Need help to configure SG300-28 switch

mansat_john · ‎07-16-2012

I have an SG300 switch that I need help to configure.

Here is what I am attempting to set-up:

Switch #1 (Production) - Cisco SG300-28 managed switch

2 - Mac workstations - group A - priority 1

3 - Mac workstations - group B - priority 2

2 - PC worksations - group B - priority 2

4 - Mac workstations - group C - restrict access to servers

1 - Apple Xserve with 2 network connections

1 - Xerox printer

1 - Large format printer

1 - Wifi access point

Switch #2 (Admin) - 100 BaseT Lynksys switch unmanaged switch

6 - PC workstations

1 - Windows 2008 R2 server

1 - Windows 2003 server

1 - Filemaker server

1 - web server

1 - Xerox printer

1 - wifi access point

Internet router is connected to the SG300 via Switch #2

Where do I start?

Tom Watts · ‎07-16-2012

Hello John, depending on your firewall capability here is a basic idea of your network.

This write up is assuming (1) Your firewall understands vlans (2) Group a is vlan 1, group b is vlan 2, group c is vlan 3. (3) The switches will remain in layer 2.

The trunk between the firewall and switch.

config t

vlan database

vlan 2,3

interface fa1

switchport mode trunk

switchport trunk allowed vlan add 2,3

The trunk between switch #1 and switch #2 also the same

config t

interface fa2

switchport mode trunk

switchport trunk allowed vlan add 2,3

This configuration will give intervlan communication and allow all traffic to traverse the single wire between devices. The devices in Group A (VLAN1), a computer should be configured as access port.

config t

interface fa3

switchport mode access

Devices in Group B (vlan 2) should also be configured as access port

config t

interface fa4

switchport mode access

switchport access vlan 2

Devices in Group C (vlan 3) should also be configured as access port

config t

interface fa5

switchport mode access

switchport access vlan 3

These examples lay your basic framework. Now, if you have your DHCP server that is not the router, this port needs to be configured to allow all traffic as well. Whatever port connects the DHCP server should as follows

config t

interface fa6

switchport mode trunk

switchport trunk allowed vlan add 2,3

Your access point will also require a trunk port depending what you're doing. If you would like to service all vlans, the port for the AP should also be as follows then the AP of course needs the VLAN ID configured for the SSID.

config t

interface fa7

switchport mode trunk

switchport trunk allowed vlan add 2,3

This should cover everything your network consists for examples. The last part of configuration will be the access lists. Depending where you put devices, and how you want to limit traffic, the best place to apply the access lists will be to the trunk links connecting devices. All requests on a layer 2 network will send the request to the router then the router will forward to the destination.

This means you can apply the access list to the uplink to the router or the link between switches, depending where the resources are. The appropriate placement is very important because all traffic is inspected by the access list.

Once you get the network sorted out, we can iron out a couple access list examples.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mansat_john · ‎07-17-2012

Thanks Thomas. I will try this set-up and report back with issues.

John