cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4103
Views
10
Helpful
21
Replies

Intervlan routing using SG300-10, SG300-28MP, SG200-50 and RV042

CiscoEng69
Level 1
Level 1

Hello,

I need help configuring inter-VLAN routing. I am setting up 2 VLANs plus the admin VLAN 1 as follows:

- RV042 is used as a firewall (i'll probably replace it with something else)

    - LAN ip addr 10.1.1.10

    - SG300-10 connected to VLAN1 port

- SG300-10 is my core switch.

    - set system mode router

    - VLAN 1 (admin) - 10.1.1.1

    - VLAN 2 (cameras) - 192.168.200.254

    - VLAN 3 (computers and 1 server) - 192.168.100.254

    - ports 8 - 10 trunked

    - GVRP enabled

    - 2 dhcp pool network setup on this switch

    - default route 0.0.0.0 0.0.0.0 10.1.1.10

- SG300-28MP is my POE camera switch

    - VLAN 2 - 10.1.1.3

    - vlans created automatically through gvrp

    - ports 27, 28 trunked

- SG200-50 is my computing lan switch

    - VLAN 3 - 10.1.1.2

    - vlans created manually since I could not find anywhere to configure gvrp. I assume gvrp is not supported on this switch.

 

Please see the attached image file for more details. I am also attaching the configuration files.

Can someone help me figure this out please. At this point in time, I am not able to get the 3 SGx00 to talk to route among each other.

Thanks

21 Replies 21

Since I was sometimes able to ping the LAN side of the RV042 and sometimes not, I upgraded the firmware to version 4.2.3 and reset the router to factory defaults from the menu. I reconfigured the RV042 again with the exact same results.

Putting 10.1.1.2 in the DMZ, I was able to ping the WAN side. [I removed it after]

 

I am wondering if interface gi7 (which is what I am using to connect to the rv042) needs to be in VLAN 1.

 

While logged on to the SG300-10 I am able to ping yahoo, but not from a computer. The routing table on the rv042 shows the following:

[the n replaces the actual ip address for our network]

n.n.n.0255.255.255.248*0eth1
192.168.100.0255.255.255.010.1.1.21eth0
10.0.0.0255.255.255.010.1.1.21eth0
192.168.200.0255.255.255.010.1.1.21eth0
10.1.1.0255.255.255.0*0eth0
default0.0.0.0n.n.n.140eth1

Hello,

Make sure the default gateway on the PC is the IP address of the L3 switch's VLan IP

 

Also, run a tracert form the PC and let us know the results.

tracert 8.8.8.8

 

Best Regards,

Mike.

Hi Mike,

The gateway is correct on the PCs. I use 8.8.8.8 as my DNS. Below are 2 trace routes. One to the rv042 and the other to 8.8.8.8

On the RV042:

 - I cannot get beyond the 10.1.1.1 from the vlans.

 - Even the WAN side is not reachable unless I plugin the PC directly to the RV042

Tracing route to 10.1.1.1 over a maximum of 30 hops

  1     1 ms     5 ms     4 ms  192.168.100.254
  2    <1 ms    <1 ms    <1 ms  10.1.1.1

--------------------------
Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     5 ms     4 ms  192.168.100.254
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
...
...
...
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

The statuses below might be helpful from the L3

---------

core#show interfaces switchport gi7
Port : gi7
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 4095

---------

10.0.0.1/24         vlan 1     UP/UP         Static      disable    No         Valid
10.1.1.2/24         gi7        UP/UP         Static      disable    No         Valid
192.168.100.254/24  vlan 100   UP/UP         Static      disable    No         Valid
192.168.200.254/24  vlan 200   UP/UP         Static      disable    No         Valid

---------

S   0.0.0.0/0 [1/1] via 10.1.1.1, 19:10:29, gi7
C   10.0.0.0/24 is directly connected, vlan 1
C   10.1.1.0/24 is directly connected, gi7
C   192.168.100.0/24 is directly connected, vlan 100
C   192.168.200.0/24 is directly connected, vlan 200

-------

On the SG300-28

cam-switch#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: disabled
Codes: > - best, C - connected, S - static


C   10.0.0.0/24 is directly connected,

--------

    IP Address         I/F       Type       Status
------------------- --------- ----------- -----------
10.0.0.2/24         vlan 1    Static      Valid

 

 

 

Hello

 

Make sure you have a defautl route on the L3 switch

Next add the default route:

On the SG300, IP configuration - IPV4 routes - add - Dest IP 0.0.0.0, mask 0.0.0.0,next Hop 10.1.1.1, metric 1

Yes it already exists. The entry below is from the L3

S   0.0.0.0/0 [1/1] via 10.1.1.1, 19:10:29, gi7

 

when i do:

show ip route address 8.8.8.8, it shows 10.1.1.1

We connect to the internet via a CISCO 800 series switch provided to us by our ISP. Do you think that could be reason I cannot go beyond the RV042? If so, what should I ask them to allow?

I decided to connect my SGxx trio setup to a different router to test. I put it on a Linksys rv042 and noticed the following entries in the outgoing log. The entries correspond to my attempt to ping 8.8.8.8. 

The original cisco rv042 does not log this information even though the entry is checked in "General Log\Deny Policy". 

The firewall settings are set to allow all traffic from Lan (Any to Any)

May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1
May 25 09:51:52 2015   Connection Refused - Policy violation   ICMP type 8 code 0 192.168.100.100->8.8.8.8 on ixp1

The problem is resolved.

- I set my rv042 to gateway.

- Enabled the "Multiple Subnet" on the LAN side.

- Assigned ip addresses from my vlans to the LAN interface Ex: 192.168.100.1 and .200.1

- Now tracert works much faster from the computer (although the entries are not as fast to come up as the ones from my isp" (about 5 secs). 

- Web browsing seems fine.