Solved: Re: SG300-10 L3 InterVLAN Routing

Phil Bedell · ‎01-23-2018

I purchased an SG300-10 with hopes of breaking my network out into 3 VLANs that can intercommunicate for LAN traffic and send internet traffic out through my NETGEAR Nighthawk X6 R8000.

My first attempt was as follows:

Put the switch in L3 mode.
Build VLANs

VLAN1 - 172.31.1.0 = Internet (My R8000 router is at 172.31.1.1)
VLAN10 - 172.31.10.0 = PC Data
VLAN20 - 172.31.20.0 = Multimedia Devices
VLAN30 - 172.31.30.0 = Security Cameras

I configured all VLANs as Access mode - Admit All frames

Port to VLAN

I configured the ports as follows

Ports 1-3 = VLAN10, Access Mode, Untagged PVID=10

Ports 4-6 = VLAN20, Access Mode, Untagged PVID=20

Ports 7-9 = VLAN30, Access Mode, Untagged PVID=30

Ports 10 = VLAN1, Access Mode, Untagged PVID=1 - Default VLAN

IPV4 Interfaces

I configured IPV4 interfaces for the VLANs as follows

VLAN 1 - Static IP 172.31.1.2, Net Mask 255.255.255.0 (My Internet router is 172.31.1.1 that is why I set it to .2
VLAN 10 - Static IP 172.31.10.1, Net Mask 255.255.255.0
VLAN 20 - Static IP 172.31.20.1, Net Mask 255.255.255.0
VLAN 30 - Static IP 172.31.30.1, Net Mask 255.255.255.0

DHCP Server

I enabled the DHCP server and defined the following pools

VLAN10 172.31.10.1-172.31.10.254, Default Router IP Address (Option 3) = Auto, DNS server 172.31.1.1
VLAN20 172.31.20.1-172.31.20.254 Default Router IP Address (Option 3) = Auto, DNS server 172.31.1.1
VLAN10 172.31.30.1-172.31.30.254 Default Router IP Address (Option 3) = Auto, DNS server 172.31.1.1

I then plugged a laptop into port 1 and a desktop into port 8 on the router.

The laptop pulled the following IP information from DHCP

IP: 172.31.10.2

SM: 255.255.255.0

GW: 172.31.10.1

The Desktop pulled the following IP information from DHCP

IP: 172.31.30.2

SM: 255.255.255.0

GW: 172.31.30.1

From the laptop, I try to ping the desktop and vice versa and they both time out. I know I still have work to do to get the router piece going, but I cannot understand why the laptop and PC do not ping on separate VLANs. They ping just fine when put on the same VLAN. When I check the IPV4 routes I can see the routes appear for each subnet when a device is connected to a port in that subnet. What am I missing?

riteshsh · ‎01-23-2018

Hi,

As per your query, you are not able to ping different vlan's.

In our SG300 switch by default Inter VLAN Routing is enabled. Still I request you to check if the same has not been disabled in VLAN settings.

Also make sure the switch is working on latest firmware. As a workaround please try to send some data from PC to Laptop, it may happen that the ping is lost but data is transferring from one end to other as ICMP has lowest priority among all.

(Note :- Make sure Firewall in the Laptop is off.)

View solution in original post

riteshsh · ‎01-23-2018

Hi,

As per your query, you are not able to ping different vlan's.

In our SG300 switch by default Inter VLAN Routing is enabled. Still I request you to check if the same has not been disabled in VLAN settings.

Also make sure the switch is working on latest firmware. As a workaround please try to send some data from PC to Laptop, it may happen that the ping is lost but data is transferring from one end to other as ICMP has lowest priority among all.

(Note :- Make sure Firewall in the Laptop is off.)

Phil Bedell · ‎01-24-2018

Hi riteshsh,

Thank you for your reply. I am away from the system now, but I had a few questions.

When you say "Still I request you to check if the same has not been disabled in VLAN settings." Is that an option in the GUI? I swear I checked every @#$%!%^ option on the entire menu and did not see that. Or is there a CLI command I can run to get an output to confirm this is enabled?

I had already upgraded the firmware to "Sx300 Firmware Version 1.4.8.06"

From each VLAN I am able to open up the web interface via its respective IPV4 interface. Example: From VLAN10 I can open the switch web interface via 172.31.1.2 and 172.31.10.1 and 172.31.20.1 and 172.31.30.1. I assumed this was interVLAN routing, but the inability to ping was causing me to doubt it. I try to establish another type of connection between the endpoints and I will ensure the firewall is off, I was pretty sure it was, but maybe its blocking ping because the subnet\VLANs don't match? I say that because they ping just fine on the same subnet\VLAN.

Phil Bedell · ‎01-24-2018

Ok.... I am really embarrassed to say this, but it was the Windows firewall on each machine causing the issue. I have resolved that and can confirm that InterVLAN Routing is indeed working. Thank you!

My next goal is to get the internet\WAN working and my plan is as follows.

My Router is in VLAN1 at an IP of 172.31.1.1, the Gateway on the SG300 VLAN1 is 172.31.1.2.

I plan to set a default route of 0.0.0.0 0.0.0.0 to 172.31.1.1 on the SG300. This should send the internet traffic out to the router. My router uses RIP and I can select version 1 or 2 Broadcast or 2 Multicast. Does the SG300 support RIP and if so what version(s)?

Phil Bedell · ‎01-24-2018

This answers my questions about RIP on the SG300.

https://supportforums.cisco.com/t5/small-business-switches/does-the-sg300-10-support-rip/td-p/1958423

So, I believe my way around this is to assign static routes in my router back to the SG300. I assume since my Router is in VLAN1 that I can create static routes for the VLAN 10, 20 and 30 ranges back to the SG300 VLAN1 gateway at 172.31.1.2 and it will handle routing the traffic back to the respective subnets? Is that the best approach or do you have a better suggestion?

Marc66 · ‎02-10-2018

Hello!

Yes that's what you should do, just create static routes on your R8000 for each VLAN subnet (VLANs 10, 20, 30) pointing to IP 172.31.1.2