I have a sg300-10 switch.
i update the firmware with the last one. Everything OK.
Things are complicated when i create 2 VLAN. ( really 1 VLAN cause the first is native ).So i have the first VLAN with the interface 192.168.1.254
ans the VLAN 2 wich IP is 192.168.2.254
i'm connected with my workstation ( ip : 192.168.1.2/24 with GW 192.168.1.254 ) and i try to ping a web server on VLAN 2 ( ip : 192.168.2.2/24 GW 192.168.2.254 )
Ping is OK !
But when i try to reach any ports of the webserver : Nothing.
can anyone help me configure the switch that i can completely use it ...
Thanks Everybody in advance,
PS : My VLAN 1 is untagged on access port , and my VLAN 2 is tagged on trunk port ( cause i want to create other vlans published on this port
. ( 1UP , 2T,3T,4T )
Solved! Go to Solution.
My 2 cents worth.
I understood everything except the Tagging and untagging in your PS:
I am thinking there is some sort of personal firewall on the webserver that is stopping access to the webserver from anything other than devices in VLAN2.
I guess IP Hosts in VLAN2 can get to the webserver with no problem.
First thing I would do on the web server device is to be absolutely absolutely sure that there is no firewall software restricting access to the webserver.
Seems like the firewall or filtering on the webserver allows ICMP . This makes sense as it then allows you to test ping from the webserver.
So again look carefully for firewall software or filters on the webserver.
i'm working on my issue...and now i can tell you that : ( considering i work on SG300-10 )
i have 6 VLAN's :
VLAN1 : 192.168.1.254
VLAN2 : 192.168.2.254
VLAN3 : 192.168.3.254
VLAN4 : 192.168.4.254
VLAN5 : 192.168.5.254
VLAN6 : 192.168.6.254
I have 10 ports : GE1 to GE10
All Ports are in TRUNK mode except the GE10 wich is in ACCESS mode.
i put GE1 to GE4 with 5 VLAN's on it like this :
GE10 with only : 1UP
on port GE2 : i plugged my ESXi server. with IP 192.168.2.1/24 gw : 192.168.2.254
i can access my ESX without any problem.
i modified my conf for port GE3 with this : 1UP,2T,3T,4T
Even i can ping my 2nd ESXi server , i can access any port of it...
So , my issue turn around : I CAN'T ACCESS ANY SERVICE WHEN I HAVE A VLAN TAGGED !
Can you help me solve this David ?
Thanks in advance,
With vlans, you can only be a member of one vlan (network). You have to send your request to a layer 3 device and that will do the routing from one network to another one.
With that in mind, all you have is whether your tagged or untagged. If your the only device communicating on that port, make it an access port member of the vlan you want to be a member of. If there is more than one (like a phone and a pc coming out the back of the device) you need one vlan untagged and the other tagged to separate the traffic.
The reason you cant access something when the port is tagged, is the port will only accept frames from that tagged vlan. Meaning you have to be tagged before you get to the port. If your not tagged, your untagged. Most nic cards will let you go into the advanced settings and tag the nic card if you have to be tagged.
So look into your design and if your wanting to put just the server on a port, make it an access port member of that vlan and you will be able to communicate on that vlan.
As long as your gateway address for your nic card is set to the switches vlan ip address you should be able to go between vlans.
With the greatest of respect, I really get the idea that you need lots of help to understand how VLANing works.
If a PC is connected to a switch port that is a member of VLAN3 , in other words it starts with IP address 192.168.3.x and you want it to communicate with other IP hosts in the 192.168.3.x network. If the PC has not has it's ethernet port modified to be a tagged member of VLAN 3 then the switch port should be a untagged member of VLAN3.
I think you are having much difficulty understanding how VLAN tagging works, configuring 1UP,2T,3T,4T on each port isn't working. VLAN tagging and the whole idea of VLANs isn't a easy concept to grasp, so to help us.
Again, use paint or some simple way to create the diagram,. even a scanned piece of paper with a clear diagram would be good.
I think between David Carr and myself we can lead you in the right direction to a successful conclusion..
i'm a little bit disappointed to read this :
"With the greatest of respect, I really get the idea that you need lots of help to understand how VLANing works."
I've been working on VMware virtualization and drawing architecture (including network ones) since 2004 , and i DO understand what is VLAN, you can be sure of this.
I (try to) explain my issue on a very small cisco stuff ( SG300-10 ) ...
What you don't seem to understand, is that in a very normal configuration it doesn't work.
i continue investigating and i finally find the issue... : Problem on the hardware (tagging) , confirmed by Cisco guys in France and many engineer in my office...
So , i suggest before you gave lesson to people who are in need, that you think before you right, even it starts with a good willing....
Thanks for your understanding,
I don't know peoples expertise on this posting, I apologies that I may have worded my response ijn such a way that you took offense. Not my intention.
I could not figure from a description of 1UP,2T,3T,4T on each port how your devices were connected, my intention was to get a network diagram..
Apologizes for offending you, I suppose I was too direct in my request, but I'm glad your application is up and running.