Its already setup with default gateways as you mentioned but forgot to mention in the forum. I updated my blog to reflect that. Thank you.

Hi sreenath,

I think your switches are in VLAN-10,pls mention the gateway for switch as 192.168.10.1

regards

VKMoorthy

Hi VKMoorthy,

                  I started this setup with 2 X L2 switches uplinked to L3. Since inter-vlanrouting is not working, to narrow down the problem, I unplugged all the L2 switches and started testing interVlan routing only on ports on L3 switch.

I really do not understand what you mean to setup default GW on a L3 switch because there is no such option in GUI. In L2 switch there is though. Once inter-vlan is working I want to setup a port gi24 on L3 switch in access mode connecting to sonic firewall ip 192.168.10.2. Please clarify.

Thank you,

S.

Hi sreenath,

pls send the topology diagram with ip address information.

regards

VK Moorthy

Hi Moorthy,

                    In my original post I only talked about L3 switch in order to isolate the problem so that we are not discusssing the trunking configuration and other possibilites. I have include the final topology diagaram which I would like to see. But as per my original post both layer 2 swithces are powered off now.

Irrespective of where my clients are connected(L2 or L3 ) these are observations.

All clients are able to ping all vlan interfaces/gateways( 192.168.x.1)

In diagram PC1(192.168.20.5) is not able to ping PC2(192.168.10.10).

Firmware file I used: 

Sx300_FW-1.1.0.73.ros

Below are the commands I used and planning to use for firewall connectivity.

------------------------

config)#ip routing

config)#interface vlan10

config-if)#ip address 192.168.10.1 255.255.254.0

config-if)#interface vlan20

config-if)#ip address 192.168.20.1 255.255.255.240

config-if)#interface vlan30

config-if)#ip address 192.168.30.1 255.255.255.0

(config)#interface ge24

switchport mode access

swithcport access vlan 80

ip address 192.168.80.1 255.255.255.0

no shutdown

(config)#ip route 0.0.0.0 0.0.0.0  192.168.80.2

------------------------------------------------------------------

Thank you,

S.

I am in time crunch and would appreciate a quick response from anyone in support.

Hi Sreenath,

I am a  Pre-sales Systems Engineer not a post sales professional, so this is my attempt to respond quickly to your request..

I tried your config in layer 3 mode on my loaner SG300-28P. 

Sure seems faster to configure this via the GUI than the CLI.

Here is some CLI  I produced for your setup, gotta admit I used the GUI to create the CLI.

Look at the VLAN section of your GUI interface, especially port to VLAN to be sure the VLANs are configured correctly. From your posting,  i'm sure you fully understand VLAN tagged and untagged terminology

Sorry,  I left yout the default route to 192.168.80.2

------------------ show version ------------------

SW version    1.1.0.73 ( date  19-Jun-2011 time  18:10:49 )

Boot version   1.0.0.4 ( date  08-Apr-2010 time  16:37:57 )

HW version    V01

vlan database

vlan 10,20,30,80

exit

interface vlan 80

ip address 192.168.80.1 255.255.255.0

exit

interface vlan 10

ip address 192.168.10.1 255.255.254.0

exit

interface vlan 20

ip address 192.168.20.1 255.255.255.0

exit

interface vlan 30

ip address 192.168.30.1 255.255.255.0

exit

interface vlan 1

no ip address dhcp

exit

hostname SG300-28P

no passwords complexity enable

username dave password mypassword privilege 15

ip ssh server

no snmp-server server

ip http secure-server

ip telnet server

interface range gigabitethernet1-24

switchport trunk allowed vlan add 10,20,30

exit

All ports except my uplink ports 25-28 are tagged for all VLANs except VLAN80

Ports G125-28 are untagged in vlan 80. It seems very different to your configuration.  I have to admit that sometimes it's just much easier using the GUI until the configuration is correct,

interface gigabitethernet25

switchport trunk native vlan 80

exit

interface gigabitethernet26

switchport trunk native vlan 80

exit

interface gigabitethernet27

switchport trunk native vlan 80

exit

interface gigabitethernet28

switchport trunk native vlan 80

exit

In this Config, VLAN1 is propagated on all switch ports Gi1-24 as untagged frames,

In this Config, VLAN 10,20,30 are  propagated on all switch ports Gi1-24  as tagged frames

In this Config VLAN80  is propagated on all switch ports Gi 25-28  as untagged frames,

Unless there is a problem with supernetting VLAN10, Layer 3 switching between VLANs should work fine.  I guess this is a example you can work from or discard

One thing also to check is to see if the IP routes come up.  In my example below, no interface routes came up because I had nothing plugged into the switch. So if nothing is connected to a particular VLAN, no interface routes will appear.

SG300-28P# show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP

SG300-28P# show ip interface

    IP Address         I/F       Type     Directed   Precedence   Status

                                          Broadcast

------------------- --------- ----------- ---------- ---------- -----------

192.168.10.1/23     vlan 10   Static      disable    No         Valid

192.168.20.1/24     vlan 20   Static      disable    No         Valid

192.168.30.1/24     vlan 30   Static      disable    No         Valid

192.168.80.1/24     vlan 80   Static      disable    No         Valid

If you have a issue, your switch is covered by a excellent warranty and you can speak to a technician to see what the problem might be,  It would be interesting to refer them to this posting.  Contact SBSC via the following URL;

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards Dave

Hi Sreenath

its very easy to configure in GUI mode.pls refer the manual for SG300 .i will provide the link for that as below

https://supportforums.cisco.com/docs/DOC-13844

or

Contact the SBSC center

tp://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards

VK Moorthy

I will test out and let you know.

Thank you.

Sree.

I apologize for not getting back. Our project was differed and I started working on the switch now. I updated firwmare to latest and setup 2 vlans with same class subnet(as per belwo release notes bug. As per my understanding ivlan routing uses proxy arp) it worked but was flaky. So gave up on L3 functionality of switch.

Problem: Proxy ARP functions for subnets sharing the same class based

network. It will not work if the subnets in question belong to 2 different class based

networks. (Bugs00130163)

Example: ARP proxy forwards requests/responses between subnets 192.168.5.0/

28 and 192.168.5.32/28 which belong to the same class based network

192.168.5.0. The same principle applies when dealing with class A or B networks.

Solution: There is no workaround.

In my L2 setup I  see performance problem as outlined below link. I would not recommend this switch to anyone.

https://supportforums.cisco.com/message/3505099#3505099

Hello Dave,

Can you outline the step in GUI to configure VLAN Ip address?

I used command line and after saying Y, the switch hangs, as below, then I have to reboot

SG300-28(config)#vlan database

SG300-28(config-vlan)#vlan 10,20,30

SG300-28(config-vlan)#exit

SG300-28(config)#int vlan 10

SG300-28(config-if)#ip address 10.10.10.1 255.255.255.0

Please ensure that the port through which the device is managed has the proper

settings and is a member of the new management interface.

Would you like to apply this new configuration? (Y/N)[N] Y

-- At this point the switch hangs. I reboot---

Thanks

Minh

Three years later ..

I have an SG300-20 already set for Layer 3 mode.

Firmware Upgraded to 1.4.1.03

Created VLANs and a LAG (LAG is a member of multiple VLANs). Tried throug hWeb GUI and telnet to do this:

configure interface vlan 11
ip address 10.1.1.254 /24

at this point Cisco SG 300-20 hangs

I guess it worked, but the port I was connected to the wrong VLAN. Connecting to the VLAN that was allowed to access the IP did resolve the issue.

Getting routing to work was another challenge. I think among other things that still seem mysterious, is that sometimes routing works, other times it does not. That said - it is important to make sure each vlan has an IP.