cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2674
Views
0
Helpful
7
Replies

Cisco SG300 Network Expansion (Configure 2 Switches)

Paul Robinson
Level 1
Level 1
I’m currently in the process of expanding my network having bought a second Cisco SG300-20 which is now sitting in my lab, my current setup is described below
 
Internet
^
|
Draytek Router 192.168.1.1
^
|
Cisco SG300-20 192.168.1.2
^
|
VLAN 12 Workstations interface 10.0.12.1 
VLAN 13 Management interface 10.0.13.1
VLAN 14 Pubic interface 10.0.14.1
VLAN 15 Private interface 10.0.15.1
VLAN 20 Storage interface 10.0.20.1
 
 
I then have a number of servers with multiple nics that run on the various VLANS attached to certain ports in the Cisco Switch
 
VLAN 12 and 14 have been given access to the internet with routes added to Draytek to 10.0.12.1 / 10.0.14.1
 
 
 
Now what I want to do is to expand the network running a link from my first switch to the new switch.  Ive read a number of notes on this forum but confused as to what I need to do.
 
I want the new switch to have access to all the VLANS configured on the first switch and will set the ports access to the various VLANs for each server that is being connected.
 
Have read that its best to have any additional switches on the network configured as Layer 2 and leave just one switch to do the routing (is that correct?).  So have left the new switch as Layer 2 and given it an IP of 192.168.1.3
 
So the first question is how do I configure the uplink port from switch 1 (Port Gi2) to Switch 2 (Port Gi1).  
 
Should I run multiple cables and create a LAG between the two switches?  Allowing for additional bandwidth (I stream a lot of HD movies across the network to the workstations)
 
 
I have attached my running config from switch 1 below.
 
Any help would be appreciated, unfortunately networks are not my strong point.
 

prcswitch01#show running-config
config-file-header
prcswitch01
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router 

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end XXXXXX
!
vlan database
vlan 12-15,20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Workstations
address low 10.0.12.20 high 10.0.12.100 255.255.255.0
lease infinite
default-router 10.0.12.1
dns-server 10.0.15.200 8.8.8.8
exit
bonjour interface range vlan 1
hostname prcswitch01
username cisco password encrypted XXXXXXX privilege 15
ip ssh server
!
interface vlan 1
 ip address 192.168.1.2 255.255.255.0
 no ip address dhcp
!
interface vlan 12
 name Workstations
 ip address 10.0.12.1 255.255.255.0
!                                                     
interface vlan 13
 name Management
 ip address 10.0.13.1 255.255.255.0
!
interface vlan 14
 name Public
 ip address 10.0.14.1 255.255.255.0
!
interface vlan 15
 name Private
 ip address 10.0.15.1 255.255.255.0
!
interface vlan 20
 name Storage
 ip address 10.0.20.1 255.255.255.0
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet4
 switchport mode access                               
 switchport access vlan 12
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet6
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet7
 switchport trunk allowed vlan add 13-15
!
interface gigabitethernet8
 switchport trunk allowed vlan add 13,20
 switchport trunk native vlan 12
!
interface gigabitethernet9
 switchport trunk allowed vlan add 13-15
!
interface gigabitethernet10
 switchport trunk allowed vlan add 13,20              
 switchport trunk native vlan 12
!
interface gigabitethernet11
 switchport trunk allowed vlan add 13-15
!
interface gigabitethernet12
 switchport trunk allowed vlan add 13,20
 switchport trunk native vlan 12
!
interface gigabitethernet13
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet14
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet16                           
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet17
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet18
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet19
 switchport mode access
 switchport access vlan 12
!
interface gigabitethernet20
 switchport mode access
 switchport access vlan 12
!
exit
ip default-gateway 192.168.1.1
prcswitch01#   

 
7 Replies 7

Paul Robinson
Level 1
Level 1

I have managed to get my second Layer 2 switch to talk to the Layer 3 switch but still having issues with getting the vlans working. I have setup a single vlan 20 as a test on my Layer 2 switch but cant talk to the device I have connected

 

These are the steps I've followed so far

-- Configure Trunk Port prcswitch01 to connect to prcswitch02

config t

interface gi2

switchport trunk allowed vlan add all

end

copy start run

 

-- Configure Vlan 20  prcswitch02

config t

int vlan 20

name Storage

end

copy start run

 

-- Config Port Membership prcswitch02

config t

int gi19

switchport trunk allowed vlan add 20

end

copy start run

 

NAS on IP 10.0.20.196 SN 255.255.255.0  GW 10.0.20.1

I am able to ping the management interfaces from prcswitch02

ping 10.0.20.1

But cant ping the NAS I have connected to port gi19

 

Please can someone help me with configuring these switches to work together.

 

Thanks

 

Paul

 

Ok, think I have sussed it.

 

I've made the following changes

Trunk between prcswitch01 port gi2   ------>  prcswitch02 port gi1

Both have been given access to all vlans I want across the devices using TAGGED VLANS

 

I have then configured the ports which are attached to my QNAP NAS to allow access to VLAN 20 my storage VLAN and have configured them as UNTAGGED

 

I can now ping my QNAP NAS across my network.

 

Think this is the correct way to do it, can someone please pass some comments is this the correct way to do this.

 

Thanks

 

Paul

 

Hi Paul,

Exactly how it suppose to be. Note:

-> Trunk ports are used between infrastructure devices mainly and require one native VLAN untagged, matching Port VLAN ID and all the other VLANs need to be tagged so that both ends can distinguish which packet belongs to which VLAN;

-> Access ports are used to connect edge devices such as host, printers etc. when the device is not able to send tagged traffic, also it is good practice for security reason;

LAG may be good idea if:

1. the bottle neck on the network is link between two switches and traffic goes via this link;

2. there are many users accessing the same server - LAG is using MAC source/destination and IP source/destination algorithm thus it would not identify difference between two sessions from the same host to the same server;

I hope it helps,

Aleksandra

 
Hi Aleksandra,
 
Im still having issues with my setup.  The servers I have connected have VLAN tagging enabled
 
Previously I had my esxi server connected via two nics with ports configured on my Layer 3 switch prcswitch01 as follows
 
Port 1 Trunk VLAN 13-15
Port 2  Trunk VLAN 13,20
 
My NAS was configured on a single port on VLAN20
 
 
The ESXI server can only have a single gateway which is used by both interfaces
 
~ # esxcli network ip route ipv4 list
Network    Netmask        Gateway    Interface  Source
---------  -------------  ---------  ---------  ------
default    0.0.0.0        10.0.13.1  vmk0       MANUAL
10.0.13.0  255.255.255.0  0.0.0.0    vmk0       MANUAL
10.0.20.0  255.255.255.0  0.0.0.0    vmk1       MANUAL
 
 
Traffic was being passed from VLAN13 to VLAN20 to allow connectivity to the NAS on the ESXi server
 
This no longer seems to be happening on my Layer 2 switch.
 
I have configured the ports the same as previously setup on the Layer 3 switch.
 
When I have the esxi server connected I can reach the server on 10.0.13.11 but the server cannot ping the NAS on 10.0.20.196
 
Hope that makes sense, I’m confused about setting this new switch up.  Should I configure it as Layer 3 and setup interfaces for the various VLANS.  I was under the impression this would be done by my first switch.
 
Thanks
 
Paul

Hi Paul,

All depends really where the connection breaks.

1. if you cannot access NAS from the same subnet that may indicate that trunk between switches or switch and NAS is not working as expected; you may check mac address-table on switch port by port which are interconnecting devices used for testing;

2. if you cannot ping NAS being on different subnet but it works on the same subnet you have to check routing device on your network; please check default gateway for PC and NAS; you may also use tracert command to check how many routers the traffic passes through

I hope it helps a bit to narrow down,

Aleksandra

Hi Aleksandra,


I have been having a play with my switch and moved my esxi server to another couple of ports.

 

The interface that talks to the NAS on VLAN 20 via the management gateway on VLAN 13 is now able to talk to the NAS.


The only difference between this port and the port that doesnt work is that the new port has 1UP, 13T, 20T

 

Where the other port just has 13T 20UP

 

I try to change the PVID to 1 and all the vlans are removed.  What is the relevance of having a PVID set to 1.

Thats the only difference I can see.

 

Thanks

 

Paul

 

 

Hi Paul,

PVID Port VLAN ID is plays important role. In a simple way this is the VLAN ID which is given to egress traffic when the traffic does not contain any VLAN tag.

Note tagged traffic is not modified at all on trunk ports.

Other information such as 13T and 20U it is more sort of the access control for ingress traffic. 13T would indicate that only tagged traffic with 13 tag is allowed otherwise any untagged traffic would be treated as VLAN 20.

In the most extreme setup when PVID does not match untagged traffic on the port such as 20U and 1P it would create scenario when host on this port can receive traffic on VLAN 20 but sends it on VLAN 1. This is how Private VLAN ports actually works.

Going back to your tests it could mean that port with 13T 20UP has set "admit tagged only".

Or there is a mismatch between layer 2 isolation (VLAN) and layer 3 addressing (subnet). When hosts in the same subnet are outside one broadcast domain.

Regards,

Aleksandra