Re: Need some help with SF300-24PP VLAN configuration

flyinjoe13 · ‎03-01-2018

I have a small business that is going thru a little growth and I am upgrading my equipment which is turning out harder than I thought for VLAN setup. What I want to do is very simple, but I am not able to figure it out.

My setup\needs are as follows. I have 19 computers and my cable modem. I have my cable modem attached on port 1. I need to share the internet with all my computers attached to the switch so all 19 need access to port 1. Then I want to keep 10 of the computers in one VLAN and the other 9 in their own VLAN so the two VLANs can't see each other.

Before I expanded, I had a simple 8-port managed switch from Netgear that had a very simple VLAN setup. I could simply create two VLANs and tag the ports that could communicate with each other. For example I could choose one VLAN to share ports 1-4 and the other to share ports 1 and 5-8. This worked perfectly and I never realized that I was getting myself into such trouble with this new switch. I thought they all worked basically the same. That is my fault for not doing my research, but now I am stuck with the SF300-24PP and would like to make it work.

So could someone point me in the right direction on how to configure my VLANs properly on this switch to work the way I described. I have no problems creating the VLANs but I don't know how to configure the ports properly. My biggest problem seems to be when I isolate the nine ports from the other 10, I knock out access to port 1 for one of the VLANs and they lose internet access. Been at it for 2 hours now and can't figure it out.

Thanks a million for any help,

Joe

bdp-cisco · ‎03-01-2018

Since no responses yet-- search for router on a stick" for the proper setup. If you use Layer 3, the two vlans will see each other by automatic routing setup. Then use ACLs to block vlan access to other vlans as needed. This will not affect routing to your internet port, which both of your vlans will still see per your ACL setup.

By 'configuring your ports properly' - set them as access ports with the desired vlan and pvid, Then apply your ACLs to vlans ports directly if you prefer. For me it is faster to apply ACLs to vlans to keep the vlans isolated from each other.

bdp-cisco · ‎03-01-2018

this is the page that helped me get a SG300 working for the first time:

https://www.davemalpass.com/cisco-vlan-setup/

The first couple images that show the use of the command line to switch to layer 3 can be ignored with recent firmware updates. With modern versions, there is a radio button to switch to layer 3 mode on the Administration|System Settings page (L2 or L3 for layer 2 or layer 3).

Get this working then figure out how to apply ACLs.

bdp-cisco · ‎03-01-2018

Also since real vlans typically exist on separate subnets you probably need to config your switch as a DHCP server with appropriate pools for your 2 vlans.

I'm guessing your old switch had some sort of MTU or port-based vlan setup. Those implementations don't qualify as a 'real' vlan setup to networking people, which is what your new switch does so well and makes it so popular. Your SF switch does 802.11q vlans only, and your switch is perfect at easing you into how it all works, take the time to enjoy it as having the GUI will ease you into slowly understand cisco networking.

flyinjoe13 · ‎03-01-2018

Thanks all for the help and advice. I will try and follow everything listed here to see if I can get it all working. I think maybe I bit off more than I can chew on this one and may have to call in a real IT guy. I have been able to do my own IT management up until now, but with the the expansion of my business, this might be too much for me.