cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2117
Views
0
Helpful
6
Replies

cisco SG500 28 VLAN problem

karol.r
Level 1
Level 1

Hello,

I have problem with simple VLAN:

I change switch to layer 3 system mode.

To port 1 I have connected router. I create 2 vlans:

VLAN settings: vlan id 2    and vlan id  4

I go to Port VLAN Membership and I join vlan to GE2 2T, GE3 2T, GE4 4T, GE5 4T (I left 1UP in every GE).

Next I have done almost all possibly configuration:

     I made port 2,3,4,5 in access mode\trunk\general. I change them to tagged/untagged...

I want to do:

GE1 router/internet is visible for (port): 2,3,4,5.

Port 2 and 3 are visible for themselfs and not visible for 4 and 5.

Port 4 and 5 are visible for themselfs and not visible for 2 and 3.

I get IP from router via DHCP.

I configure cisco swith via web.

Can you help me with rest configuration?

Other questions:

1. I read that it is better to use VLAN based on ports than VLAN based on MAC. Why?

2. Should I configure my router to use this VLAN (besides DHCP)? (I use Microtik)

3. If I want to add server on port 20. (Access from every port (like router))  Do I have to configure port 20 the same as port 1?

Karol

6 Replies 6

Tom Watts
VIP Alumni
VIP Alumni

Hi Karol,

If your goal is only to have port and 2 and 3 available to each other and port 4 and 5 available to each other, you may consider to make an access list based on IP address in such a way to prevent (deny) whatever connecting to port 2 and 3 from access to the IP on whatever connects to port 4 and 5 and then do the opposite, whatever connects on port 5, make an access list to deny access to the IP of whatever connects to port 2 and 3.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

thank you for answer, but I would like to do VLAN. I bought Cisco SG500 and now I'm learning it, so I decide to do simpy VLAN (I think in the near future I will need it). I read many articles about VLAN, but I can't do any for me. I will be glad if you will help me.

Karol

Hello Nagaraja,

as I wrote in my first post I know how to add vlan and add port to interface. I don't know detailed configuration.

(in interface settings: interface vlan mode, administrative PVID in individual interfaces; in port to vlan: how set interfaces in vlan id1 and how in vlan id2... (port should be tagged or untagged or forbidden) and the same with port vlan membership.

Could you write me configuration proper to my example?

Karol

Hi Karol, for computers connecting to a switch port it should be untagged (access port)

For device inter-connection to carry multiple vlans, the default vlan is untagged and the additional vlans are tagged (on trunk)

Your original post indicates you want traffic available to certain ports while limiting traffic to the same resources by different ports. VLAN can separate traffic but VLAN cannot discriminate connections in that way.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

thank you for answer. I resolve problem with my vlan. Here are link's to sites which helped me to do it:

http://blog.idea4pro.com/tajemne-zycie-vlanow-2

http://netsystemhelp.blogspot.com/2012/01/vlan-on-cisco.html

http://it-erate.com/cisco-sg300-vlan-setup-vmware-esxi-5/

Karol