SG500 VLAN configuration

untitled_753 · ‎06-09-2013

Greetings.

I just recently purchased the SG500-52 Switch and is currently trying to configure the device for inter-VLAN connection and internet access.

I have set the device to L3 Mode. The gateway config IP is 192.168.9.254. The default VLAN ID is 1. The PC used for configuring the switch is plugged into the GE2 LAN port, and the internet is plugged into the GE48 LAN port.

I have 3 VLANs set up. VLAN 20 for Sales, VLAN 60 for Accounting, and VLAN 90 for IT. Port membership are as follows. All untagged

- GE1,GE2,GE25,GE26 are VLAN 20

- GE6 is VLAN 60

- GE9 is VLAN 90

- GE48 has membership of all VLANs. (1UP, 20T, 60T, 90T)

All ports are set to trunk mode, except for GE48, which has been set to General. IPs are manually configured with DHCP turned off.

From this PC (192.168.20.1), I can Ping and detect the computers within the same VLAN (VLAN 20) but computers in the different VLAN is completely inaccessible. Furthermore, I cannot access the internet.

Please help. Any suggestions would be appreciated. If you need more info, please do ask.

P.S. Sorry for my English.

Brandon Svec · ‎06-09-2013

you need to assign an IP for each VLAN and make that the default gateway for the devices using that VLAN. What is 192.168.9.254 and what VLAN is it in? Also, it does not seem you need trunk ports anywhere they could be access ports, but it is ok to leave as trunks as longs as the untagged PVID is the VLAN you want.

as example-

interface vlan 60

ip address 192.168.60.1 255.255.255.0

interface VLAN 90

ip adress 192.168.90.1 255.255.255.0

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-09-2013

Thank you for such a prompt response.

192.168.9.254 is the IP for the SG500 itself and it is located in VLAN 1. I configured the switch from VLAN 20 and therefore I used the address 192.168.20.254.

I have set the IPs in all VLAN with the corresponding address (.20.254 for VLAN 20, .60.254 for VLAN 60, .90.254 for VLAN 90). The remaining IPs are left for the client PCs.

I checked the Network Settings in Windows and set the default gateway and DNS to 192.168.20.254, but still couldn't access the internet at GE48.

P.S. - GE48 is a router which handles all internet traffic and has a designated IP of 192.168.9.29 and is a member of VLAN 1.

Brandon Svec · ‎06-10-2013

OK a couple more thoughts.

Make sure the ports if left as trunks have native VLAN to be what you want.

i.e.

interface gigabitethernet1

switchport trunk native vlan 60

Do you have a default route for the internet in the switch?

ip default-gateway 192.168.9.29

when you test internet ping 4.2.2.2 or 8.8.8.8 to first rule out DNS issues.

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-10-2013

The default route for internet has already been assigned (192.168.9.29 as default gateway). When I pinged from the switch (using HyperTerminal), the connections were fine. (Tested, 8.8.8.8, 4.2.2.2, www.google.com, all were successful) However, I could not ping from the client's PC from other VLANs. (Tested from VLAN 20)

Btw, regarding to trunk/access configuration, I experimented with both, except GE48 (to the internet) as General. Still couldn't access to the internet.

Brandon Svec · ‎06-10-2013

Also, I see no reason to use trunk ports in your configuration. They can all be access ports since you are doing inter-vlan routing on the switch. The ports you described can just be in the single VLAN and your router can be VLAN1.

-- please remember to rate and mark answered helpful posts --

Brandon Svec · ‎06-10-2013

Can you post switch config? Maybe also ipconfig and trace route from workstation?

Why do you feel you want router on trunk port rather than access vlan1 only?

Sent from Cisco Technical Support iPhone App

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-10-2013

Here's the "show running" from the switch.

% missin
no ssd file integrity control

SG500(co

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

% bad parameter value

!

vlan database

SG500(con

vlan 20,60,90 gigabitether

exit1

voice vlan oui-table add 0001e3 Siemens_AG_phone________alue

SG500(config)#interface gigabi

voice vlan oui-table add 00036b Cisco_phone_____________d parameter value

SG500(config)#int

voice vlan oui-table add 00096e Avaya___________________

% bad parameter value

SG

voice vlan oui-table add 000fe2 H3C_Aolynk______________

% Unrecognized command

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

% missing mandatory par

passwords aging 0

h

18 by

ip ssh server6

Port gi1/1/

clock timezone " " 7TRUNK.

clock source browser

SG500#

SG5

ip name-server 192.168.9.29

SG500(config)#int

ip domain polling-interval 18:****tems

ip telnet server500(config-if)#s

!t

interface vlan 1ve vlan 20ackets

ip address 192.168.9.254 255.255.255.0ke

SG500(config-if)#11-Jun-2013 09:16:5

ip address 192.168.90.254 255.255.255.0

!

interface gigabitethernet1/1/1

switchport trunk native vlan 20

!

interface gigabitethernet1/1/2

switchport mode access

switchport access vlan 20

!

interface gigabitethernet1/1/6

switchport trunk native vlan 60

!

interface gigabitethernet1/1/9

switchport mode general

switchport general allowed vlan add 90 untagged

switchport general pvid 90

!

interface gigabitethernet1/1/48

spanning-tree portfast

switchport mode access

!

exit

ip default-gateway 192.168.9.29

SG500#

Here's one of the client (VLAN 20) ipconfig

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . :
   Link-local IPv6 Address . . . . . : fe80::6ca1:fa53:236e:40e7%11
   IPv4 Address. . . . . . . . . . . : 192.168.20.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.20.254

Here's the Trace Route from the client.

Tracing route to 192.168.9.29 over a maximum of 30 hops

1     1 ms     4 ms     4 ms 192.168.20.254
2     *        *        *     Request timed out.
3     *        *        *     Request timed out.
4     *        *        *     Request timed out.
5     *        *        *     Request timed out.

I'm not sure whether I misconfigured anything. I tried switching GE48 from General to Access. Still no avail.

Brandon Svec · ‎06-10-2013

The config didn't show very clean but I don't see anything like

interface vlan 20
IP address 192.168.20.254

Is it there?

Sent from Cisco Technical Support iPhone App

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-10-2013

Yes, I typed it down to the switch through HyperTerminal.

SG500#config

SG500(config)#interface vlan 20

SG500(config-if)#ip address 192.168.20.254 255.255.255.0

SG500#config

SG500(config)#interface vlan 60

SG500(config-if)#ip address 192.168.60.254 255.255.255.0

SG500#config

SG500(config)#interface vlan 90

SG500(config-if)#ip address 192.168.90.254 255.255.255.0

SG500#config
SG500(config)#interface vlan 1
SG500(config-if)#ip address 192.168.9.254 255.255.255.0

Brandon Svec · ‎06-10-2013

Hmm. It would be good to see a clean config to be sure, but I am not sure what is wrong. What kind of router? If it is a firewall it could reject source address from other subnet then internal interface is on.

Sent from Cisco Technical Support iPhone App

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-10-2013

The router is a Linksys RV042. I'm pretty unconvinced of the firewall since the SG500 switch could ping through and PCs in VLAN 1 could access the internet directly. I would presume that's its an issue with the inter-VLAN internet connectivity.

Brandon Svec · ‎06-10-2013

Can you ping router on vlan 1 from pc on vlan 20?

Sent from Cisco Technical Support iPhone App

-- please remember to rate and mark answered helpful posts --

untitled_753 · ‎06-10-2013

All PCs in other VLANs cannot ping the router at VLAN 1.

Brandon Svec · ‎06-10-2013

So inter-vlan is working..

Sent from Cisco Technical Support iPhone App

-- please remember to rate and mark answered helpful posts --