Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
5
Helpful
3
Replies

Help with Cisco SG500-28P configuration for VLANs

hoku
Level 1
Level 1

‎10-07-2017 05:38 PM - edited ‎03-21-2019 11:16 AM

I just bought a Cisco SG500-28P yesterday and am setting it up for my small business and would like some advise/confirmation on VLANs.

I currently use untangled as my router, but will be migrating to pfsense.  Currently the Sg500 is on latest firmware(1.4.8.6)/boot(1.4.0.02) and configured using default settings as a Layer 2 switch and untangled is doing the routing along with internet access.  I have an Asus RT-AC68U flashed with tomato that I use as an access point.

My goal in the configuration is to  segregate my less secure traffic (wireless devices and things like wired devices such as an amazon fire tv) from my main more "secure" network.  I currently do routing between the VLANs on my router.

I used this guide https://www.youtube.com/watch?v=1IjwFVqJOa0 and have created a LAG on the switch for my synology.

I now want to implement VLANs and can not figure out how to assign the linked interface to VLAN2 and it currently sits on VLAN1.

My setup:

  • eth2 (default) 192.168.0.0/24 - router (untangled)

  • eth2.1 VLAN1 = 192.168.1.0/24 - cisco switch, link aggregation works here

  • eth2.2 VLAN2 = 192.168.2.0/24 - synology, wired network, WHERE I WANT THE LAG TO BE

  • eth2.3 VLAN3 = 192.168.3.0/24 - less secured devices (Sonos, Amazon fire, Echo, SONOS...) but I need limited access to some IP addresses on VLAN2 (such as printers, synology shares for SONOS)

I have created the VLANs using PORT TO VLAN but the LAG interface (13/14) is greyed out as can be seen in following image and I can't figure out how to assign to VLAN2

https://imgur.com/LHda01m

 

QUESTION:

1.  How do I assign the LAG to VLAN2?

 

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎10-09-2017 12:57 AM

Hi there,

On the 'Port to VLAN' page, when you select 'LAG' from the dropdown box, click 'Go'. this should then make the table below show all of your LAG interfaces. Then select individually select VLANs 1,2,3 from the 'VLAN ID equals to' dropdown box, on your LAG interface selec 'Tagged' and then click 'Apply'.

 

To confirm your configuration, go to 'Port VLAN Membership', select 'LAG' and click 'Go'. Each tagged VLAN ID will be listed against your LAG interface.

 

The CLI steps are much easier:

!
int range gi1-2
  channel-group 1 mode on
!
int port-channel1
  switchport mode trunk
  switchport trunk allowed vlan add 1,2,3
!

cheers,

Seb.

 

hoku
Level 1
Level 1
In response to Seb Rupik

‎10-09-2017 04:40 AM - edited ‎10-09-2017 04:54 AM

Thanks, that did it for me. I tried it yesterday, but I must not have pressed go like I thought I did as it did not show me that option.

One last question, should the switch stay on VLAN1?  Currently I have to leave a port on the switch open and physically connect a computer to manage the switch.  Can I do that say from a computer connected on VLAN2?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to hoku

‎10-13-2017 12:28 AM

It is best practice to not use VLAN1 for any purpose and should be left for inter-switch communication, so use, move the SG500 Layer3 interface onto VLAN2.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents