I am trying to get my Sg300-28 to work as L3 and intervlan routing except for VLAN22 which I want isolated. .I think I have this correct as defined below except that VLAN22 is not isolated I only give VLAN22 access to the internet but not the other devices on the network (VLAN1 and VLAN2). When I plug in a device on GE6 22UP (ie VLAN22) it still has access to everything. 

2 Questions?????

1. WHAT IS WRONG WITH MY SETUP??. I must have VLAN22 as interVLAN routing somehow to allowed access over VLAN. Need to disable that and if so how do I do that?

2. If I want to change my other switch (Switch2) to L3 also is there anything that I need to do to create L3 commiuncation between the two switches?

Thanks in advance.

Connect Switch L3 (192.168.1.6) Port GE1 into Port of Switch L2 (192.168.1.2) Port GE7 on L2 switch is Trunk 1UP,2T,22T. L2 switch is connected to router thru Trunk connection 1UP, 2T, 22

Setup is as follows

Router (192.168.1.1)-->L2 Swtich (192.168.1.2) --> L3 switch (192.168.1.6)

1. L2 switch and router have VLAN 1, 2 and 22 defined and are working without issues. Devices on VLAN22 do not have access to the network devices just the internet. All ports work as expected.

2. Setup for L3 switch

    a. Put in L3 mode

    b. Define VLAN 2, and 22

c. Define Port GE1 Trunk 1UP, 2T, 22T

d. Define Port GE2 Trunk 1T, 2UP, 22T

c. Define Port GE3 Trunk 1T, 2T, 22UP

d. Define Port GE4 Access 1UP

e Define Port GE5 Access 2UP

f Define Port GE6 Access 22UP

3. Set IP config to add VLAN2 and 22

4. Set IPv4 Routes to Router (192.168.1.1) fro each VLAN. These are autocreated when VLAN created

5. Set DHCP Relay from Router including server table

6. Set DHCP Interface Settings