Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
4
Replies

need some help in setting up a small home network

JARCIC9
Level 1
Level 1

‎04-10-2018 10:21 PM - edited ‎03-21-2019 11:23 AM

Hi, I need some help in setting up a small home network
I am trying to secure and setup a basic secured home network to  learn. It
would really be greatly appreciated for any help on this.

I have been reading these forums which seem to be a good source
besides youtube, etc but have been struggling in setting up the config via CLI.

I am looking to basically configure the Setup of the Cisco SG300 and what commands to use.

 

I have the following network devices:
1 cable modem
1 Cisco SG300 10 port managed switch
1 home built IP Fire device (4 NICS) (Intel NUC I3 4 ports)
1 unmanaged POE switch
1 WiFI ISP router

 

IPFire Device whitebox setup ( to be connected to the CIsco SG300)

Red port- To internet -> ISP Router

Green port- to private network

Blue port - to WAP(ISP Router)

DMZ- Orange port to Regular pc

 

Here is how I was thinking to set it up.
Basically, I want to have the IPfire device as my firewall connected to my ISP cable modem to(Red Port), than coming in from the IPfire device green port(Private lan) going to a port on my Cisco SG300 . 


I want to than have a port on my Cisco SG300 that connects to my 
unmanaged poe switch that hosts my  IP Cams. Than configure a few ports for 2 VMware ESXI hosts, and 1 or 2 pc's on that switch. 


Example of what i was thinking

Cisco SG300

VLAN 10(Management IP of CISCO SG300)  192.168.1.2 int gi0/10

VLAN 20(ESXI)                  10.10.70.1 int gi0/1 gi0/2

VLAN 30(storage)              10.10.80.1 int gi0/3

VLAN 40(IP CAM)              10.10.90.1 int gi0/5  going to unmanaged POE switch that hosts 5 ports of CAMS on unmanaged device


I have 5 cameras on the unmanaged POE switch.

I basically am looking to make my home network more secure by implementing the firewall to be the IDS, and than have my Cisco Sg300 behind that and my WAP router behind the Cisco SG300 and the unmanaged POE switch for my cams connected to my Cisco SG300 as well.

 

 

My Questions:

It is said with the IPfire firewall device should be connected from the NIC(Green port) to be the link to connect your Private LAN. If that is the case, if the port that connects from the IPfire devices green port that connects to the CiscoSG300 say port 1, does that have to be configured as a trunk port or does that act as an uplink port to all the ports on the CIsco SG300? This is where some of my confusion is?

Can i have 2 interface ports in the same vlan? Say Interface gi01 & gi02 in vlan 20?

Does VLAN's get assigned an IP, but if thats the case and you want 2 interfaces in that same vlan how is that configured?


Another question: If  port 3 on the cisco SG300 is connected to the unmanaged switch would that be configured as an access port or trunk? Or does that server as an uplink? How is that configured?

 

Will I need to setup my Cisco SG300 as a L2 or L3 device, because I will need static routes going to the IPfire device since I will have multiple VLAN's setup on my CIsco SG300 switch.?

 

Any help would be appreciated on how to configure this, or someone type out a mock up of the commands to get to this configuration and I will take it from there.

 

 

Labels:
0 Helpful
4 Replies 4

Lee Cox
Level 2
Level 2

‎04-11-2018 03:53 PM

You are going to need a layer 3 device to route local traffic for multiple VLANs.  Using SG300-10 in layer 3 mode would work but is complicated.  So the port to connect your SG300-10 layer 3 switch to your IP fire device you would use an access port.  You need to figure out where DHCP is going to run on the layer 3 switch or IP fire. Will IP fire support multiple DHCP scopes for different networks.

 

You can configure an access port in VLAN1 connect your IP fire device that way and not use VLANs.  Just run everything in VLAN1. Use all access ports defined to VLAN1

 

 

0 Helpful

JARCIC9
Level 1
Level 1
In response to Lee Cox

‎04-11-2018 06:08 PM

Chris

 

Thank you for replying, really appreciate it,

I am a total newb as you can see.

I was going to use all static IP's for local traffic, but I like where you are going with this. I was going to ask if I can just use static routes and keep the Cisco SG300 at L2 mode? I am sure that is more complicated

 

 

0 Helpful

Lee Cox
Level 2
Level 2
In response to JARCIC9

‎05-10-2018 06:47 PM

I guess you know at L2 mode you need an L3 device to route between IP networks. If you don't use your switch it will need to be your firewall.  So you would use a trunk port to your firewall so it can route.

0 Helpful

JARCIC9
Level 1
Level 1
In response to Lee Cox

‎05-10-2018 06:54 PM

Can you look at VlANs as gateway IPs for each VLAN port? Would you be able
to provide the CLI commands to setup the Ciscosg300 for the diagram goal
below?
Here is my setup

0 Helpful
Customers Also Viewed These Support Documents