Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3454
Views
0
Helpful
13
Replies

Issue to get Vlan communicate on SG300-20

cursisten
Level 1
Level 1

‎03-29-2013 01:39 AM

Hello,

I am facing an issue to setup what I initially called simple network but still unable to put it together.

On SG300-20 I want to setup 4

3 of the vlan are to separate users in to different groups and to secure data confidentiality.

1 is for the NAS.

All users on the 3 vlans must access the NAS vlan.

All user should have access to internet via SG300 through the ISP provided router.

Can someone direct me with how to configure this, please put in mind that I have every little knowledge of switching and routing?

And the routing seems to be the issue I am encountering because I am able to create the VLANs and assign static IP address to them but not able to get them talk to each other. I use each vlan ip as gateway on each port assigned.

Default Vlan 1 IP address 192.168.1.254 255.255.255.0 (port 1)

Vlan 10 IP address 192.168.10.1 255.255.255.0 (ports 2 -7)

Vlan 20 IP address 192.168.20.1 255.255.255.0 (ports 8 -11)

Vlan 30 IP address 192.168.30.1 255.255.255.0 (ports 12 - 15)

Vlan 40 IP address 192.168.40.1 255.255.255.0 (ports 17 - 18)

Thank you for your assistance.

Labels:
0 Helpful
13 Replies 13

bhackbarth
Level 1
Level 1

‎03-29-2013 04:11 AM

Hi Peter,

   First, set up your DHCP server so that your clients on the VLANs will use their respective VLAN IP as their default gateway. So clients on Vlan 20 should be using 192.168.20.1, clients on VLAN 40 sould use 192.168.40.1 as their default gateway and so forth. Next, make sure the switch has an ip default-route pointing to the ISP router. If you need to NAT stuff from the internet onto one of your VLANs, make sure your ISP router has a static route to get to them. For example, to foward port 80 to something on vlan 30, you would have a static route matching 192.168.30.0 255.255.255.0 send it to gateway 192.168.1.254. Then you could create a port forward for port 80 and send it to 192.168.30.x.   Use VLAN1's IP as the gateway for all static routes going into these VLANs. The switch will sort it out and route it to the proper VLAN.

Finally, for any security you need I would look at the IP access list feature.

0 Helpful

cursisten
Level 1
Level 1
In response to bhackbarth

‎03-30-2013 08:51 AM

Hi Brayton,

Apologies for late acknowledgement of your response. I was waiting to execute it and come back with feedback.

I have tried your suggestion on simulation and but I am still not able to do anything on the switch because every time I tried to configure ip address it freezes up.

I upgrade the firmware from 1.2.9.44 to 1.3.0.59 but that did not change anything. I did factory reset many several times still no changes.This is real an issue. Any idea to bypass this hurdle? Thanks

0 Helpful

bhackbarth
Level 1
Level 1
In response to cursisten

‎03-30-2013 02:55 PM

Hi Peter, I and at least one member on this board are having issues with 1.3.0.59. Please set the active image back to 1.2.9.44 and reboot to factory defaults.

Then when it comes up go to Administration, System Settings, and change the System Mode to L3.

Then set a static IP interface for VLAN1. This is also the default managment VLAN. The quickest way here is under "Getting Started" page just click Change Device IP address.

Then create your other VLANs 20, 30, 40. And then assign whatever ports you need be untagged members of their needed VLAN.  For example, if ports ge10 - ge15 need to untagged members of VLAN30 (and ONLY members of VLAN30) you could configure those interfaces as Access ports and then change their membership to VLAN30. These ports have just become exclusive members of vlan30 and they will not need any VLAN tags (most network devices such as workstations don't support tags).

If you do need multiple VLANs to traverse the port, leave the ports as Trunk ports but change the PVID to VLAN30 so that VLAN won't need the tags anymore, but vlans other than 30 will. If however you need VLAN30 to be tagged, do not change the PVID so it remains VLAN1. These are probably not your situation. It sounds to me like you will use Access ports.

Now you just need to define IP addresses for the other VLANs you just created and setup port memberships for. This in turn causes the switch to build a routing table to get data to those VLANs. You can see the routes in the console when you do a show run. When testing, remember that a VLAN ip address will only respond to pings if there is at least one host plugged into that VLAN's member port. Remember to set the switch's default gateway to be the ISP router or you won't have internet access. Also the client PCs will need IP addresses in the subnet for their vlan. So a PC in VLAN30 would have an octet of 192.168.30.x 255.255.255.0 and a default gateway of 192.168.30.1. DNS can remain the ISP router.

0 Helpful

cursisten
Level 1
Level 1
In response to bhackbarth

‎03-31-2013 11:16 PM

Hi Brayton, thanks a lot for your response. What I am trying to do so far is to get the vlan talk to each other after I reversed the firmware as you said and boot to factory image. It still freezes few times but it is bearable till now. The Vlans are still not talking, I checked for the routing table, it looks like the switch is not building it. Kindly check and see what I am doing wrong. Thanks.

Vlan 1 still remain as default.

Vlan 20 - mode access port range 9 -12

Vlan 30 - mode access port range 13-16

Vlan 40 - mode trunk port range 17-18

The rest of the port are on Vlan 1

switch4ba497#sh run

config-file-header

switch4ba497

v1.2.9.44 / R750_NIK_1_2_584_002

CLI v1.0

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 20,30,40

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

bonjour interface range vlan 1

hostname switch4ba497

no passwords complexity enable

username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15

ip telnet server

!

interface vlan 1

no ip address dhcp

!

interface vlan 20

name Le_champ

ip address 192.168.20.1 255.255.255.0

!

interface vlan 30

name Admin

ip address 192.168.30.1 255.255.255.0

!

interface vlan 40

name Data

ip address 192.168.40.1 255.255.255.0

!

interface gigabitethernet1

switchport mode access

!

interface gigabitethernet2

switchport mode access

!

interface gigabitethernet3

switchport mode access

!

interface gigabitethernet4

switchport mode access

!

interface gigabitethernet5

switchport mode access

!

interface gigabitethernet6

switchport mode access

!

interface gigabitethernet7

switchport mode access

!

interface gigabitethernet8

switchport mode access

!

interface gigabitethernet9

switchport mode access

switchport access vlan 20

!

interface gigabitethernet10

switchport mode access

switchport access vlan 20

!

interface gigabitethernet11

switchport mode access

switchport access vlan 20

!

interface gigabitethernet12

switchport mode access

switchport access vlan 20

!

interface gigabitethernet13

switchport mode access

switchport access vlan 30

!

interface gigabitethernet14

switchport mode access

switchport access vlan 30

!

interface gigabitethernet15

switchport mode access

switchport access vlan 30

!

interface gigabitethernet16

switchport mode access

switchport access vlan 30

!

interface gigabitethernet17

switchport trunk native vlan 40

!

interface gigabitethernet18

switchport trunk native vlan 40

!

switch4ba497# switch4ba497#sh run
config-file-header
switch4ba497
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 20,30,40
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switch4ba497
no passwords complexity enable
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15
ip telnet server
!
interface vlan 1
no ip address dhcp
!
interface vlan 20
name Le_champ
ip address 192.168.20.1 255.255.255.0
!
interface vlan 30
name Admin
ip address 192.168.30.1 255.255.255.0
!
interface vlan 40
name Data
ip address 192.168.40.1 255.255.255.0
!
interface gigabitethernet1
switchport mode access
!
interface gigabitethernet2
switchport mode access
!
interface gigabitethernet3
switchport mode access
!
interface gigabitethernet4
switchport mode access
!
interface gigabitethernet5
switchport mode access
!
interface gigabitethernet6
switchport mode access
!
interface gigabitethernet7
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
switchport mode access
switchport access vlan 20
!
interface gigabitethernet10
switchport mode access
switchport access vlan 20
!
interface gigabitethernet11
switchport mode access
switchport access vlan 20
!
interface gigabitethernet12
switchport mode access
switchport access vlan 20
!
interface gigabitethernet13
switchport mode access
switchport access vlan 30
!
interface gigabitethernet14
switchport mode access
switchport access vlan 30
!
interface gigabitethernet15
switchport mode access
switchport access vlan 30
!
interface gigabitethernet16
switchport mode access
switchport access vlan 30
!
interface gigabitethernet17
switchport trunk native vlan 40
!
interface gigabitethernet18
switchport trunk native vlan 40
!
switch4ba497#

switch4ba497#sh interfaces status

                                             Flow Link          Back   Mdix

Port     Type         Duplex  Speed Neg      ctrl State       Pressure Mode

-------- ------------ ------  ----- -------- ---- ----------- -------- -------

gi1      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On

gi2      1G-Copper      --      --     --     --  Down           --     --

gi3      1G-Copper      --      --     --     --  Down           --     --

gi4      1G-Copper      --      --     --     --  Down           --     --

gi5      1G-Copper      --      --     --     --  Down           --     --

gi6      1G-Copper      --      --     --     --  Down           --     --

gi7      1G-Copper      --      --     --     --  Down           --     --

gi8      1G-Copper      --      --     --     --  Down           --     --

gi9      1G-Copper      --      --     --     --  Down           --     --

gi10     1G-Copper      --      --     --     --  Down           --     --

gi11     1G-Copper    Full    100   Enabled  Off  Up          Disabled On

gi12     1G-Copper      --      --     --     --  Down           --     --

gi13     1G-Copper      --      --     --     --  Down           --     --

gi14     1G-Copper      --      --     --     --  Down           --     --

gi15     1G-Copper    Full    1000  Enabled  Off  Up          Disabled On

gi16     1G-Copper      --      --     --     --  Down           --     --

gi17     1G-Copper    Full    100   Enabled  Off  Up          Disabled Off

gi18     1G-Copper      --      --     --     --  Down           --     --

gi19     1G-Combo-C     --      --     --     --  Down           --     --

gi20     1G-Combo-C     --      --     --     --  Down           --     --

switch4ba497#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP

C  192.168.1.0/24     is directly connected                        vlan 1
C  192.168.20.0/24    is directly connected                        vlan 20
C  192.168.30.0/24    is directly connected                        vlan 30
C  192.168.40.0/24    is directly connected                        vlan 40

switch4ba497#sh interfaces status
                                             Flow Link          Back   Mdix
Port     Type         Duplex  Speed Neg      ctrl State       Pressure Mode
-------- ------------ ------  ----- -------- ---- ----------- -------- -------
gi1      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On
gi2      1G-Copper      --      --     --     --  Down           --     --
gi3      1G-Copper      --      --     --     --  Down           --     --
gi4      1G-Copper      --      --     --     --  Down           --     --
gi5      1G-Copper      --      --     --     --  Down           --     --
gi6      1G-Copper      --      --     --     --  Down           --     --
gi7      1G-Copper      --      --     --     --  Down           --     --
gi8      1G-Copper      --      --     --     --  Down           --     --
gi9      1G-Copper      --      --     --     --  Down           --     --
gi10     1G-Copper      --      --     --     --  Down           --     --
gi11     1G-Copper    Full    100   Enabled  Off  Up          Disabled On
gi12     1G-Copper      --      --     --     --  Down           --     --
gi13     1G-Copper      --      --     --     --  Down           --     --
gi14     1G-Copper      --      --     --     --  Down           --     --
gi15     1G-Copper    Full    1000  Enabled  Off  Up          Disabled On
gi16     1G-Copper      --      --     --     --  Down           --     --
gi17     1G-Copper    Full    100   Enabled  Off  Up          Disabled Off
gi18     1G-Copper      --      --     --     --  Down           --     --
gi19     1G-Combo-C     --      --     --     --  Down           --     --
gi20     1G-Combo-C     --      --     --     --  Down           --     --

switch4ba497#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP

C  192.168.1.0/24     is directly connected                        vlan 1
C  192.168.20.0/24    is directly connected                        vlan 20
C  192.168.30.0/24    is directly connected                        vlan 30
C  192.168.40.0/24    is directly connected                        vlan 40

0 Helpful

cursisten
Level 1
Level 1
In response to cursisten

‎04-01-2013 02:14 AM

Hi Brayton, i have a good news. My vlans are now communicating with each other.

But i am still battling with internet access. Paste below my config to let you clear view of what i now have here.

I addedd vlan2 to interface with my ISP router because i will like to leave Vlan1 only for management.


switch4ba497#sh run
config-file-header
switch4ba497
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 2,10,20,30,40
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switch4ba497
no passwords complexity enable
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15
ip telnet server
!
interface vlan 1
ip address 192.168.1.254 255.255.255.0
no ip address dhcp
!
interface vlan 2
name Service
ip address 192.168.2.1 255.255.255.0
!
interface vlan 10
name Studio
!
interface vlan 20
name Le_champ
ip address 192.168.20.1 255.255.255.0
!
interface vlan 30
name Admin
ip address 192.168.30.1 255.255.255.0
!
interface vlan 40
name Data
ip address 192.168.40.1 255.255.255.0
!
interface gigabitethernet1
switchport mode access
!
interface gigabitethernet2
switchport mode access
!
interface gigabitethernet3
switchport mode access
!
interface gigabitethernet4
switchport mode access
!
interface gigabitethernet5
switchport mode access
!
interface gigabitethernet6
switchport mode access
!
interface gigabitethernet7
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
switchport mode access
switchport access vlan 20
!
interface gigabitethernet10
switchport mode access
switchport access vlan 20
!
interface gigabitethernet11
switchport mode access
switchport access vlan 20
!
interface gigabitethernet12
switchport mode access
switchport access vlan 20
!
interface gigabitethernet13
switchport mode access
switchport access vlan 30
!
interface gigabitethernet14
switchport mode access
switchport access vlan 30
!
interface gigabitethernet15
switchport mode access
switchport access vlan 30
!
interface gigabitethernet16
switchport mode access
switchport access vlan 30
!
interface gigabitethernet17
switchport trunk native vlan 40
!
interface gigabitethernet18
switchport trunk native vlan 40
!
interface gigabitethernet19
switchport trunk native vlan 2
!
interface gigabitethernet20
switchport trunk native vlan 2
!
ip route 192.168.1.0 255.255.255.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 192.168.1.1
switch4ba497#sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
1           1                 gi1-8,Po1-8           Default      Required
2        Service                gi19-20              static      Required
10       Studio                                      static      Required
20      Le_champ                gi9-12               static      Required
30        Admin                 gi13-16              static      Required
40        Data                  gi17-18              static      Required

switch4ba497#sh int status
                                             Flow Link          Back   Mdix
Port     Type         Duplex  Speed Neg      ctrl State       Pressure Mode
-------- ------------ ------  ----- -------- ---- ----------- -------- -------
gi1      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On
gi2      1G-Copper      --      --     --     --  Down           --     --
gi3      1G-Copper      --      --     --     --  Down           --     --
gi4      1G-Copper      --      --     --     --  Down           --     --
gi5      1G-Copper      --      --     --     --  Down           --     --
gi6      1G-Copper      --      --     --     --  Down           --     --
gi7      1G-Copper      --      --     --     --  Down           --     --
gi8      1G-Copper      --      --     --     --  Down           --     --
gi9      1G-Copper      --      --     --     --  Down           --     --
gi10     1G-Copper    Full    100   Enabled  Off  Up          Disabled On
gi11     1G-Copper      --      --     --     --  Down           --     --
gi12     1G-Copper      --      --     --     --  Down           --     --
gi13     1G-Copper      --      --     --     --  Down           --     --
gi14     1G-Copper      --      --     --     --  Down           --     --
gi15     1G-Copper    Full    1000  Enabled  Off  Up          Disabled On
gi16     1G-Copper      --      --     --     --  Down           --     --
gi17     1G-Copper    Full    100   Enabled  Off  Up          Disabled Off
gi18     1G-Copper      --      --     --     --  Down           --     --
gi19     1G-Combo-C   Full    1000  Enabled  Off  Up          Disab


switch4ba497#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP

C  192.168.1.0/24     is directly connected                        vlan 1
S  192.168.1.0/24     [1/1] via 192.168.1.1 Backup Not Active
C  192.168.2.0/24     is directly connected                        vlan 2
S  192.168.2.0/24     [1/1] via 192.168.1.1 Backup Not Active
C  192.168.20.0/24    is directly connected                        vlan 20
C  192.168.30.0/24    is directly connected                        vlan 30
C  192.168.40.0/24    is directly connected                        vlan 40

led On
gi20     1G-Combo-C     --      --     --     --  Down           --     --

switch4ba497#

0 Helpful

bhackbarth
Level 1
Level 1
In response to cursisten

‎04-01-2013 02:25 AM

Hi Peter,

   I originally read the first config and made a response on that but then as I read more thouroughly I saw that you have a second config posted that addressed what I was going to talk about. So from your second config, I see some ip routes pointing to 192.168.1.1.  I'm going to guess that is your ISP router.  Let's delete those routes, and instead in the config enter:

config t

ip default-gateway 192.168.1.1

Remember to delete those ip routes going to 192.168.1.1, that will mess up the VLAN routing and all requests to internet will be handled thanks to the ip default-gateway command. I originally mis-spoke about the routes showing up in sh run, what I remembered was sh ip route which you correctly used.

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to cursisten

‎04-03-2013 09:59 AM

Hello Peter,

I tested latest MR 1.3.0.59 and all works as expected.

Please note one important thing that for internet access ISP router needs static routes to send traffic back to all VLANs via 192.168.1.254 switch interface.

Please find below your configuration tested in lab and works as expected:

test#show startup-config

config-file-header

test

v1.3.0.59 / R750_NIK_1_3_647_260

CLI v1.0

set system mode router

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 2,10,20,30,40

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

bonjour interface range vlan 1

hostname test

no passwords complexity enable

username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15

ip telnet server

!

interface vlan 1

ip address 192.168.1.254 255.255.255.0

no ip address dhcp

!

interface vlan 2

name Service

ip address 192.168.2.1 255.255.255.0

!

interface vlan 10

name Studio

!

interface vlan 20

name Le_champ

ip address 192.168.20.1 255.255.255.0

!

interface vlan 30

name Admin

ip address 192.168.30.1 255.255.255.0

!

interface vlan 40

name Data

ip address 192.168.40.1 255.255.255.0

!

interface gigabitethernet1

switchport mode access

!

interface gigabitethernet2

switchport mode access

!

interface gigabitethernet3

switchport mode access

!

interface gigabitethernet4

switchport mode access

!

interface gigabitethernet5

switchport mode access

!

interface gigabitethernet6

switchport mode access

!

interface gigabitethernet7

switchport mode access

!

interface gigabitethernet8

switchport mode access

!

interface gigabitethernet9

switchport mode access

switchport access vlan 20

!

interface gigabitethernet10

switchport mode access

switchport access vlan 20

!

interface gigabitethernet11

switchport mode access

switchport access vlan 20

!

interface gigabitethernet12

switchport mode access

switchport access vlan 20

!

interface gigabitethernet13

switchport mode access

switchport access vlan 30

!

interface gigabitethernet14

switchport mode access

switchport access vlan 30

!

interface gigabitethernet15

switchport mode access

switchport access vlan 30

!

interface gigabitethernet16

switchport mode access

switchport access vlan 30

!

interface gigabitethernet17

switchport mode access

switchport access vlan 40

!

interface gigabitethernet18

switchport mode access

switchport access vlan 40

!

interface gigabitethernet19

switchport mode access

switchport access vlan 2

!

interface gigabitethernet20

switchport mode access

switchport access vlan 2

!

exit

ip default-gateway 192.168.1.1

test#

0 Helpful

mrsystemengineer
Level 1
Level 1
In response to Aleksandra Dargiel

‎04-07-2013 12:06 AM

Hi guys,

i also same issue but little bit change.

I have two sf300 and created vlan and each other connected to on trunk port.  I connected 1 internet modem in vlan and all users from vlan can access internet but they will not communicate with other vlan which i was created.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.02.20 14:46:48 =~=~=~=~=~=~=~=~=~=~=~=

sh run

config-file-header

SW1

v1.2.7.76 / R750_NIK_1_2_584_002

CLI v1.0

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 2-8

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

[0mMore: ,  Quit: q or CTRL+Z, One line:

voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp relay address 10.1.6.251

ip dhcp relay enable

ip dhcp information option

bonjour interface range vlan 1

hostname SW1

!

interface vlan 1

ip address 10.1.1.250 255.255.255.0

no ip address dhcp

ip dhcp relay enable

!

interface vlan 2

name FLAN

ip address 10.1.2.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 3

name GLAN

ip address 10.1.3.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 4

name CLAN

ip address 10.1.4.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 5

name TLAN

ip address 10.1.5.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 6

name SLAN

ip address 10.1.6.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 7

name MLAN

ip address 10.1.7.250 255.255.255.0

ip dhcp relay enable

!

interface vlan 8

ip address 10.1.8.1 255.255.255.0

!

interface fastethernet1

switchport mode access

Description INTERNET_MODEM  ----------------->  Internet Modem and Act as dhcp for vlan 1 users

!

interface fastethernet2

switchport mode access

!

interface fastethernet3

switchport mode access

!

interface fastethernet4

switchport mode access

!

interface fastethernet5

switchport mode access

!

interface fastethernet6

switchport mode access

!

interface fastethernet7

switchport mode access

!

interface fastethernet8

switchport mode access

!

interface fastethernet9

switchport mode access

switchport access vlan 2

!

interface fastethernet10

switchport mode access

switchport access vlan 2

!

interface fastethernet11

switchport mode access

switchport access vlan 2

!

interface fastethernet12

switchport mode access

switchport access vlan 2

!

interface fastethernet13

switchport mode access

switchport access vlan 2

!

interface fastethernet14

switchport mode access

switchport access vlan 3

!

interface fastethernet15

switchport mode access

switchport access vlan 3

!

interface fastethernet16

switchport mode access

switchport access vlan 3

!

interface fastethernet17

switchport mode access

switchport access vlan 3

!

interface fastethernet18

switchport mode access

switchport access vlan 4

!

interface fastethernet19

switchport mode access

switchport access vlan 4

!

interface fastethernet20

switchport mode access

switchport access vlan 4

!

interface fastethernet21

switchport mode access

switchport access vlan 4

!

interface fastethernet22

switchport mode access

switchport access vlan 4

!

interface fastethernet23

switchport mode access

switchport access vlan 4

!

interface fastethernet24

switchport mode access

switchport access vlan 4

!

interface fastethernet25

switchport mode access

switchport access vlan 4

!

interface fastethernet26

switchport mode access

switchport access vlan 4

!

interface fastethernet27

switchport mode access

switchport access vlan 4

!

interface fastethernet28

switchport trunk native vlan 5

!

interface fastethernet29

switchport trunk native vlan 5

!

interface fastethernet30

switchport trunk native vlan 5

!

interface fastethernet31

switchport trunk native vlan 5

!

interface fastethernet32

switchport trunk native vlan 5

!

interface fastethernet33

switchport trunk native vlan 5

!

interface fastethernet34

switchport trunk native vlan 5

!

interface fastethernet35

switchport trunk native vlan 5

!

interface fastethernet36

switchport trunk native vlan 5

!

interface fastethernet37

switchport trunk native vlan 5

!

interface fastethernet38

[0mMore: ,  Quit: q or CTRL+Z, One line:

switchport trunk native vlan 5

!

interface fastethernet39

switchport trunk native vlan 5

!

interface fastethernet40

switchport trunk native vlan 5

!

interface fastethernet41

switchport trunk native vlan 5

!

interface fastethernet42

switchport trunk native vlan 5

!

interface fastethernet43

switchport trunk native vlan 5

!

interface fastethernet44

switchport trunk native vlan 5

!

interface fastethernet45

switchport trunk native vlan 5

[0mMore: ,  Quit: q or CTRL+Z, One line:

!

interface fastethernet46

switchport trunk native vlan 5

!

interface fastethernet47

ip dhcp relay enable

switchport mode access

switchport access vlan 7

!

interface fastethernet48

description DHCP_SERVER   -------->  On this port router connected for intervlan routing and act as DHCP Server also.

ip dhcp relay enable

switchport trunk allowed vlan add 2-5,7-8

switchport trunk native vlan 6

switchport default-vlan tagged

!

interface gigabitethernet1

switchport mode access

switchport access vlan 4

!

interface gigabitethernet2

switchport mode access

switchport access vlan 5

!

interface gigabitethernet4                      -----------------> This port connected to SW2

switchport trunk allowed vlan add 2-5,7-8

switchport trunk native vlan 6

switchport default-vlan tagged

!

SW1#

The problem is that from vlan 1 users are not communicate with other vlan 2,3,4,5,6,7.  Anybody can help me in this issue.

thanks

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to mrsystemengineer

‎04-10-2013 02:38 AM

Hello Mrsysemengineer,

Our SG300-20 is acting as a router in between VLANs on your network, In this case you have to ensure that the default gateway for each VLAN is the switch interface and not the internet gateway as it is limited to 1 VLAN only.

To send traffic to your gateway you will have to set static route on our switch such as 0.0.0.0 mask 0.0.0.0 via 10.1.6.251 (internet gateway).

This should work on condition that your DHCP server (located in VLAN 6 IP 10.1.6.251) is able to assign different pool for different VLAN checking the giaddr or source interface IP address and assigning switch interface IP address as a router/default gateway. Unless you have static IP addresses assignment.

Regards,

Aleksandra Dargiel

0 Helpful

mrsystemengineer
Level 1
Level 1
In response to Aleksandra Dargiel

‎04-10-2013 03:10 AM

Hi aleksandra, 

   Thanks for your email, as per your email i need to make dhcp on router and put static route in 2 switches to router 10.1.6.254 right then i can access all vlans & default gateway svi interface ip created on sf300 switch, and pool coming from 827 router

Thanks

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to mrsystemengineer

‎04-10-2013 04:41 AM

Hi Mrsystemengineer,

Yes but also 827 needs to be aware that the other VLANs/subnets are located on the switch so static routes for each respective VLAN pointing out switch VLAN 6 interface.

But it really depends on which device is doing the whole routing on your network.

I guess you would need only one layer 3 device.

If this would be our SG300 then the basic concept is that the switch is doing routing and you have to forward all "internet" requests to your NAT device but also you have to make 827 router to be aware of the other VLANs/subnets, that they are located on LAN site of this router.

So to summarize:

1. one switch acting as layer 3 would be enough the other switch one can have only trunk to the main layer 3 switch and between layer 3 switch and router only access port

2. for all devices default gateway should be this layer 3 switch respective VLAN interface

3. layer 3 switch would have static IP route (default gateway route) such as 0.0.0.0 mask 0.0.0.0 via 827 LAN interface

4. 827 would also have several static routes such as VLAN2 subnet is accessible via switch VLAN 6 IP address

I am not sure if I did not miss something but I saw some inconsistency on the configuration as your DHCP relay device has 10.1.6.251 IP address and this is VLAN 6 subnet while 827 router is on VLAN 1 and router itself is connected to port fe48 which is trunk.

Regards,

Aleksandra Dargiel

0 Helpful

mrsystemengineer
Level 1
Level 1
In response to Aleksandra Dargiel

‎04-10-2013 05:37 AM

Dear Dargiel,

         Really i appreciate your support and thank for that.  Please my attached configuration which i was done but still vlan 1 not communicate with vlan 3,4,5,6,7.

SW1= with vlan1,2,3,4,5,6,7 with ip address 10.1.x.0/24 10.1.y.0/24 and go one  x=1,y=2,z=3.  gi4 trunk port to allow all vlans

SW2 = only vlan and gi4 trunkport to all vlans

827 Router e0/0 connected to SW1-fa0/48  -----> i make trunk port to allowed all vlan (I need to make access port in vlan 6, i will do and test.)

SW1 on port1 connected to Internet modem ----> This port in vlan_1, and this vlan 1 users getting ip from this modem that why they will not see other vlans, YES.  For this i need to make dhcp on 827 router and default gateway for user will be svi ip address of SW1 and i need one static route in SW1 0.0.0.0 0.0.0.0 ip address of 827e0/0 router. 

Question:-  I need put any static route in 827 Router toward SW1 and SW2 ip address or each vlan ip address (SVI ip address)?

                what about internet modem, i need any static route in SW or 827 router towards internet modem or not?

see the attached configuration.

Really thank for your valuable support.

regards

Preview file
158 KB
0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to mrsystemengineer

‎04-10-2013 07:12 AM

Hi Mrsystemengineer,

Thank you for the topology. Much easier now :-)

Answers:

1. 827 router should have static routes for each VLAN respective IP addresses of SW1 only

2. internet modem - this is your internet gateway for all VLANs, if so router 827 is the DHCP server only? I am sorry I did not notice this before

if this is the case then the default route on the switch should be towards modem (the same for static routes to each VLAN configured on the modem) rather than 827 router.

And 827 router DHCP server should be assigning switch interfaces as a default gateway only and responding to DHCP relay unicast.

Is there anything else you need this router for?

Regards,

Aleksandra Dargiel

0 Helpful
Customers Also Viewed These Support Documents