Hi ledude101, I think you are

ledude101 · ‎07-15-2015

Hi all.

I've been scratching my head for quite some time and I'm not sure why my setting is not working. Nothing really special with my setting, I'd say but again I'm not sure. I have 2 switches. one is SWA (SG300-20). The second one is SWB (Catalyst 3560). This is only pertaining to SG300-20. So here's my setting for my cisco SG300-20.

5 Vlans
Vlan 1, management vlan
Vlan 4 Lab 1 IpAddress/Gateway: 10.1.4.254 (Vlan route to internet gateway 10.1.4.1 (Linksys E3000 with DD-Wrt firmware)
Vlan 8 Home Network 1 Vlan route to internet gateway 192.168.8.1 (RT-AC68U)
Vlan 18 Home Network 2 internet Gateway: 192.168.18.254 (Vlan route to internet gateway 192.168.8.1)
Vlan 44 Lab 2 Ipaddress/Gateway: 10.1.44.254 (Vlan route to internet gateway 10.1.4.1)

So I want my Vlan 8 and 18 to use internet router 192.168.8.1 and Vlan 4 and 44 to use internet router 10.1.4.1

Nothing special right? Except, for whatever reason the DHCP I setup doesn't work. The machine in those separate vlan can't ping each other(I haven't even setup the ACL yet) and forget about going to internet. Nothing. Can someone please take a look at my sh run and see what I did/configure incorrectly? Many thanks everyone.

swa-sea#sh run
config-file-header
swa-sea
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 4,8,18,44
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
arp timeout 600
ip dhcp server
ip dhcp excluded-address 10.1.4.1 10.1.4.100
ip dhcp excluded-address 10.1.44.1 10.1.44.100
ip dhcp excluded-address 192.168.18.1 192.168.18.100
ip dhcp pool network Homenetwork1
address low 192.168.18.1 high 192.168.18.253 255.255.255.0
lease infinite
domain-name Homenetwork1
default-router 192.168.18.254
time-server 131.107.13.100
dns-server 10.1.4.2 192.168.18.2 8.8.8.8 8.8.4.4 192.168.8.78 192.168.8.68
exit
ip dhcp pool network Lab2
address low 10.1.44.1 high 10.1.44.253 255.255.255.0
lease infinite
domain-name Lab2
default-router 10.1.44.254
time-server 131.107.13.100
exit
ip dhcp pool network Lab1
address low 10.1.4.1 high 10.1.4.253 255.255.255.0
lease infinite
domain-name Lab1
default-router 10.1.4.254
time-server 131.107.13.100
exit
bonjour interface range vlan 1
ip access-list extended homenetwork
exit
hostname swa-sea
username cisco password encrypted secret1234231 privilege 15

ip ssh server
ip ssh password-auth
ip ssh-client username cisco
encrypted ip ssh-client password secret1234231
ip http timeout-policy 1800 https-only
clock summer-time PST recurring usa
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server nist-time-server.eoni.com poll
sntp server nist1-lv.ustiming.org poll
sntp server time-nw.nist.gov poll
sntp server time.nist.gov poll
ip name-server 192.168.8.78 192.168.8.68 8.8.8.8 8.8.4.4
!
interface vlan 1
ip address 192.168.8.254 255.255.255.0
no ip address dhcp
!
interface vlan 4
name Lab1
ip address 10.1.4.254 255.255.255.0
!
interface vlan 8
name Homenetwork1
!
interface vlan 18
name Homenetwork2
ip address 192.168.18.254 255.255.255.0
!
interface vlan 44
name Lab2
ip address 10.1.44.254 255.255.255.0
!
interface gigabitethernet1
spanning-tree portfast
switchport mode access
!
interface gigabitethernet2
spanning-tree portfast
switchport mode access
!
interface gigabitethernet12
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet13
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet14
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet15
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet16
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet17
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet18
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet19
switchport trunk allowed vlan add 4,8,18,44
!
interface gigabitethernet20
switchport trunk allowed vlan add 4,8,18,44
!
exit
ip default-gateway 192.168.8.1
ip route 10.1.4.0 /24 192.168.8.1
ip route 192.168.18.0 /24 192.168.8.1

ledude101 · ‎07-16-2015

No one can comment on this?

davec2000 · ‎07-23-2015

Hi,

Are your client devices in the access ports or the trunk ports? If they're in the access ports you'll need to tell the port which VLAN to be in or it will go in the default VLAN. If the client device are in the trunk ports then the client will need to tag the traffic with the appropriate VLAN.

Do you need the ip route commands? The SG300 will determine it's on routes between the VLANs

What output do you get from ip show routes?

Dave

ledude101 · ‎07-23-2015

Hi Davec2000.

Client devices are in the access ports. This is what I typed when I'm assigning vlan4 to port 1

interface ge1

switchport mode access

switchport access vlan4

spanning-tree portfast

This is the result of "show ip route"

Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static

S 0.0.0.0/0 [1/1] via 192.168.8.1, 148:13:09, vlan 1
C 10.1.4.0/24 is directly connected, vlan 4
C 10.1.44.0/24 is directly connected, vlan 44
C 192.168.8.0/24 is directly connected, vlan 1
C 192.168.18.0/24 is directly connected, vlan 18

and this is what I type when I do ip route command.

ip route 0.0.0.0 0.0.0.0 192.168.8.1

Is this what you are asking? Many thanks for your help davec2000.

davec2000 · ‎07-24-2015

Hi Ledude101,

It looks like it should work. On the client on Ge1/VLAN 4 can it ping 10.1.4.254? Can it ping 192.168.8.254?

If so, are there firewalls in place on the client devices on the other VLANs? For the Internet browsing are you manually configuring DNS servers?

Cheers.

ledude101 · ‎07-26-2015

Hi Davec2000.

I'm able to ping the gateway 10.1.4.254 from my device but it can't ping other devices in other vlan. For example, it can't ping 10.1.44.100 and of course not the gateway in Vlan44 either. The DNS is also not resolving. I defined the DNS address in the DHCP server for each of the VLAN. So something is really not doing right. I'm guessing the intervlan is not working even though I've configured it. Very strange.

davec2000 · ‎07-30-2015

Hi ledude101,

I think you are correct, the routing isn't working for some reason. I'm not sure what to suggest, though you could try backing up the config, then erase the startup config. Then perhaps try just two VLANs and see if your clients can route to each other via the switch. If that works then you could build it up back to your desired config.

If it doesn't work you could change the switch back into Switch mode which will erase the config, then change back into Router mode and retry.

Configuring Cisco SG300-20