Re: Switch is not reachable via VPN

Michael 13 · ‎10-23-2020

Hi.

I've got a question concerning this situation:

Switch A (Cisco SG-300) answers on 192.168.1.70/24

Switch B (Cisco SG-350X) answers on 192.168.1.90/24.

This works as long as I am in the same subnet.

But when I try it via VPN I cannot reach switch A any more; neither via ssh nor via https. Switch B is reachable as usual via VPN!

When I look on both switches I get this on switch B:

show ip route

Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static
S 0.0.0.0/0 [1/4] via 192.168.1.1, 513:37:16, vlan 1
C 192.168.1.0/24 is directly connected, vlan 1

but this on Switch A:

show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: disabled
Codes: > - best, C - connected, S - static
C 192.168.1.0/24 is directly connected, vlan 1

So I think that's a routing problem -- but I cannot find any settings for routing on the SG300 (Layer2-Mode) whereas I can find them on the SG350X under IPv4 Config --> IPv4 Interface.

Does anybody know what to do?

Thanks!

Michael

Seb Rupik · ‎10-26-2020

Hi there,

SwitchA has no default route, so as you point out it cannot route packets off-link. The CLI command is:

!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!

In the GUI this can be set under 'Management and IP Interfaces' -> 'IPv4 Static Routes'

cheers,

Seb.

Martin Aleksandrov · ‎10-26-2020

Hello Michael,

Firstly, you have to enable the Layer 3 system mode on the SG300 switch so that the device will have IP routing capabilities as well as
Layer 2 system mode capabilities. Go to Administration->System Settings->System mode. Then you'll be able to see the IPv4 static routing options in the GUI as Seb mentioned in his reply. This can be done as well through CLI.

Regards,

Martin

Michael 13 · ‎10-26-2020

Hi. Ok -- thanks. I wonder why the SG300 has to be turned into L3-mode?! The switch ran in L2-mode so far!

I also found these settings ... do I have to set a gateway there?