Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3499
Views
0
Helpful
4
Replies

Help configuring SG300-10p using VLAN's and/or DHCP components??

gballas01
Level 1
Level 1

‎05-23-2015 10:36 PM

Hi, Hoping to get a little assistance with this.  Have found a few examples about the net, but all seem a bit different...

They say picture worth a thousand words (even if a bad one, my apologies), but here goes:

 

...

so here's briefly what I'm trying to accomplish....(see above)

I have a network on a Comcast fiber with public static IP's ..I have a cisco router 1921 up front, then a cisco SG300-10p switch to handle traffic connections between my internal network of computers (behind firewall), the VoIP phone system, and another 3rd party data network....all those pieces are all functioning just fine.....

Now I need to add Wireless "guest" network to the mix, separate and outside of the firewall (and any internal business systems). Were going to be using (5) Cisco WAP321's (PoE) ...each location has been cabled with a home run back to patch panel. My plan is to use another 2nd Cisco SG300-10p (new, on the diagram)  to be the central switch and power supply for the WAP's ...I've changed that switch to L3 (as router) and have setup a 2nd VLAN and have added 5 ports to it (one for each WAP), but what I would also like to do is have those 5 ports also have a DHCP server to manage assigning IP's (like a 192.168.40.xx or 10.10.10.xx etc) ....(so to have a VLAN across 5 ports of the SG300 and handle the DCHP for the WAP's (to simplify WAP setup, since they all be hanging 12+ ft on the walls...and be my power source and my gateway...all as a nice neat package). I will use 1 one the public static IP's we have for 2nd SG300 and point it to the Cisco 1941 as the network gateway.(like my 1st SG300-10).... but I seem to be stuck....I can't seem to find where to set the DHCP and IP ranges for the VLAN? I want the "Guest" access to be seamless as people wander through the building while using the Wireless access to the INET (totally outside the office Firewalled apps etc).

So right now I'm a bit stumped...can I do this? does each WAP have to be a separate VLAN?? as it's own static address?? Seems to me I could just do this with a series of regular wireless routers, bridges/boasters etc...but everything in this network is "business class" so was thinking this would be a more robust solution, but the programing is stumping me (fyi been trying to do via the Cisco Web Browser interface,or do I need to program manually via Console like I had to do my Cisco 1921??)

Can someone point me in the right direction here? (or have some examples or same code to refer too). I feel I'm close, but still a bit new to some of these business class devices, and seem to be missing couple of key pieces.

Thanks in Advance!

George

 

Labels:
0 Helpful
4 Replies 4

Andrew Lien
Level 1
Level 1

‎05-26-2015 12:10 PM

Hi George,

 

My name is Andy and I am a content developer for the Cisco Knowledge base. Did you ever find a solution to your question? I can try to chime in.

From your post it seems like you have the following concern:

I can't seem to find where to set the DHCP and IP ranges for the VLAN

 

And I can infer that you've already done the following:

1. Change the mode from L2 to L3.

2. Create the vlans and assigned port to vlans.

 

I have a few suggestions to point you in the right direction:

1. First, create your ipv4 interfaces for the static IPs that you own, and the subnets you want to assign to each port (i.e. 192.168.2.100 for (example) port 2, 192.168.3.100 for (example) port 3..)

2. Next, go to IP Configuration > DHCP Server > Properties, and make sure you have enabled DHCP server on the switch. By doing this though, you have to make sure all your vlan interfaces have a static IP address, otherwise you'll be prompted with an error message.

3. Next, we'll configure the DHCP pool so that your created vlan can assign an IP address to any connected PC/WA. To do this,  go to IP Configuration > DHCP Server > Network Pools. In the window, click Add and in the resulting window that follows, enter your pool name in the pool name field, subnet IP address of your desired VLAN in the Subnet IP Address field. For the subnet ip address field, let's say you're interested in having port 2 be on subnet 2 and give out ip address under that subnet, then you can enter in (example) 192.168.2.0. Assign the subnet mask and range of the pool you want the vlan to assignment. For the gateway ip address, remember to choose a different ip address, for (example) 192.168.2.1. For the dns server address, you can use 8.8.8.8, which is google's dns server ip address. Anything below is optional as per your topology specifications. Click apply to apply your first pool and create any additional pools as per your vlan configuration (see your ipv4 configuration).

 

4. Once you have pools created, you need to apply it to the ports on your switch. Whenever a pc or wap is connected to that port, the device will receive an ip address under the respective pools. Navigate to VLAN management > Port VLAN Membership, and in the resulting table for the default VLAn 1, you should see all the port information for VLAN 1. Click on a port you want, in your case, it would be GE5, GE6, GE7, or GE8, and click Join VLAN. In the resulting window, make sure 1UP is removed from the menu on the right, and then choose the vlan you want associated with the port. In my lab setup, I set it up as untagged before moving it to the right menu. Click apply.

 

 

I used a lot of examples here, but I think it may point you in the right direction (I'm actively working on a video script to send to our video team for better clarity). I can try to answer any additional concerns you have.

 

As always, when you're testing your configuration, be sure you device is on the same subnet as whatever port you're on (either by making it dynamically be assigned an IP address, to statically be on the same subnet as the port its connected to), to rule out a common connectivity issues. You can use IP Configuration > DHCP Server > Address binding to view previously assigned IP Addresses to the PC/WAP in order to test out dhcp pools.

 
0 Helpful

gballas01
Level 1
Level 1
In response to Andrew Lien

‎05-26-2015 09:28 PM

Hi Andy ..and thanks for your quick input...

but ...No Have not solved this yet ....got pulled into another mess earlier today...back to here now.

Many thanks for your suggestions thus far and I'm going to try them out shortly...

just couple questions for you....(not sure if this came across right, but)

1) My original thought was that 5 ports of the SG300-10 would be assigned to same VLAN, or must each port on the switch be different VLAN?

2) also my thought is to have all the WAP (each on 1 port of the SG300) ..and all would get ip's like 192.168.60.XX where the xx gets assigned by DCHP (from the switch)...thinking if with add, move or replace a unit...would make the maintenance simpler ...the intent of this SG300 is mainly just to manage the WAPs

3) idea is as people move around through the building, there connection is seamless and consistent (so as to not drop a "call" like what happens many times with cell phones when you move from cell to cell)...with 5 WAPs for this particular floor plan...there should be no reason for any dead spots and all connects should be seamless from one "area" into the next "area" ...if the VLAN's are all separate subnets, won't my guests remote devices be forced into changing IP's (per different subnet for each VLAN and then each WAP)

4) again my concept, and I've done this before with like simple Linksys wireless routers and range extenders/expanders and you can just move from point to point and your connection stays with you. Idea here is trying to do this with more commercial  grade / business products using Cisco, for even more solid solution. I'm still a bit unsure when it comes to these Cisco business class items. I know there more powerful but also know can really mess up the programming too!

Really appreciate your comments...just making sure I'm understanding you suggestions and that I've explain myself clearly as to what my end result be ...I certainly don't want to waste anyone's time if what I'm trying to do won't work like I'm hoping,  or is not realistic. Thanks so far for your time.

George

 

....wait as I think through this more and more....maybe I'm over complicating this??

If my SG300 switch is merely for my WAP's ....then can't I just setup switch to do DHCP for like 192.168.60.XX ip's and just add the IP route to this SG300 to my main gateway?? Maybe I don't even need VLAN's?? any thoughts??

Still leave SG300 in L3 mode? Setup DHCP? Do I need to assign ports??

0 Helpful

gballas01
Level 1
Level 1
In response to gballas01

‎05-26-2015 11:13 PM

Ok so I've done some testing here's my current config:

 

switch-xsg300-10p
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

.........removed some security stuff..........
 
voice vlan oui-table add 0001e3 Siemens_AG_phone________
......removed for space........
voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp server
ip dhcp excluded-address 192.168.60.1 192.168.60.49
ip dhcp pool network brew-wap1
address low 192.168.60.1 high 192.168.60.254 255.255.255.0
exit
bonjour interface range vlan 1
hostname switch-xsg300-10p
!
interface vlan 1
 ip address xx.yyy.84.84 255.255.255.192
 no ip address dhcp
!
exit
ip default-gateway xx.yyy.84.126

 

Now when I connect my laptop thru this switch I get assigned an IP via DHCP but seems to be coming from my dsl router gateway (using that as a test environment)...and not a 192.168.60.xx IP ...so this mean I do need to create a VLAN?? (I had some problems trying to use the GUI interface, so I'm going back and forth between CLI and the Management interface. AT this point I think I may just need a couple of line commands, but the last time a added a VLAN and assigned an address, I suddenly could reach the switch ...and had to rest it. Perhaps someone can suggest what I'm missing here??

 

Thank You,

George

0 Helpful

gballas01
Level 1
Level 1
In response to gballas01

‎05-27-2015 10:23 PM

Hi Andy,

Getter closer now ..perhaps you can help me resolve my final (I hope) issue...

I've included diagram and latest Config of where I'm at and also the sh ip routes info.

(1st I'm testing in my office on my network, which I've done many times before build these config's before. Actually the whole front end on my diagram was config'd on my bench 1st....this is not my issue).

Ok I've got the "new" SG300-10 #2 up and running at least for normal type traffic ...that is I've left the first couple ports setup "normal" ...meaning that when I plug in my laptop, I get an IP (aa.bbb.84.82) from DHCP from my router which I expected to happen and I have Internet Access - perfect.

Now I have VLAN 60 setup (only on ports 4 & 5 for testing), with DHCP attached to it for network range 192.168.60.???.  When I connect my laptop to one of those ports I get an IP assigned (192.168.60.50 as expected) and seems to pickup as GW 192.168.60.1 ...again as I expected and wanted. BUT from those ports I cannot access the internet (can't ping anything other than 192.168.60'S)...no route outside??

Now from within the SG300 (have Telnet access) ....seem to be able to ping internal and external addresses no problem.
So it seems I have no route from the VLAN  60 to my Gateway (which is ultimately at aa.bbb.84.126 of my DSL service. I have 64 public ip's)

I had a similar problem with a Cisco router once and was just missing an ip route call.....my issue now seems very similar. Really seems I'm just missing something (hopefully simple)? Can you help me with this please?? I really need to get this up and running now (I can't believe how long I've been at this).

Please let me know if there's any addition info you need that I may have left out.
Hope to heard from you soon. Thanks so much for your time

George

here's config info:

-------------------------------------------------------------

switch374109#sh run
config-file-header
switch374109
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

...removed for security...
!
vlan database
vlan 60
exit
voice ..removed for space _______

ip dhcp server
ip dhcp excluded-address 192.168.60.1 192.168.60.49
ip dhcp pool network wap1
address low 192.168.60.1 high 192.168.60.254 255.255.255.0
default-router 192.168.60.1
dns-server 8.8.8.8 8.8.4.4
exit
bonjour interface range vlan 1
hostname switch374109
!
interface vlan 1
 ip address 76.202.84.84 255.255.255.192
 no ip address dhcp
!
interface vlan 60
 name wap1
 ip address 192.168.60.1 255.255.255.0
!
interface gigabitethernet4
 switchport mode access
 switchport access vlan 60
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 60
!
exit
ip default-gateway 76.202.84.126
ip route 192.168.60.0 /24 76.202.84.126
switch374109#

NEXT................

switch374109#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S   0.0.0.0/0 [1/1] via 76.202.84.126, 02:40:59, vlan 1
C   76.202.84.64/26 is directly connected, vlan 1
S   192.168.60.0/24 [1/1] via 76.202.84.126, 02:04:24, vlan 1

switch374109#

----------------------------------------------------------------------------------

 

Preview file
40 KB
0 Helpful
Customers Also Viewed These Support Documents