cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13994
Views
25
Helpful
12
Replies

SG300-52 Beginner VLAN Config

gilespapworth
Beginner
Beginner

Hi Everyone,

I appreciate this is a very beginner question and there may be a few facepalms that will happen but I could do with some help.
We have just purchased a SG300-51 switch to enable our business to grow. I am attempting to setup 2 vlans (1 containing a router, the second just my pc for now whilst i test it).

  • vlan 1 (the default) obviously works fine with access to the internet.
  • vlan 2 (which is on vlan id 10) has no access to the internet.

For note, our router is managed so I have no control over this.

So for now Ports 1 - 2 are on vlan 1 under Access. Port 3 is under vlan 2 under access. I have switched port 3 to trunk but to no avail. All traffic is marked as untagged on all ports.

IP's assigned on vlan 1 are assigned from the router starting at 192.168.1.1 to x.x.1.254 (the router is at 254). The switch for vlan 1 is at 192.168.1.1.
IP's assigned in vlan 2 (by on board dhcp on the switch) are 10.0.10.1 - 10.0.10.254 (the switch setup to be 10.0.10.1).

I have a IPv4 static route of: 0.0.0.0 to 192.168.1.254.

Now i am sure I am missing something fundamental and I have been reading through article furiously to try and discover what is up, if anyone could assist and point me in the right direction I would be very greatful.

 

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Brandon Svec
Rising star
Rising star

I could be wrong, but I think he must already be in L3 mode since it appears he was able to assign interface IP addresses to both VLAN 1 and 10.

If your PC is plugged into gi3 on access vlan 10 then you need to use 10.0.10.1 as your default gateway and in your router/firewall you need a return route to 10.0.10.0/24 via 192.168.1.1

-- please remember to rate and mark answered helpful posts --

View solution in original post

12 Replies 12

Mark Malone
Mentor
Mentor

For intervlan routing and multiple layer 3 vlans the switch needs to be set in L3 mode , out of the box it comes as L2 , have you tried that yet ?

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

Thank you for responding :). Yes it is in L3 mode (first thing i did).

I have read somewhere about assigning the switch a default-gateway however I can't see it in the web UI anywhere, would this make a difference?

any update on this? 

i had to use the cli for gateway settings on my sg500's, assuming your gateway is also handling external DNS (and ensure you backup config first!)

yourSwitch#configure terminal

yourSwitch(config)#ip default-gateway 192.168.1.254

yourSwitch(config)#ip name-server 192.168.1.254

yourSwitch(config)#ip routing

yourSwitch(config)#exit

yourSwitch#copy running-config startup-config

 

ip routing is a vital step. probably going to need a reboot!

 

Hello everyone,

 

Sorry for the lack of update. Another project came up which I had to concentrate on. So now I am back to this.I will certainly try this to see if this works.

I will also be needing to buy a router for a new site so will try the other solution as well

Having just had a chance to work on this, it doesn't seem to make a difference.

It does look like the route back on the router is the key issue here.

Just for reference, the second vlan is now at 192.168.2.1 with a route to 0.0.0.0 and this is set to route to 192.168.1.254.

I will need to look at getting a router we control so that i can bridge it with the ISP controlled router.

Brandon Svec
Rising star
Rising star

I could be wrong, but I think he must already be in L3 mode since it appears he was able to assign interface IP addresses to both VLAN 1 and 10.

If your PC is plugged into gi3 on access vlan 10 then you need to use 10.0.10.1 as your default gateway and in your router/firewall you need a return route to 10.0.10.0/24 via 192.168.1.1

-- please remember to rate and mark answered helpful posts --

Thank you for responding :)

Ah ok, so some changes do need to be made on the router. I had read a few articles pointing towards this but was hoping it could be done on the switch.

As we have no control over the ISP router (the ISP manages it and won't allow me access), would it be a sensible or achievable thing to have an access point / router between the switch and the ISP provided one. So...

 

ISP Router (Managed by ISP)

|

|

Internal router (passing internet traffic to ISP router)
With internal routing for inter-vlan comms and internet traffic.

|

|

Switch, network, good stuff.

It would seem sensible to be able to make these changes on something under our control so if we need any changes done, we do not need to wait hours for it to be actioned (plus if it is slightly wrong we can action it straight away). If this is a viable solution, lots of people mention a sonic wall in their articles (which i will look up) but as the internal router is not needing to be anything hugely special (small business), is there anything i should look for before purchasing or even some recommendations. (Read lots of articles with many running a RV042?)

 

Again, thanks for all your help.

I can't think of any way around this.  The ISP router will need a return route to be able to get back to your 10.0.10.0/24 network.  I suppose a more advanced L3 switch using a routing protocol might work if the ISP router could be set to use the routing protocol, but realistically what I would recommend is to use your own firewall/router and the ISP put their box in bridged mode.  This way you have full control of your network.

 

How many users and how much throughput do you need?  Cisco Meraki has some really nice gear that would do the trick.

 

 

-- please remember to rate and mark answered helpful posts --

At the moment we are looking at around 25 - 30 users. Large majority of those will be on WiFi just due to portability. A couple of vlans to separate off certain department machines and at least one shared vlan for printers and other common equipment.

I think so long as we can put our own router / firewall in the middle and have full control over it, that suites fine. I loath having to contact the ISP everytime i need a port opening or an IP reserving.

I'll have a chat to the ISP to make sure they can provide what we need and then it's back to the purchasing board.

Thank you so much for your help

Check out Cisco Meraki MX64.  It is a great value for that size and has a lot of nice features you should appreciate.  Good luck.

-- please remember to rate and mark answered helpful posts --

Thanks for the response. I will soon be giving this a go so will let you know how it all proceeds.

Hi Brandon,

Just so that you know (and after a loong time) a RV320 router in bridged mode with the correct static routes works a treat.

There is a speed issue I am dealing with but that is something that i can deal with.

Thanks all for your help and sorry it has taken so long to mark the correct answer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: