unmanaged switch

axure
Beginner
Beginner

Hi there,

I'm new to configure network switches and routers so please be thoughtful with my potentially dumb questions.

 

Here is my problem:
The SG300 switch I'm using has to two use-cases and the user shall be able to choose the use case and not be involved in the configuration process of the SG300. 

The first use case has a subnetwork which has to be able to communicate with many other subnetworks but only one at the time. E.g. A computer with the address 10.0.1.162/29 has to be able to talk to another computer with ip 10.0.1.2/30. For this I defined VLAN 1 with ip 10.0.1.161/29 and VLAN 10 with ip 10.0.1.1/30. Assigned each VLAN to the correct interface and it worked.

The second use case is much simpler since the the SG300 should just work like an unmanaged switch. However, I'm not sure how to set this up correctly such that I'm still able to access the CLI via an ethernet connection. The simplest configuration would just be to remove the IP address vom VLAN 1 and assign it to all ports but then only managed to access the SG300 via console cable.

 

The connection via ethernet is needed since the configuration should be switched by a computer only connected via an ethernet cable to the SG300. 

Is there a better way to configure the SG300? Thank you in advance for any advice

 

6 REPLIES 6

luis_cordova
VIP Advisor VIP Advisor
VIP Advisor

Deepak Kumar
Advocate
Advocate

Hi,

Here is the Admin guide and it will guide you more. You can use the CLI or GUI:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

fmarshall
Beginner
Beginner

OK.  So first I'll paraphrase your situation and requirements as I understand them.

I presume you're using the switch in Layer 2 mode.  Is that right?

Also, it seems that the two modes will be used without recabling the switch to various computers.  Is that right?

 

"An Ethernet connection will be used so the configuration can be switched by a management computer."

 

This requirement, plus the 2 modes, suggests 3 VLANs to me.  We shall see.....

One thing I'd advise is that the "IP Address" for the switch isn't exactly what one might expect.  It's best to view the "switch IP address" as the "management interface address" and that's all.  So, in some sense, it could be *anything* and not at all related to any of the attached device's addresses.  You could switch all manner of devices and then use an entirely separate IP address for management.  So, it's not really an issue on the switch side of things.

 

"The first use case involves a subnetwork which has to be able to communicate with many other subnetworks but only one at a time. E.g. A computer with the address 10.0.1.162/29 has to be able to talk to another computer with ip 10.0.1.2/30. For this I defined VLAN 1 with ip 10.0.1.161/29 and VLAN 10 with ip 10.0.1.1/30. Assigned each VLAN to the correct interface and it worked."

Well, of course it would be typical to assign an interface to at least one VLAN but the IP address only applies to the management IP address and is tied to a VLAN - that is, it is present on that one VLAN. So that's how you reach it.  The other VLANs don't care about IP addresses as communication is via the MAC layer.

I don't know how you assign an IP address to multiple VLANs - but you certainly can USE a VLAN for one subnet or more.  What is it that you did here?

Here perhaps one VLAN for management and two more VLANs for the connectivity you want.  The network architecture is a bit fuzzy and the overlapping subnets is a concern.

 

"The second use case is much simpler since the the SG300 should just work like an unmanaged switch. However, I'm not sure how to set this up correctly such that I'm still able to access the CLI via an ethernet connection. The simplest configuration would just be to remove the IP address vom VLAN 1 and assign it to all ports but then only managed to access the SG300 via console cable.

 

The connection via ethernet is needed since the configuration should be switched by a computer only connected via an ethernet cable to the SG300. I would likely set up a VLAN, associated it with switch management and give it and IP address so either GUI or CLI interfacing can be done.  I might assign this VLAN to 2 ports on the switch and only use those ports for management access.  (2 ports for redundancy).  Then I'd cable the management computer(s) to one of those ports.  But there are any variety of approaches that might best fit your objectives.

Then I'd use all the other ports on one VLAN for the intended switch function.

I don't understand the emphasis on "unmanaged"... ?

Hi @fmarshall

Thank you for your long reply. I'll try to answer your questions but it seems I need to learn a lot to understand whats going on exactly. ;)

 

The SG300 is actually in L3 mode (running-config: set system mode router)

There are actually only two ports used on the SG300. One for either communication side one of which also needs to remotely access the switch and reconfigure it and this is why the unmanaged case gives me a headache. I still need to have a 'management interface address' in this case to be able to login to the CLI through SSH. However, I don't really understand how I can set such an address unrelated to the VLAN's I define. So far I defined a VLAN per subnet. Maybe an excerpt of my running config can help:

 

...
set system mode router 
...
vlan database
vlan 10 
exit
...
!
interface vlan 1
 ip address 10.0.1.1 255.255.255.252 
 no ip address dhcp 
!
interface vlan 10
 ip address 10.0.1.161 255.255.255.248 
!
interface gigabitethernet1
 switchport mode access 
...
!
interface gigabitethernet6
 switchport mode access 
 switchport access vlan 10 
...

This case lets computers in the two subnets talk to each other. So far so good and this setup also works and I can access the switch with either IP defined for the VLAN. 

And my problem really starts here when e.g. the computer, with IP 10.0.1.2 connected to port 1 of the switch, should now change the use case and make an unmanaged switch out of it. The running-config would look something like this i guess:

...
set system mode router 
...
!
interface gigabitethernet1
 switchport mode access 
...
interface gigabitethernet6
 switchport mode access 
!
...

I can execute such a configuration from the computer with IP 10.0.1.2 but would immediately loose connection to the CLI and there is no obvious way anymore to connect via SSH. Is there a way to define a 'switch management IP' independent of the VLAN and port configuration? I guess there isn't or does the 'default' VLAN 1 have a default IP which is always accessible if not defined differently?

 

After thinking longer about it, configuring the system as unmanaged does not seem to be the best way to do things. Maybe I have to create more "use case'-configuration for all different possibilities during the unmanaged case.

This idea just came to my mind since in one case I have to allow communication between two disjoint subnets and in the other situation both computers with the same physically connection and cabling are in the same subnet and have to talk to each other.

 

Does this make my problem a bit clearer?

Well, I have no experience with using L3-configured switches.  There's a reason for that:

I prefer to be able to consider the network in an understandable topology.  Mixing switching and routing departs from that idea.  I've not found situations where this seemed to be a hindrance.  Using VLANs departs from this objective but I do it for VOIP in order to preserve wiring and to add fewer switches to the core infrastructure.

That's not to say that you don't have a reason for using L3.  It may be routing between the subnets.  But that can generally be done at the gateway level of the topology - albeit with more traffic overall perhaps.

 

Consider this:  "a network with nothing but unmanaged switches and all the complicated configuration in the router(s)".

Then a switch can be used without regard for ports, etc. and a wider set of folks can help out.  Also, you don't need a diagram or port list for *yourself*.

I depart from this in order to implement mirror ports - and usually standardize on Port 1 for the mirror port destination.  

So, I would rather set a route in the gateway that directs traffic for the "other" subnet to a particular router port under the assumption that the subnets are physically separate.  I realize this may not be the case.

I don't understand what makes the CLI inaccessible in your case.

I have seen routers which could be accessed for management from ANY subnet/VLAN.  I must admit that I was a little surprised.  At least I'd expect the management interface to be accessible from ONE ip address - and that may dictate a particular port(s).

 

Here's a thought:

 

Either you expect to manage "in band" using an existing subnet or your expect to manage "out-of-band" using a workstation that's on a separate subnet.

In the first case, you assign the selected VLAN for management and that's all you need to do.

In the second case, you establish a 3rd VLAN (I would recommend VLAN1) with whatever IP address matches the management workstation(s) subnet and assign management to that VLAN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: