Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
1
Replies

SG500 - Intervlan routing help needed

JeremiahRempel7818
Level 1
Level 1

‎08-26-2019 08:12 AM

I have a SG500 and am looking to seperate out my network from a current flat network.  I want to have 5 vlans with one being a DMZ.  I have a dynamic internet connection that most vlans will need to connect to.  I have a firewall hainging off the side that I want most internet traffic to go through.  I have two Aruba AIP 215's that will trunk three vlans.  I want my managment vlan to be accessable by a few computers on another vlan for admin purposes.  I also need access to a media server via 2 of the vlans.  Below is a small list and what I'm wanting to do.  I'm having a hard time wrapping my head around how to set this up.  Below is my devices:

vlan10: Managment  192.168.10.0/24

vlan20: LAN/clients   192.168.20.0/24

vlan30: DMZ             192.168.30.0/24

vlan40: VPN              192.168.40.0/24

vlan50: IoT-Devices  192.168.50.0/24

ge1/0/1 - Cable Modem ISP Dynamic IP - Internet

ge1/0/2 - vlan10/20/30/40/50 - Media Server / Firewall (Untangle) / VPN

ge1/0/3 - vlan10 - NAS Media Storage

ge1/0/4 -POE - vlan20/30/50 -Aruba AIP 215 WiFi

ge1/0/5 -POE - vlan20/30/50 -Aruba AIP 215 WiFi

ge1/0/28 - vlan20 - PC

ge1/0/27 - vlan20/40 - PC

 

As I mentioned all but vlan10 need to be able to access to internet.  I need to be able to access servers on vlan10 from vlan 20.  I need to be able to use the vpn from several servers as well as my main PC.  I will have a IoT vlan that will access the internet but I want it completely seperated from the rest of the network.  It will connect to Home Assissant that will be centeral controler for all the IoT devices.  Is it also possible to have a backup route for incase the firewall goes down?  If so I would only want to allow TCP443 and UDP 53 so I can at least have connectivity in the event the server housing the FW goes down.  Any help given will be greatly appreaciated.

 

I'm really unsure how to route all the traffic through the FW if I have it off the side instead of inline as it currently is.  Right now I go (Cable modem - FW - Switch - Network) and I have the FW handling the NAT and DHCP.  I want the switch to handle NAT and DHCP but pass all outbound traffic to the FW first.  Thank you.

 

- Jeremiah

Labels:
0 Helpful
1 Reply 1

Glenn Martin
Cisco Employee
Cisco Employee

‎08-26-2019 08:51 AM

Hi Jeremiah,

 

This might be a little elementary for you, but thought I'd send it over anyway. This is a getting started video for Inter-VLAN routing: https://www.youtube.com/watch?v=xK5HmMlaIlg

 

 

 

 

Configuring Inter-VLAN Routing on SG350 and SG550 Switches
Configuring Inter-VLAN Routing on SG350 and SG550 Switches
youtube.com/watch?v=xK5HmMlaIlg
Learn how to configure Inter-VLAN Routing on SG350 and SG550 Switches
0 Helpful
Customers Also Viewed These Support Documents