cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4090
Views
10
Helpful
21
Replies

Intervlan routing using SG300-10, SG300-28MP, SG200-50 and RV042

CiscoEng69
Level 1
Level 1

Hello,

I need help configuring inter-VLAN routing. I am setting up 2 VLANs plus the admin VLAN 1 as follows:

- RV042 is used as a firewall (i'll probably replace it with something else)

    - LAN ip addr 10.1.1.10

    - SG300-10 connected to VLAN1 port

- SG300-10 is my core switch.

    - set system mode router

    - VLAN 1 (admin) - 10.1.1.1

    - VLAN 2 (cameras) - 192.168.200.254

    - VLAN 3 (computers and 1 server) - 192.168.100.254

    - ports 8 - 10 trunked

    - GVRP enabled

    - 2 dhcp pool network setup on this switch

    - default route 0.0.0.0 0.0.0.0 10.1.1.10

- SG300-28MP is my POE camera switch

    - VLAN 2 - 10.1.1.3

    - vlans created automatically through gvrp

    - ports 27, 28 trunked

- SG200-50 is my computing lan switch

    - VLAN 3 - 10.1.1.2

    - vlans created manually since I could not find anywhere to configure gvrp. I assume gvrp is not supported on this switch.

 

Please see the attached image file for more details. I am also attaching the configuration files.

Can someone help me figure this out please. At this point in time, I am not able to get the 3 SGx00 to talk to route among each other.

Thanks

21 Replies 21

Michael Swenson
Cisco Employee
Cisco Employee

Hello,

 

Since the RV042 does not support Vlans, you will need a have a point to point connection between the RV042 and the SG300 layer 3 device.  This connection should not be the same subnet as any of your SG300 Vlans.

Thus, you could set the RV042 lan to any network you are not using.  Example 10.0.0.1/30

Next set one interface's IP to 10.0.0.2/30 on the SG300.  This is a routed port.  When setting the IP address you would choose port instead of Vlan.

Next your will need to add a static route on the RV042 for the networks on the SG300

Route =  source 192.168.100.0/24 to dest 10.0.0.2 IP on the SG300

Route = source 192.168.200.0/24 to dest 10.0.0.2 ip on the Sg300

router - source 10.1.1.0/24 to dest 10.0.0.2 IP on the SG300

Finally change your default route on the SG300 to9 the 10.0.0.1 IP on the RV042

 

Hope this helps

Best Regards,

Hi Michael,

Thanks for your feedback. The RV042 that I am using is the CISCO RV042. It does support VLANs. The Linksys RV042 does not, but to simply things I will use it as you explained. I am wondering:

  - is it advisable to use gvrp? or create the vlans myself on the other switches?

  - I noticed with gvrp, the vlans are created by number (example: vlan 1, vlan 2, etc), the name is not replicated. Is this common behavior?

  - Can you confirm whether the SG200 supports gvrp? It seems to me that it doesn't. 

  - If I have gvrp enabled on two switches and the third switch has the vlans manually created, they should be able to communicate. right?

  - In this setup, do I need to worry about tagged or untagged vlans on the trunk ports? 

Thanks

Wael

Hello Wael,

The Cisco RV042 does support "port" based Vlans.  However, these are not true vlans.  The RV042 does not support a trunk port which would allow multiple Vlans on one port.  Furthermore, the device only supports DHCP for 1 Vlan / Subnet.

For best control over the Vlans and to reduce the chance of down time because the Vlan database is overwritten, I would recommend manually creating the Vlan on all switches.

Furthermore, the SG200 does not support gvrp.

Yes, Grvp creates the VLans by number.

Yes, If grvp creates the Vlans on 2 switches and you manually create the Vlans on the 3rd switch, all will communicate correctly.

Yes, typically, the data or management Vlan is untagged and all other Vlans are Tagged on the trunk port.  Ports for endpoints like you PC should, only, be untagged on the Vlan you need the for the PC.

 

Hope this help

Best Regards,

Mike

Great. I will work on this and hopefully have everything working by next week. I'll let you know if I run into problems.

Hello Michael,

I started the configuration from scratch. Right now I configured the SG300-10 in router mode.

vlan 1 = 10.1.1.1 255.255.255.0

vlan 100 = 192.168.100.254

vlan 200 = 192.168.200.254

Ports 9 and 10 are in trunk mode.

I put port 7 in vlan 100 and port 8 in vlan 200 to test that dhcp is working.

when I am logged in to the L3 switch i am able to ping the ip addresses above.

From my machine, i am able to ping only the 10.1.1.1 and 10.1.1.2 (my machine's addr is 10.1.1.5)

--------

SG300-28MP

i set up the vlans manually 

ip address is 10.1.1.2

ports 27 and 28 in trunk mode

Attempt 1:

Ports 1 - 24 vlan 200 (access mode)

Attempt 2:I am not getting an ip addrress from the dhcp configured on the SG300-10

Ports 1 - 24 vlan 200 (general mode)

I am still not getting an ip addrress from the dhcp configured on the SG300-10

-------

SG200-50

not working on that right now

------

dchp pool network for vlan 100

gateway 192.168.100.254

dhcp pool network for vlan 200

gateway 192.168.200.254

------

on the SG300-10

show ip route, shows vlan 200 as connected.

Configuration files attached

To workaround the problem I am tempted to just put all ports on the SG300-10 to access mode and use the other switches as unmanaged switches, but I'd like to avoid that.

What am I missing?

 

THanks

RV042 ( 10.1.1.1 255.255.255.0 ) connects to a routed port on the SG300 ( 10.1.1.2 255.255.255.0 ) in layer 3.  Not Vlan 1 on the SG300, just a routed port. 

On the SG300, IP configuration -  IPV4 Interfaces - add - select a port instead of vlan and assign IP address ( 10.1.1.2 ).  Use this port to connect to the RV042.

Next on the SG300 setup your Vlans:

 - Vlan 1 - 10.0.0.1 / 24

 - Vlan 100 - 192.168.100.1/24

 - Vlan 200 - 192.168.200.1/24

Next add the default route:

On the SG300, IP configuration - IPV4 routes - add - Dest IP 0.0.0.0, mask 0.0.0.0,next Nop 10.1.1.1, metric 1

Next setup the DHCP for all Vlans:

IP configuration - DHCP,   enable the DHCP server and setup the DHCP pools for each network. 10.0.0.0, 192.168.100.0 and 192.168.200.0

 

Finally setup the Vlans for each port

 - Trunk port to another switch = 1U, 100T and 200T

 - Trunk port to PC should have only a Untagged Vlan.  1U if the PC is in Vlan1,  100U if in Vlan 100 and 200U for Vlan 200

 - Trunk ports to WAPs, 1U,100T,200T

 

The key to the routing is the default gateway that is assigned to the end points.  This should be 10.0.0.1 for VLan 1, 192.168.100.1 for Vlan 100 and 192,168.200.1 for Vlan 200.  This point to the L3 switch.

On the RV042 you need to add a static route for Vlan 1,100 and 200

Dest IP 10.0.0.0/24 next hop = 10.1.1.2

Dest IP 192.168.100.0/24 next hop = 10.1.1.2

Dest IP 192.168.200.0/24 next hop = 10.1.1.2

Configuration files attached

Hi Michael,

Thanks for your help. I changed my ips to match your reply. When you mentioned SG300, I assumed you meant the SG300-10. I implemented your suggestions. Now I am at the SG300-28MP which is my camera switch. I setup ports 27 and 28 to trunk mode setting VLAN 1 native and allowing VLANs100, 200. The rest of the ports are in switchport mode access. Would that work or should i change it to trunk mode. My understanding is that trunk mode is for use when connecting to other routers or switches.

At this point, once i connect the 28MP switch port 27 or 28 to the SG300-10 port 10 I am not able to logon to the 28MP switch [I have not yet connected the RV042 at this time]

Another question, since I plan to use the SG300-28MP to connect vlan 200 devices only. Should I allow vlan 100 on the 27, 28 trunked ports? Obviously devices connected to the vlan 100 switch might need to access the cameras.

 

Hi Michael,

My problem is still unresolved.

Hello Wael

TRunk mode is when you need more than 1 vlan to be allowed across the port.

Access mode is when you only need one Vlan.

Thus access ports are for end point devices.  PCs, MACs, printers cameras...

Trunk port would be the uplinks to another switch or router.  Could also be a WAP device that support multiple VLans

 

No you would not need to add Vlan 100 to the trunk ports of the SG200 switch.  The layer 3 switch will route the traffic from Vlan 100 to Vlan 200 when required.

 

Please give us a call at 866.606.1866 if you need us to log in with Webex and review your configuration.

 

Regards,

Mike

Hi Michael,

I'll have to do with whatever free support I can get. I just realized that PCs on the different VLANs can ping each other, but it takes a bit of time for things to start. I also noticed that when i do tracert 192.168.200.100 (from the .100.100 pc) takes 6ms going through the L3 (SG300-10) switch.

 

When I connect an IP camera to the .200 switch, I can only ping it from .200 vlan, but not from the .100. I thought this may be a security feature of the camera, but the problem is I can't access its admin web page (from the .100 vlan). Any thoughts? I am talking from the vlan side of things.

Thank you. You've provided me with enormous help so far. I really appreciate it.

High ping times could mean routing issues.  If another device is attempting to route the subnet ( vlan ), this could cause slow connection and dropped packets.  DOes the RV042 still have the subnet configured.  The RV042 should only have an IP that is unique to it and the uplink on the SG300.

RV042 - 10.1.1.0/30
 

Make sure the cameras have a default gateway for the 200 Vlan.  192.168.200.1

 

Next, on the PC your are pinging from, the firewall may be blocking packet from an unknown subnet Vlan 200.  To test temporarily disable the firewall or add an exception for the Vlan 200 subnet.

Regards, Mike

Hi Michael,

I corrected the gateway on the camera and now it works beautifully. Pinging between the vlans is also resolved, although when I do tracert 192.168.200.114 (camera ip) from the 100 computer, it takes 4 ms each way going through the .100.254 gateway (same the other way too). I don't know if this is normal or not, but the tracert seems a bit long i feel. It takes about 10 seconds to finish printing the first line. Pinging on the other hand is very very fast even for the initial ping.

 

On SG300-10

gi7 port is set to 10.1.1.2/24 and connected to 10.1.1.1/24 on the RV042. Interface is showing UP/UP

in the routing table for SG300, 10.0.0.0 and 10.1.1.0 are directly connected.

Default route 0.0.0.0 is set to 10.1.1.1, gi7

 

On the RV

It is set to "Router" mode. I have the static routing set to:

192.168.100.0/24 set to 10.1.1.2

192.168.200.0/24 set to 10.1.1.2

10.0.0.0/24 set to 10.1.1.2

I am able to ping all addresses on all the equipment we've been dealing with, but not the WAN port of the RV042. I reset it to factory defaults and reconfigured it. Now I am able to go on the internet if i am directly connected to it, but not when i connect it to the SG300.

I tried to set a default route which I thought is probably unnecessary, but it still would not let me out. 0.0.0.0 0.0.0.0 WAN 1 x.x.x.1 (my ISP gateway). Again the device itself shows "connected" on the wan port.

What could i be missing?

Thanks

Happy to hear the layer 3 routing is working better for you.

 

Yes 4ms would be normal when pinging from one subnet to another.

 

The 10 minute tracert does seam long.  Does the tracert show the correct hops?

 

Best Regards,

Mike

Thanks. Yes they both show the correct hops, for example pinging the 200 vlan from the 100 shows the .100.254 gateway on the SG300-10

My main worry is the internet part though.