cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1213
Views
0
Helpful
3
Replies

SG300 Inter-VLAN-Routing

RobertS18767
Level 1
Level 1

Hello there,

I have already looked at a plethora of threads and videos regarding this topic and I can not quiet find the solution to my problem, it is driving me nuts currently.

I have one SG300-28P with the latest firmware installed and two client PCs attached to it. Nothing more for the moment, only the SG300 operating in Layer 3 mode. No router, no other device connected - just a lab scenario. First, I switched the SG300 into layer 3 mode. I then gave it an IP adress, added VLANs and IP Interfaces for those VLANs. static IP routes got auto created. I then changed the network configuration of my clients to fit the VLANs i want them to be connected to and now my goal is to ping from one VLAN to the other but they just wont. I have seen people do videos about this and at this point they just go out and ping from one client to the other, but for me it wont work. If I was configuring a Catalyst switch there would be an Inter-VLAN-Routing window in the cisco network assistant. With the SG300 there isn't (Sorry, GUI kid here).

 

Now to be more specific:

SG300-28P running system version 1.4.11.5 in Layer 3 mode. IP 192.168.6.220 on VLAN 6, which I made the default VLAN.

Besides VLAN 6 I configured VLAN 105 (and some others that will not be used for now), 192.168.105.220 being the IP of the VLAN 105 Interface.

static routes for 192.168.6.0/24 and 192.168.105.0/24 got created, route type "local" and route owner "Directly connected".

Port 1 is VLAN 6 and Port 2 is VLAN 105 access port.

Client 1 with the IP 192.168.6.100 and default gateway 192.168.6.220 is connected to the VLAN6 access port 1 and client 2 with the IP 192.168.105.100 and default gateway 192.168.105.220 is connected to the VLAN105 access port 2.

Using the ping feature of the SG300's GUI I can ping both clients with the source ip set to "auto". The clients can ping any and all VLAN interfaces of the SG300, 192.168.6.220 and 192.168.105.220. But the clients can not ping each other from different VLANs. If I change them out to be on the same VLAN, everything works fine.

What am I forgetting? I see people create this scenario on video and it just works for them.

1 Accepted Solution

Accepted Solutions

RobertS18767
Level 1
Level 1

Hello Balaji,

 

thanks for trying to help me out first and foremost.

The output of the command is as I said, mostly auto created

 

Spoiler

SG300-28P-KR1#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

 

S    0.0.0.0/0 [1/1] via 192.168.6.254, 74:51:25, vlan 6

C    192.168.6.0/24 is directly connected, vlan 6

C    192.168.105.0/24 is directly connected, vlan 105

 

SG300-28P-KR1#

The first line is a default route which will only come into play once the switch hits production environment. Currently, this route does not reach anything and might as well be deleted. Doing that changes nothing about me not being able to ping from one VLAN to the other.

 

I took a look at the thread you linked me to. Unfortunately, like often in this forum, the might-be crucial link that was posted by Tom is expired. Looking at the solution only shows me that the original poster, while he seemed to have my exact problem, solved it by creating IP routes on an external cisco router or adding a pfsense firewall. I do not have one. I want my SG300 to do the routing and without any further hardware, enable VLAN 6 to ping devices in VLAN 105 and the other way around.

But what took my interest is that someone in that thread said that the default VLAN1 is used as the gateway to reach different VLANs and I changed my default VLAN to VLAN 6. But I dont see how that would fundamentally change things. Also I can not create any other static routes with my VLAN interface IPs being used, because the switch says that those are local adresses which are already in use.

 

I will try disabling the Windows firewall on my clients to rule that one out.

 

Edit: It was, in fact, the Windows firewall. I did not think about it since I allow the ICMP protocols by group policy and the pings worked on the same subnet, but having the clients in different networks apparently made another firewall ruleset take over. After disabling the firewall, the pings got through.

I was sitting here for almost a week questioning everything I have learned about multilayer switches and VLANs.

 

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Can you post show ip route to understand the issue or use below thread add as suggested.

 

https://community.cisco.com/t5/small-business-switches/sg300-28-inter-vlan-routing/m-p/2459569

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

RobertS18767
Level 1
Level 1

Hello Balaji,

 

thanks for trying to help me out first and foremost.

The output of the command is as I said, mostly auto created

 

Spoiler

SG300-28P-KR1#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

 

S    0.0.0.0/0 [1/1] via 192.168.6.254, 74:51:25, vlan 6

C    192.168.6.0/24 is directly connected, vlan 6

C    192.168.105.0/24 is directly connected, vlan 105

 

SG300-28P-KR1#

The first line is a default route which will only come into play once the switch hits production environment. Currently, this route does not reach anything and might as well be deleted. Doing that changes nothing about me not being able to ping from one VLAN to the other.

 

I took a look at the thread you linked me to. Unfortunately, like often in this forum, the might-be crucial link that was posted by Tom is expired. Looking at the solution only shows me that the original poster, while he seemed to have my exact problem, solved it by creating IP routes on an external cisco router or adding a pfsense firewall. I do not have one. I want my SG300 to do the routing and without any further hardware, enable VLAN 6 to ping devices in VLAN 105 and the other way around.

But what took my interest is that someone in that thread said that the default VLAN1 is used as the gateway to reach different VLANs and I changed my default VLAN to VLAN 6. But I dont see how that would fundamentally change things. Also I can not create any other static routes with my VLAN interface IPs being used, because the switch says that those are local adresses which are already in use.

 

I will try disabling the Windows firewall on my clients to rule that one out.

 

Edit: It was, in fact, the Windows firewall. I did not think about it since I allow the ICMP protocols by group policy and the pings worked on the same subnet, but having the clients in different networks apparently made another firewall ruleset take over. After disabling the firewall, the pings got through.

I was sitting here for almost a week questioning everything I have learned about multilayer switches and VLANs.

 

Hello Robert,

 

I am glad you did it! You made great progress in your knowledge of network fundamentals! 

 

Sometimes the problem might be so simple and clear that nobody sees it. 

 

Regards,

Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X