Re: SG350 network config - Page 2

InCo · ‎08-30-2019

Hi All,

I am a support engineer for a mix of home users and small businesses and have over 10 years of experience. I consider myself very skilled in this field, however managed switches like these are not something I usually tinker with.

We have recently taken over an office building, which houses numbered rooms with small business clients within each. Without boring you with loads of details, we basically purchased this Cisco SG350-28 to separate the networks so that each client has their own IP range and cannot see other users machines.

I have an old Draytek 2830n here for testing, configured with an address of 192.168.1.1.

I have configured this Cisco SG350-28 with an IP of 192.168.1.254 - turned on the DHCP server and got internet access working easily on the base management VLAN1. All config has been done via the web GUI, not via command line.

I have configured the switch as a DHCP server, set up port 8 for office 8 to give out 192.168.108.x. The same for office 9 and 192.168.109.x, and the same again for office 10 at 192.168.110.x. This all appears to work (after great difficulty), clients get the correct DHCP addresses and cannot see one another which is as we would expect.

The only step I have not managed to get working here is I believe DNS routing back to the router for internet access.

For each port I have configured the IPv4 interface to be able to access the Cisco SG350 management page from that subnet, ie port 8 can connect to 192.168.108.254, same for the other two. I can get to the switch ok.

I have then experimented with the DHCP Server network pools to give out DNS ip addresses of the switch on the local ip range, the switch on its management IP, the router on the management ip range and googles public DNS, none of which seem to work.

After some research I found out about ACL and ACE and configured these to permit any and all traffic which has not helped. I have been fiddling with VLANs, PVID's, Static routes, next hop forwarding etc.

I created a DMZ in the Draytek router, it did what we needed without vlans, without crating any static routes - why cant the Cisco do this when it is a Layer 3 switch configured as a DHCP server?

I think I am clearly missing something network related that I have not yet learnt about or is cisco specific. Has anyone got any pointers for me?

Regards,

Henry

InCo · ‎09-04-2019

My last post did not upload my second screenshot...

balaji.bandi · ‎09-04-2019

This proves 192.168.1.1 not able to resolve the DNS records, but as per your last messaged you able to resolve with the network 192.168.1.X , can you provide that output frrom the PC has 192.168.1.X with DNS entry on the PC going to be 192.168.1.1

post the nslookup same output.

also post the your DNS config to verify

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

InCo · ‎09-04-2019

leecoxhouse1 · ‎09-06-2019

Are you using an access port for the router connection to the switch. If you are using a trunk port this may cause this behavior. I did not see it in your post. I use my SG300-28 in layer 3 mode and have the router setup on an access port. The default port setting is trunk. You want to force the switch to do layer 3 rather than pass it to the router.

InCo · ‎09-09-2019

All ports on this switch are by default set to Layer 2 - Access.

If I go to VLAN management > Interface Settings and set the router port and one of the laptop ports to Layer 3, the laptop on said port can then not ping or reach a DHCP server breaking network access.

If i do the same but set only the router port to Layer 3, no laptop can ping 192.168.1.1.

This seems massively counter intuitive considering im using Layer 3 for DHCP but setting the port to Layer 3 breaks the config.

InCo · ‎09-19-2019

Bumping this for any other suggestions...