Cisco SG500-28P - use router and Layer 2 or setup as Layer 3?

hoku · ‎10-09-2017

I just bought a Cisco SG500-28P yesterday and am setting it up for my small business and would like some advise/confirmation on VLANs.

I currently use untangled as my router, but will be migrating to pfsense. Currently the Sg500 is configured using default settings as a Layer 2 switch and untangled is doing the routing along with internet access as well as inter-VLAN routing.

I have configured the following setup on both my router and the swtich:

eth2 (default) 10.0.0.0/24
eth2.1 VLAN1 = 192.168.0.0/24 - switch (SG500), another switch
eth2.2 VLAN100 = 192.168.1.0/24 - synology, wired network, ...
eth2.3 VLAN200 = 192.168.2.0/24 - less secured devices (Sonos, Amazon fire, Echo, SONOS...)

I need limited access to some IP addresses on VLAN100 from VLAN200 (such as printers, synology shares for SONOS). Currently I can do that via the router, but was wondering if I can/should move that to the switch.

QUESTIONS:

1. Should I change my setup to a Level 3 vs. Level 2

a) If so, is there a tutorial on how to do that within the web interface (do I simply change to type 3 and loose my config, redo all the VLAN config?
b) do I remove vlan definitions on router?
c) how/where do I create routing rules (via web interface)

Flavio Miranda · ‎10-10-2017

Hi,

Only my 50 cents.

I think you should let it as is. pfsense is a great tool and will provide you mode flexibility and security as well.

Switch, specially this on, is good at doing L2. Maybe some vlan definition just to increase security and improve performance by controling broadcast.

-If I helped you somehow, please, rate it as useful.-