i have the following network running: see attachment. The switch has two VLANs, one for the 10. network, the other should be for the 192. network. Now i want to access 10.0.1.11 from 192.168.178.1 but i get blocked by the firewall. The switch is now in the 192.network, but i want to connect the 10.* ports directly to the router. I am grateful for every hint.
For the two to communicate, you will need to configure routing.
What you have won't work, as the 192 network is not on a common network with the router, thus the packets will be unable to be forwarded to it.
It's better to implement 'ROAS' instead.
I would also question as to why you have placed a firewall in between your network and your router?
I would recommend adding a 2nd vlan interface to your firewall, and enable inter vlan routing on the firewall.
It would be good to set a different network segment between the router and firewall,
It would look something like this.
router --> firewall vlan1 -->switch vlan1 -->192.168.178.x clients
firewall vlan10 -->switch vlan 10 --> 10.0.1.x clients
You don't say what the router or firewall models are, or the subnet masks...
The default gateways for the clients would point to the firewall, and it would do intervlan routing.
You can do intervlan routing on the switch.
set the switch in layer3 mode (this will factory reset the switch). Set up the 2 client vlans, including dhcp with default gateways for the clients pointing to the switch.
select a different network segment for the firewall to switch connection (say 192.168.180.x)
add a route, rules, and nat statements in the firewall for both networks 192.168.178 and 10.0.1.x.
add a default route in the switch pointing to the firewall.
that would look something like
router - firewall -(192.168.180.x) - switch - vlan 10.0.1.x
\- vlan 192.168.178
This would put the inter vlan routing load on the switch instead of the firewall.
you can also call in to the small business TAC and request assistance 866-606-1866 in US and Canada. These devices come with 1 year free tech support.
Hope this helps,
thanks for your replies! I have updated the topology graphic (see attachment).
VLAN 1 is for the pcs and VLAN 2 is for telephony. Ports 1-8 of the sg300-20 are in VLAN 1, and so are Ports 1-4 of each SG300-10P. Ports 9-16 of the SG300-20 are in VLAN 2, and so are Ports 5-8 of each SG300-10P. All switches are in L2 mode.
Now i can access the Gigaset T300P (10.0.1.5) from my computer (192.168.178.69), but i cannot access the ip telephones that are not on my switch, except 10.0.1.12. I get the message "No route to host" by my firewall.
I want the fritz.box to handle all 10.0.1.* traffic, but the firewall to handle all 192.168.178.* traffic. When i put my computer into the 10.0.1.* net and attach it to my switch, i cannot even acces the fritz.box.
You should configure trunks between the switches, opposed to physically connecting each VLAN end to end.
Don't remove the other physical connections though, as they can be used for aggregation/redundancy, but that's another discussion.
Have you configured the phones NIC's correctly with the appropriate GW addresses?
You need to change the IP address of your computer when you plug it into the switch, so that is on a common subnet with the Fritz.