Re: SG350 network config

InCo · ‎08-30-2019

Hi All,

I am a support engineer for a mix of home users and small businesses and have over 10 years of experience. I consider myself very skilled in this field, however managed switches like these are not something I usually tinker with.

We have recently taken over an office building, which houses numbered rooms with small business clients within each. Without boring you with loads of details, we basically purchased this Cisco SG350-28 to separate the networks so that each client has their own IP range and cannot see other users machines.

I have an old Draytek 2830n here for testing, configured with an address of 192.168.1.1.

I have configured this Cisco SG350-28 with an IP of 192.168.1.254 - turned on the DHCP server and got internet access working easily on the base management VLAN1. All config has been done via the web GUI, not via command line.

I have configured the switch as a DHCP server, set up port 8 for office 8 to give out 192.168.108.x. The same for office 9 and 192.168.109.x, and the same again for office 10 at 192.168.110.x. This all appears to work (after great difficulty), clients get the correct DHCP addresses and cannot see one another which is as we would expect.

The only step I have not managed to get working here is I believe DNS routing back to the router for internet access.

For each port I have configured the IPv4 interface to be able to access the Cisco SG350 management page from that subnet, ie port 8 can connect to 192.168.108.254, same for the other two. I can get to the switch ok.

I have then experimented with the DHCP Server network pools to give out DNS ip addresses of the switch on the local ip range, the switch on its management IP, the router on the management ip range and googles public DNS, none of which seem to work.

After some research I found out about ACL and ACE and configured these to permit any and all traffic which has not helped. I have been fiddling with VLANs, PVID's, Static routes, next hop forwarding etc.

I created a DMZ in the Draytek router, it did what we needed without vlans, without crating any static routes - why cant the Cisco do this when it is a Layer 3 switch configured as a DHCP server?

I think I am clearly missing something network related that I have not yet learnt about or is cisco specific. Has anyone got any pointers for me?

Regards,

Henry

balaji.bandi · ‎08-30-2019

Trying to understand below issue :

The only step I have not managed to get working here is I believe DNS routing back to the router for internet access.

can you elaborate more, i may be misunderstood here ? so need clarity so we can offer some solution to test.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

InCo · ‎09-02-2019

Hi Balaji,

The switch is giving out DHCP addresses ok, and the networks are separate which is also how id like them.

What is not working here, is DNS traffic back to the Draytek router on 192.168.1.1 so that clients can use the internet provided by the draytek to the cisco switch.

I assume this is a static routing issue or a next hop router issue but i cant seem to get this working.

InCo · ‎09-02-2019

I have now setup static routes in the draytek and can ping the router from one of the vlan clients on the cisco, so we are one step closer.

I cannot however ping an internet hostname, ie www.google.co.uk so we still have some traffic issues. I have assigned an ACL rule to permit all traffic but this has not resolved the issue. I am still fiddling around, will keep you updated.

InCo · ‎09-02-2019

Another update; giving the ip pool a public DNS of 8.8.8.8, internet access works just fine.

Setting the pool to use either the router (192.168.1.1) or to use the switch (192.168.x.254) gives us no DNS.

However on the management vlan, internet access works ok.

balaji.bandi · ‎09-02-2019

This looks like your IP do not have DNS resolving for the 192.X series, this need to resolve setup the DNS Services.

From router works fines means what interface is using to go out, that might have DNS resolving.

post the full configuration of switch to look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

InCo · ‎09-02-2019

Attached is the Cisco tech data, hope that gives enough info.

DNS is working, on VLAN1, the router (192.168.1.1) is working fine. The clients on the other VLANs can also contact the router via ping so the routes are setup ok.

balaji.bandi · ‎09-02-2019

how is this device connected to internet ? do you have any other device doing NAT ? if so you need to do NAT for the rest of the IP range ?

user----SG50----(? what is this device ) ---Internete

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

InCo · ‎09-03-2019

The SG350 is connected to an old Draytek 2830. It is getting internet from its WAN port on our guest network in the office, i wonder if that is causing it a few issues?

I might try moving the switch onto our backup broadband line and check connectivity using the router as DNS without it being behind another guest network.

InCo · ‎09-03-2019

Saying that, on the 192.168.1.x network, aka the management VLAN1, DNS works ok using the router IP of 192.168.1.1.

The only time the DNS does not work, is when you are on a different VLAN with a different IP range. You can ping the router without issue, but the dns doesnt work. Surely that means this is nothing to do with the Draytek or its internet source, as it works on one but not on another.