Solved: Thank you both for taking the

AndrewL · ‎10-18-2015

Hi

First I want to say I am not a native English speaker and I'd apologized for grammatical mistakes that my text might contain. Thank you for your understanding.

My equipement : Switch SG300-10 , setup on layer 3

Here my configuration:

vlan 2-4,100
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
loopback-detection enable
bonjour interface range vlan 1
ip ssh server
clock timezone " " -4
!
interface vlan 1
ip address 10.10.0.52 255.255.255.0
ip address 10.10.1.1 255.255.255.0
no ip address dhcp
!
interface vlan 2
name "XXXX"
ip address 10.10.2.1 255.255.255.0
!
interface vlan 3
name XXXX
ip address 10.10.3.1 255.255.255.0
!
interface vlan 4
name XXXX
ip address 10.10.4.1 255.255.255.0
!
interface gigabitethernet1
loopback-detection enable
description "WAN SEGMENT"
ip address 10.10.0.253 255.255.255.252
switchport mode access
!
interface gigabitethernet2
loopback-detection enable

switchport mode access
!
interface gigabitethernet3
loopback-detection enable
switchport mode access
!
interface gigabitethernet4
loopback-detection enable
switchport mode access
!
interface gigabitethernet5
loopback-detection enable
switchport mode access
!
interface gigabitethernet6
loopback-detection enable
switchport mode access
!
interface gigabitethernet7
loopback-detection enable
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
description WiFi
switchport mode access
!
interface gigabitethernet10
switchport mode access
!
interface loopback 1
ip address 10.10.10.10 255.255.255.0
!
exit *

macro auto processing type host enabled
ip default-gateway 10.10.0.254
ip route 10.10.1.0 /24 10.10.0.254
ip route 10.10.2.0 /24 10.10.0.254
ip route 10.10.3.0 /24 10.10.0.254
ip route 10.10.4.0 /24 10.10.0.254

What I am trying to archive :

I have 4 vlans

port 1 : no vlan associated IP adress : 10.10.0.253/30 facing router 10.10.0.254

10.10.1.x/24, port 2-7

10.10.2.x/24, port 8

10.10.3.x/24, port 9

10.10.4.x/24, port 10

I want to enable inter-vlan routing, and want the traffic to pass thought port 1 to reach the internet

Here my Issue/Question :

Question 1 : When I connect my port 1(10.10.0.253) to my router(10.10.0.254) and another host(10.10.3.x) on port 7 and trying to access to the internet I am not able. When I do a traceroute my packet die in the switch not going to the router. If I change the port example 1 to 2 I am able to reach the internet. My question is why I am not able to make it work thought the port 1?

Question 2 : I want to setup the management IP address on a loopback that can be reach by any port on the switch how can I archive that?

I you need more information I will be glad to provide them just ask them

Thanks

Michael Swenson · ‎10-26-2015

Hello,

For the Layer 3 switch to do the routing, you would need to make sure the default gateway assigned to the Client PC is the VLAN IP of that Vlan. 10.10.1.1 for VLan 1. 10.10.2.1 for VLan 2...

Next make sure you have a default route on the SG300

0.0.0.0 0.0.0.0 10.10.0.254

Finally on your router make sure you have static routes to the SG300

10.10.1.0/24 to 10.10.0.253

10.10.2.0/24 tp 10.10.0.253

for all VLans

Hope this helps,

View solution in original post

Michal Bruncko · ‎10-19-2015

there are several issues with your configuration:

Small business switches does NOT support routed ports. This means that your configuration of "Port 1" is not fully valid. Port 1 according your config is still a part of default VLAN (VLAN 1). This also means that you should create dedicated VLAN for your transit link toward uplink device and configure address "10.10.0.253/30" under "interface vlan" section instead and finally assign "Port 1" to this new VLAN (switchport access vlan XXX).
your default-routing configuration is not really correct. Command "ip default-gateway 10.10.0.254" makes sense only if switch is L2 mode. To configure default gateway in L3 mode you should use "ip route 0.0.0.0 0.0.0.0 10.10.0.254" instead.
Lastly following static routes:

ip route 10.10.1.0 /24 10.10.0.254
ip route 10.10.2.0 /24 10.10.0.254
ip route 10.10.3.0 /24 10.10.0.254
ip route 10.10.4.0 /24 10.10.0.254

are wrong. They all should be automatically created as "directly connected" as your switch is hosting SVI interfaces with IP addresses per each VLAN.

once you fix all those issues your communication toward internet should be restored.

Regards second question:

you can simply create loopback interface and assign address you wanted to use for this switch. example:

int loopback 1
ip address 172.16.255.1 255.255.255.255
exit

> "that can be reach by any port on the switch"

this will work only in case that your switch will stand like default gateway for any directly attached device.

Michael Swenson · ‎10-19-2015

interface gigabitethernet1 is a routed port and setup correctly.

10.10.0.52 is in the same subnet as your point to point uplink to your router and should be remove from Vlan 1. "N0 ip address 10.10.0.52 255.255.255.0"

interface vlan 1
ip address 10.10.0.52 255.255.255.0
ip address 10.10.1.1 255.255.255.0
no ip address dhcp

The static routes are not needed on the L3 switch. These routes are needed on you upstream router so it knows how to get these subnets back to the SG300. Routes needed on the upstream router.

ip route 10.10.1.0 /24 10.10.0.253
ip route 10.10.2.0 /24 10.10.0.253
ip route 10.10.3.0 /24 10.10.0.253
ip route 10.10.4.0 /24 10.10.0.253

The default route is needed on the SG300."ip route 0.0.0.0 0.0.0.0 10.10.0.254"

Michal Bruncko · ‎10-19-2015

Michael, I don’t believe that SG switches (or neither else from SMB family) supports pure routed ports. Please point me to any documentation about contrary. I didn't found anything.

My arguments:

you can't achieve command "no switchport" similar on enterprise class catalyst switches
you still can see "switchport mode access" in configuration which points me again that we are talking about switched port, not routed port.
in SMB 300 switches command reference there is only single note regards to "ip address" command issued under interface context: "If the IP address is configured in Interface context, the IP address is bound to the interface in that context." - for me there is only outcome from this sentence: if you assign ip address directly to physical interface instead of VLAN, then that address could get unreachable once physical port transits into DOWN state, that's all.

And you can always test and check whether:

STP, GVRP, LLDP, CDP protocols are running over that "routed" port (using corresponding "show" commands)
switchport configuration is still applied using "show interfaces switchport GigabitEthernet 1"

..to confirm/refuse my statements. Unfortunately I can't test it by myself as all my managed SG switches are running in L2 mode.

The only thing with what I can agree with you is statement about routing from upstream device (router) toward switch for VLANs 1-4 which I forgot to mention.

AndrewL · ‎10-19-2015

Thank you both for taking the time to answer my question, Micheal could you confirm the information that you wrote on your previous post because I think Michal brings an interesting argument. ( No offense I just want to make sure I getting the right information.)

Regarding my second point I have not been specific enough, I want to use the loopback IP to get access to the GUI can I do that ? If is possible how do I proceed with the CLI ?

If not how do I attribute a new specific IP to the GUI that can be use by my internet browser. When I setup a IP do I have to use a specific port ?

Please note that IP address 10.10.0.52 255.255.255.0 was provided by DHCP given by my router to manage my switch thought the GUI interface since my router was connected with a RJ45 before I switch it to the serial port interface.

thanks both of you for helping me out.

Michal Bruncko · ‎10-20-2015

regards to your second question. for me using and defining management IPs for those switches wasn't clear at all. Configuration of IP addresses for SVI VLAN interfaces and management interfaces are in same place and there is no obvious way how to define which one has to be for management purposes only.

but now I found this: "Be careful, because the first static address you set on the switch automatically becomes the management IP address of the switch. It is possible to lock yourself out and have to reset by setting a the first static on a VLAN you haven't assigned to any ports. You can tell when it is using a static address because the system light will stay solid." here.

for me that means:

you have to connect to your switch via console
remove all IP addresses assigned to all intefaces (any kind)
create loopback interface and define IP address (as first defined IP on switch)
create another VLAN 1-4 SVI interfaces with corresponding IPs
try to connect to your loopback IP from network from VLAN 1-4

AndrewL · ‎10-23-2015

Here my new configuration:

config-file-header
SwitchLab
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
default-vlan vlan 100
exit
vlan database
vlan 1-4,9,90
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
loopback-detection enable
bonjour interface range vlan 1
hostname SwitchLab
logging buffered 200
username admin password encrypted
ip ssh server
clock timezone " " -4
!
interface vlan 1

ip address 10.10.1.1 255.255.255.0
no ip address dhcp
!
interface vlan 2

ip address 10.10.2.1 255.255.255.0
!
interface vlan 3

ip address 10.10.3.1 255.255.255.0
!
interface vlan 4

ip address 10.10.4.1 255.255.255.0
!
interface vlan 9

ip address 10.10.9.10 255.255.255.0
!
!
interface vlan 100

!
interface gigabitethernet1
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet2
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet3
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet4
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet5
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet6
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet7
loopback-detection enable
switchport mode access
switchport access vlan 2
!
interface gigabitethernet8
switchport mode access
switchport access vlan 3
!
interface gigabitethernet9
switchport mode access
switchport access vlan 4
!
interface gigabitethernet10
description WAN_SEGMENT
ip address 10.10.0.253 255.255.255.252
switchport mode access
!
exit

macro auto processing type host enabled
ip default-gateway 10.10.0.254

For somes reasons I am not able to route traffic coming from port 7 vlan 2 with a host ip address : 10.10.2.1 to the interface port 10 with the following ip address 10.10.0.253/30. The vlan doesn't talk to each other... I am in layer 3 mode routing before you asking...

When you guys saying I have to turn off switchport on interface Gi 10 you mean : no switchport access vlan ?

Sorry for my late answer didn't have times this week to check this out.

Michael Swenson · ‎10-26-2015

Hello,

For the Layer 3 switch to do the routing, you would need to make sure the default gateway assigned to the Client PC is the VLAN IP of that Vlan. 10.10.1.1 for VLan 1. 10.10.2.1 for VLan 2...

Next make sure you have a default route on the SG300

0.0.0.0 0.0.0.0 10.10.0.254

Finally on your router make sure you have static routes to the SG300

10.10.1.0/24 to 10.10.0.253

10.10.2.0/24 tp 10.10.0.253

for all VLans

Hope this helps,

AndrewL · ‎10-26-2015

Micheal you got the right Answer, I figure it out this weekend. I set my default gateways to match my router IP address instead of vlan IP address on the host exit. So my host want not able to speak/reach my gateways.

Thanks everybody for talking the times to helping me out.

Michael Swenson · ‎10-20-2015

When you set an IP address on an interface, the interface is a layer 3 connection with an entry in the IP routing table. Thus, the port is being routed and spanning tree is disabled. I agree, however, the SG300 L3 functions differently then an enterprise level IOS device. In that you can add a tagged Vlan to the port. "No Switchport mode" command simply revert the setting back to defaults.

Furthermore, with the SG300 in layer 3, the switch can be managed from any IP address assigned to the switch. You would just need to set the default gateway on your PC to the IP address of the switch.

Michal Bruncko · ‎10-21-2015

Michael, please can you point me to any official documentation about this behavior? I really didn't found anything.

@laframboise871: could you please give us output from following commands:

show spanning-tree GigabitEthernet 1

show interfaces switchport GigabitEthernet 1

thank you

paul driver · ‎10-21-2015

Hello

interface vlan 1
Managment VLAN
ip address 10.10.1.1 255.255.255.0
no ip address dhcp

interface gigabitethernet1
no switchport
description "WAN SEGMENT"
ip address 10.10.0.253 255.255.255.252

vlan 1,2,3,4
exit

ip routing
ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/1 10.0.0.254
( remove all other statics - As suggested)

int ran gigabitethernet2 -7
swtchport access vlan 1

int gigabitethernet8
swtchport access vlan 2

int gigabitethernet9
swtchport access vlan 3

int gigabitethernet10
swtchport access vlan 4

The clients on these port need to have an ip address within the range of the relating SVI of the vlan

Example:
interface vlan 2
name "XXXX"
ip address 10.10.2.1 255.255.255.0

A client attached to port 8
ip address 10.10.2.X
Subnet 255.255.255.0
Default-gateway 10.10.2.1

Lasty I assume NAT is aready being performed somewhere upstream, Possibly on the routing device attached to gig0/1?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

SG300-10 Configuration issue