10-07-2017 05:38 PM - edited 03-21-2019 11:16 AM
I just bought a Cisco SG500-28P yesterday and am setting it up for my small business and would like some advise/confirmation on VLANs.
I currently use untangled as my router, but will be migrating to pfsense. Currently the Sg500 is on latest firmware(1.4.8.6)/boot(1.4.0.02) and configured using default settings as a Layer 2 switch and untangled is doing the routing along with internet access. I have an Asus RT-AC68U flashed with tomato that I use as an access point.
My goal in the configuration is to segregate my less secure traffic (wireless devices and things like wired devices such as an amazon fire tv) from my main more "secure" network. I currently do routing between the VLANs on my router.
I used this guide https://www.youtube.com/watch?v=1IjwFVqJOa0 and have created a LAG on the switch for my synology.
I now want to implement VLANs and can not figure out how to assign the linked interface to VLAN2 and it currently sits on VLAN1.
My setup:
eth2 (default) 192.168.0.0/24 - router (untangled)
eth2.1 VLAN1 = 192.168.1.0/24 - cisco switch, link aggregation works here
eth2.2 VLAN2 = 192.168.2.0/24 - synology, wired network, WHERE I WANT THE LAG TO BE
eth2.3 VLAN3 = 192.168.3.0/24 - less secured devices (Sonos, Amazon fire, Echo, SONOS...) but I need limited access to some IP addresses on VLAN2 (such as printers, synology shares for SONOS)
I have created the VLANs using PORT TO VLAN but the LAG interface (13/14) is greyed out as can be seen in following image and I can't figure out how to assign to VLAN2
QUESTION:
1. How do I assign the LAG to VLAN2?
10-09-2017 12:57 AM
Hi there,
On the 'Port to VLAN' page, when you select 'LAG' from the dropdown box, click 'Go'. this should then make the table below show all of your LAG interfaces. Then select individually select VLANs 1,2,3 from the 'VLAN ID equals to' dropdown box, on your LAG interface selec 'Tagged' and then click 'Apply'.
To confirm your configuration, go to 'Port VLAN Membership', select 'LAG' and click 'Go'. Each tagged VLAN ID will be listed against your LAG interface.
The CLI steps are much easier:
! int range gi1-2 channel-group 1 mode on ! int port-channel1 switchport mode trunk switchport trunk allowed vlan add 1,2,3 !
cheers,
Seb.
10-09-2017 04:40 AM - edited 10-09-2017 04:54 AM
Thanks, that did it for me. I tried it yesterday, but I must not have pressed go like I thought I did as it did not show me that option.
One last question, should the switch stay on VLAN1? Currently I have to leave a port on the switch open and physically connect a computer to manage the switch. Can I do that say from a computer connected on VLAN2?
10-13-2017 12:28 AM
It is best practice to not use VLAN1 for any purpose and should be left for inter-switch communication, so use, move the SG500 Layer3 interface onto VLAN2.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide