Solved: CISCO SG-300 Vlan Communication on two switches

scalarpresence · ‎03-31-2018

I am a beginner in networking and our recently purchased two SG300 switches. The first switch is configured as Layer 3 switch with the following VLANS.

Vlan 1: 192.168.1.2 255.255.255.0

Vlan 10: 192.168.10.1 255.255.255.0

Vlan 20: 192.168.20.1 255.255.255.0

Vlan 30: 192.168.30.1 255.255.255.0

Vlan 40: 192.168.40.1 255.255.255.0

IPv4 Static Routing

Destination IP Prefix	Prefix Length	Route Type	Next Hop Router IP Address
0.0.0.0	0	Default	192.168.1.1

In the network we have a Fortigate 90D firewall with the following static routes:

Destination: 0.0.0.0/0 Gateway: 192.168.254.254

Destination: 192.168.10.1/24 Gateway: 192.168.1.1

Destination: 192.168.20.1/24 Gateway: 192.168.1.1

Destination: 192.168.30.1/24 Gateway: 192.168.1.1

Destination: 192.168.40.1/24 Gateway: 192.168.1.1

I need some help/suggestion on what to do with my second switch, since it will be deployed in a separate floor in the building. My first switch is configured with a DHCP Server Network Pool.

My questions are

Can the Vlans in the first and second switch communicate each other?

Is it possible that the second switch can get addresses from the DHCP Network in the first switch?

Thank you in advance!

sbhadrav@cisco.com · ‎07-05-2018

Hello,
page 293 of the attached user guide tells you how Is it possible that the second switch can get addresses from the DHCP Networkhttps://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

View solution in original post

Lee Cox · ‎03-31-2018

Yes you can extend your VLANs from your layer 3 switch to your other switch using trunks ports with the VLANs defined to the trunk ports. DHCP server on the layer 3 switch will flow to the other switch. If you are using a SG300 switch then the other switch can run in layer 2 mode. I currently do this because my Cisco WAP371 units run off a SG300-10MPP switch in layer 2 mode providing POE+ power for my wireless units. My Cisco SG300-28 in layer 3 mode has the VLANs defined to it and runs DHCP server.

My question is if you remove your internet device does your local LAN still work. With a layer 3 switch you should be able to power down your internet router and your local LAN should still run because the routing is being handled by your layer 3 switch. So if you have a VLAN 10 defined on your layer 3 switch and 192.168.10.1 is the layer 3 switch's IP address then your client's default gateway for VLAN 10 would be 192.168.10.1 The layer 3 switch would check routing for being local or not. It the client's requested IP lives on the internet then the layer 3 switch will route the IP out through the layer 3 switch's default gateway which points to the internet router next hop.

scalarpresence · ‎04-01-2018

Yes it will work. However when I tried to setup the second switch in layer 2 mode, I cannot communicate on the VLANS on my first switch. I setup a trunk port on my first switch (gi2) and same on my second switch (gi1). Here's the setup that I tried.

First Switch:

gi3-g5 are assigned to Vlan 10 - Access ports

gi6-g8 are assigned to Vlan 20 - Access ports

gi9-gi12 are assigned to Vlan 30 - Access ports

Second Switch

gi2-g4 are assigned to Vlan 10 - Access ports

gi5-g6 are assigned to Vlan 20 - Access ports

gi7-gi8 are assigned to Vlan 30 - Access ports

Is there something that I miss in setting-up the second switch? My only problem in the first switch at first is that I cannot browse the internet but when I add a static route pointing to the firewall solves my problem. If DHCP is possibleo on the second, can I just plug to a particular port, let's say in gi5 which is assign to vlan 20 and the layer 3 switch assign me an address?

mridsing · ‎04-01-2018

Hi,

Thanks for your post,

With the uplinks been used between switch 1 and switch 2.

->Trunk mode(already done)

->Proper tagging for all other vlans , like 1UP, 10T, 20T, 30T.

-----------------

Then in second switch we will be able to get the DHCP ip address for the connected devices from First switch which will have the DHCP server for vlan 10,20 and 30.

-----------------

In case you are facing issue with DHCP and further DHCP relay, you can open a case(service request) with us via chat or call support.

Regards,

Mridul

Cisco Small business Team.

Lee Cox · ‎04-01-2018

I have a SG300-28 in layer 3 mode with DHCP server. It feeds a SG300-10MPP switch in layer 2 mode using trunk ports. The SG300-10MPP powers my WAP371 units with multiple VLANs. My layer 3 switch provides DHCP to wireless clients also. You need to check your trunk port setup.

The comment about static routes seems not complete. You should have static routes on the internet router pointing to your layer 3 switch for each network on your layer3 switch except for the directly connected network. Your layer 3 switch should have a default route pointing to your internet router.

scalarpresence · ‎04-01-2018

My setup is ADSL router -> Firewall -> Layer 3 Switch -> Layer 2 Switch. Does that mean that there will be no static routes on my firewall pointing to my layer 3 switch?

Lee Cox · ‎04-02-2018

I don't know how your firewall works. Your ADSL router is going to send unknown networks out so you need static routes to point to your layer3 switch. How your firewall needs to play in the middle only you can answer that.

I would try to use an access port to feed the firewall. But I don't know your firewall.

sbhadrav@cisco.com · ‎07-05-2018

Hello,
page 293 of the attached user guide tells you how Is it possible that the second switch can get addresses from the DHCP Networkhttps://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf