10-18-2015 11:25 AM
Hi
First I want to say I am not a native English speaker and I'd apologized for grammatical mistakes that my text might contain. Thank you for your understanding.
My equipement : Switch SG300-10 , setup on layer 3
Here my configuration:
vlan 2-4,100
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
loopback-detection enable
bonjour interface range vlan 1
ip ssh server
clock timezone " " -4
!
interface vlan 1
ip address 10.10.0.52 255.255.255.0
ip address 10.10.1.1 255.255.255.0
no ip address dhcp
!
interface vlan 2
name "XXXX"
ip address 10.10.2.1 255.255.255.0
!
interface vlan 3
name XXXX
ip address 10.10.3.1 255.255.255.0
!
interface vlan 4
name XXXX
ip address 10.10.4.1 255.255.255.0
!
interface gigabitethernet1
loopback-detection enable
description "WAN SEGMENT"
ip address 10.10.0.253 255.255.255.252
switchport mode access
!
interface gigabitethernet2
loopback-detection enable
switchport mode access
!
interface gigabitethernet3
loopback-detection enable
switchport mode access
!
interface gigabitethernet4
loopback-detection enable
switchport mode access
!
interface gigabitethernet5
loopback-detection enable
switchport mode access
!
interface gigabitethernet6
loopback-detection enable
switchport mode access
!
interface gigabitethernet7
loopback-detection enable
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
description WiFi
switchport mode access
!
interface gigabitethernet10
switchport mode access
!
interface loopback 1
ip address 10.10.10.10 255.255.255.0
!
exit *
macro auto processing type host enabled
ip default-gateway 10.10.0.254
ip route 10.10.1.0 /24 10.10.0.254
ip route 10.10.2.0 /24 10.10.0.254
ip route 10.10.3.0 /24 10.10.0.254
ip route 10.10.4.0 /24 10.10.0.254
What I am trying to archive :
I have 4 vlans
port 1 : no vlan associated IP adress : 10.10.0.253/30 facing router 10.10.0.254
10.10.1.x/24, port 2-7
10.10.2.x/24, port 8
10.10.3.x/24, port 9
10.10.4.x/24, port 10
I want to enable inter-vlan routing, and want the traffic to pass thought port 1 to reach the internet
Here my Issue/Question :
Question 1 : When I connect my port 1(10.10.0.253) to my router(10.10.0.254) and another host(10.10.3.x) on port 7 and trying to access to the internet I am not able. When I do a traceroute my packet die in the switch not going to the router. If I change the port example 1 to 2 I am able to reach the internet. My question is why I am not able to make it work thought the port 1?
Question 2 : I want to setup the management IP address on a loopback that can be reach by any port on the switch how can I archive that?
I you need more information I will be glad to provide them just ask them
Thanks
Solved! Go to Solution.
10-26-2015 08:03 AM
Hello,
For the Layer 3 switch to do the routing, you would need to make sure the default gateway assigned to the Client PC is the VLAN IP of that Vlan. 10.10.1.1 for VLan 1. 10.10.2.1 for VLan 2...
Next make sure you have a default route on the SG300
0.0.0.0 0.0.0.0 10.10.0.254
Finally on your router make sure you have static routes to the SG300
10.10.1.0/24 to 10.10.0.253
10.10.2.0/24 tp 10.10.0.253
for all VLans
Hope this helps,
10-19-2015 03:37 AM
there are several issues with your configuration:
ip route 10.10.1.0 /24 10.10.0.254
ip route 10.10.2.0 /24 10.10.0.254
ip route 10.10.3.0 /24 10.10.0.254
ip route 10.10.4.0 /24 10.10.0.254
are wrong. They all should be automatically created as "directly connected" as your switch is hosting SVI interfaces with IP addresses per each VLAN.
once you fix all those issues your communication toward internet should be restored.
Regards second question:
you can simply create loopback interface and assign address you wanted to use for this switch. example:
int loopback 1 ip address 172.16.255.1 255.255.255.255 exit
> "that can be reach by any port on the switch"
this will work only in case that your switch will stand like default gateway for any directly attached device.
10-19-2015 08:54 AM
interface gigabitethernet1 is a routed port and setup correctly.
10.10.0.52 is in the same subnet as your point to point uplink to your router and should be remove from Vlan 1. "N0 ip address 10.10.0.52 255.255.255.0"
interface vlan 1
ip address 10.10.0.52 255.255.255.0
ip address 10.10.1.1 255.255.255.0
no ip address dhcp
The static routes are not needed on the L3 switch. These routes are needed on you upstream router so it knows how to get these subnets back to the SG300. Routes needed on the upstream router.
ip route 10.10.1.0 /24 10.10.0.253
ip route 10.10.2.0 /24 10.10.0.253
ip route 10.10.3.0 /24 10.10.0.253
ip route 10.10.4.0 /24 10.10.0.253
The default route is needed on the SG300."ip route 0.0.0.0 0.0.0.0 10.10.0.254"
10-19-2015 01:50 PM
Michael, I don’t believe that SG switches (or neither else from SMB family) supports pure routed ports. Please point me to any documentation about contrary. I didn't found anything.
My arguments:
And you can always test and check whether:
..to confirm/refuse my statements. Unfortunately I can't test it by myself as all my managed SG switches are running in L2 mode.
The only thing with what I can agree with you is statement about routing from upstream device (router) toward switch for VLANs 1-4 which I forgot to mention.
10-19-2015 10:19 PM
Thank you both for taking the time to answer my question, Micheal could you confirm the information that you wrote on your previous post because I think Michal brings an interesting argument. ( No offense I just want to make sure I getting the right information.)
Regarding my second point I have not been specific enough, I want to use the loopback IP to get access to the GUI can I do that ? If is possible how do I proceed with the CLI ?
If not how do I attribute a new specific IP to the GUI that can be use by my internet browser. When I setup a IP do I have to use a specific port ?
Please note that IP address 10.10.0.52 255.255.255.0 was provided by DHCP given by my router to manage my switch thought the GUI interface since my router was connected with a RJ45 before I switch it to the serial port interface.
thanks both of you for helping me out.
10-20-2015 03:27 AM
regards to your second question. for me using and defining management IPs for those switches wasn't clear at all. Configuration of IP addresses for SVI VLAN interfaces and management interfaces are in same place and there is no obvious way how to define which one has to be for management purposes only.
but now I found this: "Be careful, because the first static address you set on the switch automatically becomes the management IP address of the switch. It is possible to lock yourself out and have to reset by setting a the first static on a VLAN you haven't assigned to any ports. You can tell when it is using a static address because the system light will stay solid." here.
for me that means:
10-23-2015 03:23 PM
Here my new configuration:
config-file-header
SwitchLab
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
default-vlan vlan 100
exit
vlan database
vlan 1-4,9,90
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
loopback-detection enable
bonjour interface range vlan 1
hostname SwitchLab
logging buffered 200
username admin password encrypted
ip ssh server
clock timezone " " -4
!
interface vlan 1
ip address 10.10.1.1 255.255.255.0
no ip address dhcp
!
interface vlan 2
ip address 10.10.2.1 255.255.255.0
!
interface vlan 3
ip address 10.10.3.1 255.255.255.0
!
interface vlan 4
ip address 10.10.4.1 255.255.255.0
!
interface vlan 9
ip address 10.10.9.10 255.255.255.0
!
!
interface vlan 100
!
interface gigabitethernet1
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet2
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet3
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet4
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet5
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet6
loopback-detection enable
switchport mode access
switchport access vlan 1
!
interface gigabitethernet7
loopback-detection enable
switchport mode access
switchport access vlan 2
!
interface gigabitethernet8
switchport mode access
switchport access vlan 3
!
interface gigabitethernet9
switchport mode access
switchport access vlan 4
!
interface gigabitethernet10
description WAN_SEGMENT
ip address 10.10.0.253 255.255.255.252
switchport mode access
!
exit
macro auto processing type host enabled
ip default-gateway 10.10.0.254
For somes reasons I am not able to route traffic coming from port 7 vlan 2 with a host ip address : 10.10.2.1 to the interface port 10 with the following ip address 10.10.0.253/30. The vlan doesn't talk to each other... I am in layer 3 mode routing before you asking...
When you guys saying I have to turn off switchport on interface Gi 10 you mean : no switchport access vlan ?
Sorry for my late answer didn't have times this week to check this out.
10-26-2015 08:03 AM
Hello,
For the Layer 3 switch to do the routing, you would need to make sure the default gateway assigned to the Client PC is the VLAN IP of that Vlan. 10.10.1.1 for VLan 1. 10.10.2.1 for VLan 2...
Next make sure you have a default route on the SG300
0.0.0.0 0.0.0.0 10.10.0.254
Finally on your router make sure you have static routes to the SG300
10.10.1.0/24 to 10.10.0.253
10.10.2.0/24 tp 10.10.0.253
for all VLans
Hope this helps,
10-26-2015 02:25 PM
Micheal you got the right Answer, I figure it out this weekend. I set my default gateways to match my router IP address instead of vlan IP address on the host exit. So my host want not able to speak/reach my gateways.
Thanks everybody for talking the times to helping me out.
10-20-2015 02:06 PM
When you set an IP address on an interface, the interface is a layer 3 connection with an entry in the IP routing table. Thus, the port is being routed and spanning tree is disabled. I agree, however, the SG300 L3 functions differently then an enterprise level IOS device. In that you can add a tagged Vlan to the port. "No Switchport mode" command simply revert the setting back to defaults.
Furthermore, with the SG300 in layer 3, the switch can be managed from any IP address assigned to the switch. You would just need to set the default gateway on your PC to the IP address of the switch.
10-21-2015 12:36 AM
Michael, please can you point me to any official documentation about this behavior? I really didn't found anything.
@laframboise871: could you please give us output from following commands:
show spanning-tree GigabitEthernet 1 show interfaces switchport GigabitEthernet 1
thank you
10-21-2015 04:07 AM
Hello
interface vlan 1
Managment VLAN
ip address 10.10.1.1 255.255.255.0
no ip address dhcp
interface gigabitethernet1
no switchport
description "WAN SEGMENT"
ip address 10.10.0.253 255.255.255.252
vlan 1,2,3,4
exit
ip routing
ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/1 10.0.0.254
( remove all other statics - As suggested)
int ran gigabitethernet2 -7
swtchport access vlan 1
int gigabitethernet8
swtchport access vlan 2
int gigabitethernet9
swtchport access vlan 3
int gigabitethernet10
swtchport access vlan 4
The clients on these port need to have an ip address within the range of the relating SVI of the vlan
Example:
interface vlan 2
name "XXXX"
ip address 10.10.2.1 255.255.255.0
A client attached to port 8
ip address 10.10.2.X
Subnet 255.255.255.0
Default-gateway 10.10.2.1
Lasty I assume NAT is aready being performed somewhere upstream, Possibly on the routing device attached to gig0/1?
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide