cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1373
Views
0
Helpful
5
Replies

SG300 routing problem

sdboer1978
Level 1
Level 1

I have the following setup:
- A Cisco EPC3928 cable modem router, with ip 192.168.178.1, connected to the internet
- A Cisco SG300-10 connected on GE9 with the Cisco EPC3928 on port 1

This is my configuration of the SG300:

----------------------------------
config-file-header
switch30ea60
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router

file SSD indicator excluded
@
vlan database
vlan 10
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switch30ea60
username cisco password encrypted 000000000000000000000 privilege 15
ip ssh password-auth
ip ssh-client server authentication
!
interface vlan 1
 ip address 10.0.0.1 255.255.255.0
 no ip address dhcp
!
interface vlan 10
 ip address 10.0.10.1 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet2
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet9
 ip address 192.168.178.2 255.255.255.0
!
exit
ip default-gateway 192.168.178.1
----------------------------------

From a host connected on GE1 (vlan 10) I can ping:
- 10.0.10.1 (gateway of that vlan)
- 192.168.178.2 (interface GE9, connected with my internet access router)
- 192.168.178.1 (my internet access router)
- my external WAN address 

But I can't ping 8.8.8.8 (a google dns server). There is no internet connection.
A traceroute does not beyond 10.0.10.1

Pinging 8.8.8.8 from the command line on the SG300 is no problem.
From another host connected on the EPC3928 a ping to 8.8.8.8 is no problem.

I have tried it with firmware 1.3.5.58 and 1.4.0.88
What is the problem here?

5 Replies 5

Ismael Arroyo
Level 1
Level 1

sdboer1978,

 

Does your Cisco EPC3928 able to be configured for both Vlans on port 1? Do apologies the Cisco EPC3928  is not a Small business product so this is why i ask this question. Call ISP for any questions regarding this device. It would have to be aware of Vlan 10 to get traffic back to the switch. To get traffic on Vlan 10 to out to internet switch would have a default route of 0.0.0.0 point to DG of Cisco EPC3928  192.168.178.1. Hope this helps you!

It is not possible to configure vlans on the Cisco EPC3928. That's the reason why I try to create multiple vlans on a SG300, en route them through my EPC3928.

I also tried the following config:

--------------------------------------
interface vlan 2
  name "to the internet"
  ip address 192.168.178.2 255.255.255.0
!
interface vlan 10
  name "office vlan"
  ip address 10.0.10.1 255.255.255.0
!
interface gigabitethernet1
  switchport mode access
  switchport access vlan 10
!
interface gigabitethernet2
  switchport mode access
  switchport access vlan 10
!
! to Cisco EPC3928
interface gigabitethernet 9
  switchport mode access
  switchport access vlan 2
!
ip route 0.0.0.0 0.0.0.0 192.168.178.1
--------------------------------------

But this gives the same symptoms as before.

Is it not possible to route trafic through a non vlan aware router?

 

Hi,

there are two things you have to configure on Cisco EPC3928:

1. route back for vlan 10 and vlan 1, which I guess you have since you can ping from VLAN 10 host up to the EPC3928 interface

2. NATsettings which would ensure that traffic from different subnets is also going through NAT

Regards,

Aleksandra

Hi Aleksandra,

I cannot configure vlans or add routes on my Cisco EPC 3928. Its a very closes ISP box. I guess that it is a non vlan aware router. It is only my gateway to the internet.

I do not need to route traffic from the outside/internet to my network. I only need internet access on my office. Split my nat 192.168.178.0/24 in 3 vlans for office, voice, and guest-wifi, etc. And route non local trafic to my gateway 192.168.178.1.

I was on the assumption that I could realize that with a layer 3 switch like a SG300.

Is there another way I can realize this?

Regards,

Sander

hi Sander,

this can be done with layer 3 switch but more advanced firewalls might not allow it without additional configuration. since you have no access to the EPC 3928 we can only assume that this is the cause.

What you could do however is to make layer 2 isolation while keeping layer 3 subnet.

Example:

port 1 - mode general 10UP, 2U - one network

port 2 - mode general 20UP,2U - second network

port 3 - mode general 2UP, 10U, 20U - uplink port

How this works:

1. host on port 1 when initiate traffic will send this to all ports in VLAN 10 (PVID) so it will also reach uplink port

2. when traffic returns on uplink port it will be in VLAN 2 (PVID on port 3) so it would also reach port 1 since it is a member of VLAN 2 as well

3. you can share the same subnet 192.168.178.0/24 between hosts on vlan 10 and 20 thus no access to EPC is needed

4. you would not have switch management access if not directly connected to the unit

 

I works very well but how it would address your issue,

Aleksandra

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X