Solved: Re: SG350 - No Operational VLANS

stevenle · ‎11-21-2019

I have a Cisco SG350. Configuration is below. From the switch I can ping all around my network outside of the switch so connectivity into and out of it is fine through the uplink port. The issue is I cannot get a device plugged into any of the switch ports to connect and grab a DHCP address. As far as I can tell the vlans are all configured correctly.

In the GUI I do not see any operational vlans on the ports but I do see Administrative vlans. Configuration is below. Been at it now for a few hours and can't even get one device to work on it. Completely frustrating.

SOFTWARE-SG350#show run
config-file-header
SOFTWARE-SG350
v2.4.0.94 / RTESLA2.4_930_181_045
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
cdp device-id format hostname
vlan database
vlan 6-8,16-18,99
exit
voice vlan id 18
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SOFTWARE-SG350
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
encrypted radius-server host x.x.x.x key XukR4EqhHMpyvk6uYBWg2zyi0K84e287aUe1yGS45868sI=
ip http authentication aaa login-authentication login-authorization radius local
aaa authentication login authorization SSH radius local
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> aaa authentication enable authorization SSH radius enable
aaa authentication login Console local radius
aaa authentication enable Console enable radius
line ssh
login authentication SSH
enable authentication SSH

exit

ip ssh server

ip http timeout-policy 1800
clock summer-time web recurring usa
sntp server 10.101.1.1
ip domain name brandes.com
ip name-server 10.10.2.151
!
interface vlan 1
shutdown
!
interface vlan 6
name "6th Floor Data"
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> !
interface vlan 7
name "7th Floor Data"
!
interface vlan 8
name "8th Floor Data"
ip address 10.8.5.206 255.255.0.0
!
interface vlan 16
name "6th Floor Voice"
!
interface vlan 17
name "7th Floor Voice"
!
interface vlan 18
name "8th Floor Voice"
!
interface vlan 99
name MGMT
!
interface GigabitEthernet1
no switchport
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
interface GigabitEthernet2
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
interface GigabitEthernet3
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
interface GigabitEthernet4
no switchport
switchport mode trunk
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
interface GigabitEthernet5
no switchport
switchport access vlan 8
no macro auto smartport
!
interface GigabitEthernet6
no switchport
switchport mode trunk
switchport trunk native vlan 8
no macro auto smartport
!
interface GigabitEthernet7
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> interface GigabitEthernet8
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094
no macro auto smartport
!
interface GigabitEthernet9
switchport mode trunk
switchport trunk native vlan 7
switchport trunk allowed vlan remove 1-6,8-16,18-4094
no macro auto smartport
!
interface GigabitEthernet10
switchport mode trunk
switchport trunk native vlan 8
no macro auto smartport
!
exit
ip default-gateway 10.8.1.1
ip default-gateway 10.8.1.3
SOFTWARE-SG350#exit]
% Unrecognized command
SOFTWARE-SG350#exit

Sujoy Paria · ‎11-22-2019

Hi Stevenle,

Please remove the “no switchport” command from the GigabitEthernet interfaces and check the status first where VLAN 8 is allowed as Native VLAN. “no switchport” command is used to set the interface as a Layer 3 interface, I think due to that you are facing the problem.

View solution in original post

Jaderson Pessoa · ‎11-21-2019

Hello @stevenle

I think that this switch is your core.

My questions: Why just vlan 8 has ip address? If you want one vlan per floor, i suggest to create one network per floor. Check below exemples in bold;

interface vlan 6
name "6th Floor Data"
[0mMore: <space>, Quit: q or CTRL+Z, One line: <return> !
interface vlan 7
name "7th Floor Data"

ip address 10.8.4.1 255.255.255.0
!
interface vlan 8
name "8th Floor Data"
ip address 10.8.5.1 255.255.255.0
!
interface vlan 16
name "6th Floor Voice"

ip address 10.8.6.1 255.255.255.0
!
interface vlan 17
name "7th Floor Voice"

ip address 10.8.7.1 255.255.255.0

!
interface vlan 18
name "8th Floor Voice"

ip address 10.8.9.1 255.255.255.0
!
interface vlan 99
name MGMT

i will suggest to remove the command "switchport trunk native vlan 8" from all trunks if possible.
!interface GigabitEthernet1
no switchport
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet2
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet3
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet4
no switchport
switchport mode trunk

switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet5
no switchport
switchport access vlan 8
no macro auto smartport
!
interface GigabitEthernet6
no switchport
switchport mode trunk
switchport trunk native vlan 8
no macro auto smartport
!
interface GigabitEthernet7
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
no switchport
switchport mode trunk
switchport trunk native vlan 8
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet9
switchport mode trunk
switchport trunk native vlan 7 (why 7?)
switchport trunk allowed vlan remove 1-7,9-17,19-4094 : add vlan 8 under trunk
no macro auto smartport
!
interface GigabitEthernet10
switchport mode trunk
switchport trunk native vlan 8
no macro auto smartport
!
exit

why two default gateway? Could you remove one of them?

ip default-gateway 10.8.1.1
ip default-gateway 10.8.1.3

But this is an exemple, if you make the changes as suggested, you will need improve some other resources like below;

crate a dhcp scope for each network;

create a nat/firewall/route back to each network in your firwall/router

Best regards,

Jaderson Pessoa.

Jaderson Pessoa
*** Rate All Helpful Responses ***

stevenle · ‎11-21-2019

Only vlan 8 has an address so that I can manage the switch remotely. We're using this switch in offices where there is not enough cabling to fit the network need temporarily. We have floors 6,7 and 8 so I have all the vlans in there depending on where this switch moves to. Vlans 6,7 and 8 represent data on the those floors while vlans 16,17,18 represent voice on the same floors. On each interface I allow vlan 8 and 18 but the iOS is as such that it only shows which vlans are not allowed.

We already have a DHCP server which should be able to grant an address to any device plugged into this SG350 switch. So not needed on the switch itself. I did remove one of the gateways as I don't need two, but connectivity to the rest of my network is not an issue from the switch.

Jaderson Pessoa · ‎11-21-2019

well.. i didnt understood your isse.. could you help me with more detail? What exactly happens?

Jaderson Pessoa
*** Rate All Helpful Responses ***

Sujoy Paria · ‎11-22-2019

Hi Stevenle,

Please remove the “no switchport” command from the GigabitEthernet interfaces and check the status first where VLAN 8 is allowed as Native VLAN. “no switchport” command is used to set the interface as a Layer 3 interface, I think due to that you are facing the problem.

Jaderson Pessoa · ‎11-22-2019

nice appointment... i really didnt saw this command under interface :D

Jaderson Pessoa
*** Rate All Helpful Responses ***

stevenle · ‎11-22-2019

Brilliant! I even typo'd in the switchport command once and immediately removed it. Can't believe I didn't see that.

Absolutely worked. Thank you! Solved!

Sujoy Paria · ‎11-25-2019

Hi Stevenle,

Glad to know that the issue has been resolved now.

SG350 - No Operational VLANS

Cisco Business Product Family

Cisco Switching Product Family