Re: Inter VLAN routing on SG350

Athena1390 · ‎09-20-2018

Hello,

I'm configuring a new SG350-28P, running with the latest frimware (2.4.0.94).

Layer 3 is supposed to be already active (default settings); I cannot find any choice (Layer 2 / Layer 3) as found on SG300 series.

I have a default router : 192.168.1.1

I configured the following VLAN :

- VLAN 1 : IP 192.168.1.2 / 255.255.255.0

- VLAN 20 : IP 192.168.20.1 / 255.255.255.0

In the IP Configuration -> IPv4 Interface -> IPv4 Routing is enabled.

I configured the following IPV4 Static Route :

Destination IP	Prefix Length	Route type	Next Hop Router IP	Metric	Outgoing Interface
0.0.0.0	0	Remote	192.168.1.1	4	VLAN1

From VLAN1 (the switch itself, and any device connected to VLAN1), I can access the Internet.

The IPV4 Forwarding Table contains :

Destination IP	Prefix Length	Route type	Next Hop Router IP	Route Owner	Metric	Admin. distance	Outgoing Interface
0.0.0.0	0	Remote	192.168.1.1	Static	4	1	VLAN1
192.168.1.0	24	Local	192.168.1.2	Directly Connect			VLAN1
192.168.20.0	24	Local	192.168.20.1	Directly Connect			VLAN20

Problem from VLAN 20 is :

- I can ping the local switch interface 192.168.20.1

- I can ping the VLAN1 switch interface 192.168.1.2

- I cannot ping the default gateway 192.168.1.1

- And I cannot ping anything on the Internet (of course)...

Do you have any idea to solve this issue please ?

Thanks in advance for your help.

Seb Rupik · ‎09-20-2018

Hi there,

Does the router (192.168.1.1) have a route back to 192.168.20.0 /24 via 192.168.1.2 ?

If it is a siply router, then chances are you will not be able to add IP routes to it. So you will need to NAT 192.168.20.0 /24 (and any other VLANs you add to the SG350) onto 192.168.1.0 /24 . The problem is the SG350 does not support NAT.

...so you need a NAT device to sit between the router and SG350.

Let us know where you get stuck above.

cheers,

Seb.

Athena1390 · ‎09-20-2018

Hi,

Thanks for the answser.

The switch itself is a L3 ! It must do the routing (if not, what does L3 mean) ?

Event with the router disconnected, there is no inter-vlan routing.

From a PC in one VLAN, I cnnot ping a PC in the other VLAN (but I can ping the interface in the other VLAN).

Athena1390 · ‎09-20-2018

The route has been added, as suggested.

From VLAN1, the packets are routed to the SG350, and then dropped.

Test :

- Source of the tracert : PC 192.168.1.182

- Destination of the tracert : PC 192.168.20.101

- Hops :

* 192.168.1.1 (router)

* 192.168.1.2 (SG350)

* then, nothing, no internal routing in the SG350

My old SG300 switches can do that !!
The interVLAN routing is automatic ! Even without any router.

Seb Rupik · ‎09-20-2018

What are the devices you have connected to the SG350? Are they windows machines? By default the windows firewall will not respond to ping requests.

Can two devices in the same VLAN ping each other?

Athena1390 · ‎09-20-2018

Yes, they are Windows PC, and they can ping each-other when they are connected in VLAN1.

I added the route in the router : Destination 192.168.20.0 /24 - Gtw 192.168.1.2

The router itself can ping the SG350 VLAN20 interface 192.168.20.1.

But, it cannot ping the PC in VLAN20...

Tracert show the (ping to VLAN20 PC) is routed to 192.168.1.2 (SG350) but... no further.

Lee Cox · ‎09-20-2018

I assume you are using 192.168.20.1 as your default gateway for your client PCs. It would not work for me a couple of years ago when I tried to use 192.168.1.2 as my default gateway for all the other VLAN clients.

Yes I have done this on my SG300-28 L3 switch. I figured out I like a separate router VLAN for my for connection to the router. I use a point to point VLAN for my router VLAN. You might try using a separate router VLAN to see if it works.

Have used both the Cisco RV320 and RV340 routers and they work fine.

Athena1390 · ‎09-21-2018

I did a full reset this morning.

I applied the same configuration and... it works now !!

AboubacarCISSE0624 · ‎04-27-2021

Hello
I was looking for a solution and I came across your post,
Could you share your config so that the interVlan routing of the SG 350 switch works?
the devices of the same VLAN manage to ping but impossible with the other Vlan.

Don Zouras · ‎04-27-2021

Unfortunately, I gave up on my SG350. I purchased a used 2960 switch to solve my problems because it has the full Cisco feature set.

Martin Aleksandrov · ‎04-27-2021

Hi AboubacarCISSE0624,

You can also look at https://www.youtube.com/watch?v=xK5HmMlaIlg.

Regards,

Martin

AboubacarCISSE0624 · ‎04-27-2021

thank you for your answer but
I watched this video ten times but it does not really solve my problem, if you have a method any other way to help me I am a taker

Martin Aleksandrov · ‎04-27-2021

Hi,

That should work as expected. Did you check the firewall on your end devices? Oftentimes it is set to block ping and inter-VLAN traffic.

AboubacarCISSE0624 · ‎04-27-2021

no there is no perfume problem,
I would like the different vlan to communicate with each other without the need for a router, I thought of a static routing but a router is needed in this case.
So if you have a tutorial or a very detailed video to guide me it will be good because I really have been struggling for days on this subject

cyberconsultants · ‎04-27-2021

If your only interVLAN routing test is via ping (especially using only Windows hosts), you should seriously consider Martin's most recent advice.

Nearly every time this question is posted, the issue ends up being an application firewall, e.g. Windows Firewall, and has nothing to do with switching. InterVLAN routing is literally a checkbox. And if hosts are able to reach each other on the same VLAN, then we know your VLANs are properly configured.

Check local firewalls on the hosts you're testing from. If in fact Windows hosts, enable a rule like this: