Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1888
Views
0
Helpful
9
Replies

SG300-28 in L3 no InterVlan routing?

viningele
Level 3
Level 3

‎01-17-2014 04:52 AM

      I have an SG300-28 and I'm not able to ping from VLAN interface's IP to clients in other vlans.  It's got to be something simple I'm missing but I'm not seeing it and I've run out of things to try.

I have 3 vlans 1, 11 & 25 and I'm connected via a trunk to an RV320.  All vlans access the internet no problem but I can't access vlan 11 from 1 or 1 from vlan 11.  25 is guest wi-fi and shouldn't access the others and doesn't.

            

SW-SG300-28-1#show run
config-file-header
SW-SG300-28-1
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router 
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
no spanning-tree
vlan database
vlan 11,25
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no eee enable
ip dhcp server
ip dhcp pool network GUEST-POOL
address low 192.168.176.50 high 192.168.176.199 255.255.255.0
lease 0 2
default-router 192.168.176.10
dns-server 8.8.8.8 8.8.4.4 192.168.175.1
exit
ip dhcp pool network POS_POOL
address low 192.168.11.100 high 192.168.11.120 255.255.255.0
default-router 192.168.11.10
dns-server 8.8.8.8
exit
no boot host auto-config
bonjour interface range vlan 1
ip access-list extended DENY-GUESTS-IN
deny ip 192.168.176.0 0.0.0.255 192.168.175.0 0.0.0.255
deny ip 192.168.176.0 0.0.0.255 192.168.177.0 0.0.0.255
exit
ip access-list extended Allow-non-Guests
deny ip 192.168.176.0 0.0.0.255 any
permit ip any any
exit
ip access-list extended "ALLOW ALL"
permit ip any any
exit
hostname SW-SG300-28-1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
no passwords complexity enable
passwords aging 0
ip ssh server                        
snmp-server server
ip http timeout-policy 1800
clock timezone " " -5
clock summer-time web recurring usa
clock source sntp
clock source browser
ip name-server  8.8.8.8 8.8.4.4 192.168.175.1
ip host cameras 192.168.175.144
ip telnet server
!
interface vlan 1
 ip address 192.168.175.148 255.255.255.0
 no ip address dhcp
 service-acl input Allow-non-Guests default-action permit-any
!
interface vlan 11
 name POS_
 ip address 192.168.11.10 255.255.255.0
 service-acl input Allow-non-Guests default-action permit-any
!
interface vlan 25
 name "Guest Wi-Fi"
 ip address 192.168.176.10 255.255.255.0
 service-acl input Allow-non-Guests default-action permit-any
!
interface gigabitethernet1
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet2
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet3
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet4
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet5
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet6
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet7
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet8
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport forbidden vlan add 25
 macro description desktop
 macro auto smartport type desktop $max_hosts 10 $native_vlan 1
!
interface gigabitethernet9
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet10
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet11
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet12
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet13
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
interface gigabitethernet14
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet15
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet16
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet17
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet18
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet19
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet20
 ip arp inspection trust
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
 macro description desktop
!
interface gigabitethernet21
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11
 switchport forbidden vlan add 25
!
interface gigabitethernet22
 ip arp inspection trust
 service-acl input Allow-non-Guests default-action permit-any
 switchport mode access
 switchport access vlan 11                 
 switchport forbidden vlan add 25
!
interface gigabitethernet23
 description PAK_AP_Bar
 spanning-tree link-type point-to-point
 service-acl input DENY-GUESTS-IN default-action permit-any
 switchport trunk allowed vlan add 11,25
 macro description ap
 macro auto smartport type ap
!
interface gigabitethernet24
 description PAK_AP_Kit
 spanning-tree link-type point-to-point
 service-acl input DENY-GUESTS-IN default-action permit-any
 switchport trunk allowed vlan add 11,25
 macro description ap
 macro auto smartport type ap
!
interface gigabitethernet25
 description Router
 storm-control broadcast enable
 storm-control broadcast level 10
 spanning-tree link-type point-to-point
 service-acl input "ALLOW ALL" default-action permit-any
 switchport trunk allowed vlan add 11,25
 macro description router
 macro auto smartport type router $native_vlan 1
!
interface gigabitethernet26
 spanning-tree link-type point-to-point
 switchport trunk allowed vlan add 11,25
 macro description switch
 macro auto smartport type switch $native_vlan 1
!
interface gigabitethernet27
 spanning-tree link-type point-to-point
 switchport trunk allowed vlan add 11,25
 macro description switch
 macro auto smartport type switch $native_vlan 1
!
interface gigabitethernet28
 spanning-tree link-type point-to-point
 switchport trunk allowed vlan add 11,25
 macro description switch
 macro auto smartport type switch $native_vlan 1
exit
ip default-gateway 192.168.175.1
SW-SG300-28-1#

 [KSW-SG300-28-1#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via 192.168.175.1, 00:13:29, vlan 1                    
C   192.168.11.0/24 is directly connected, vlan 11                         
C   192.168.175.0/24 is directly connected, vlan 1                         
C   192.168.176.0/24 is directly connected, vlan 25                        
SW-SG300-28-1#show vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN
Vlan       Name                   Ports               Created by    
---- ----------------- --------------------------- ---------------- 
 1           1             gi1-8,gi23-28,Po1-8            D         
 11        POS_                  gi9-28                   S         
 25     Guest Wi-Fi              gi23-28                  S         
SW-SG300-28-1#
Labels:
0 Helpful
9 Replies 9

Tom Watts
VIP Alumni
VIP Alumni

‎01-17-2014 01:48 PM

Hi Vini, on the RV320, do you have intervlan capability enable or disable for vlan 11 and 11?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

viningele
Level 3
Level 3
In response to Tom Watts

‎01-17-2014 03:32 PM

It's disabled on all vlans in the rv320 since I'm expecting the switch to handle intervlan routing.

0 Helpful

viningele
Level 3
Level 3
In response to viningele

‎01-17-2014 03:51 PM

Additionally the RV320 is the dhcp server for vlan 1 on x.x.x.1 and the dhcp server is disabled for vlans 11 & 25.  The switch has dhcp server enabled and pools for vlans 11 & 25.  No ip routes int the RV either for vlans interfaces on switch.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to viningele

‎01-17-2014 03:59 PM

Hi Vini, I was about to ask the same then I saw the email notice. I see only 1 DHCP pool excluding the guest (since we don't need to talk about guest).

ip dhcp pool network POS_POOL

address low 192.168.11.100 high 192.168.11.120 255.255.255.0

default-router 192.168.11.10

dns-server 8.8.8.8

So you should enable intervlan routing on the RV320 OR you need to let the switch give DHCP for VLAN 1 and handle the VLAN 1 routing. Right now you're using VLAN 1 in a layer 2 capacity since the gateway is not the switch - it's the router.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

viningele
Level 3
Level 3
In response to Tom Watts

‎01-17-2014 05:10 PM

Ok, turning off the dhcp server for vlan 1 in the RV320 and adding a pool in the switch is simple enough and I had wanted to that on this system anyway but never got around to it.  I didn't think this would affect routing on the switch since I did create a ip interface for vlan 1 on it and it comes up as a direct route in show ip route so I tried just about everything else.  I have noticed some odd behavior when enabling vlan routing on the RV320 sort of like a loop that I attributed to routing in both locations but that's just me guessing. 

0 Helpful

viningele
Level 3
Level 3
In response to viningele

‎01-18-2014 05:09 AM

In the RV320 > DHCP Setup should I just disable the server or use DHCP Relay and input the ip of the vlan interface/dhcp server in the switch.  Does it matter?

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to viningele

‎01-18-2014 03:53 PM

Hi Vinni, personally I'd just use the switch. It's a stronger/more robust product than any of the SB routers.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

viningele
Level 3
Level 3
In response to Tom Watts

‎01-18-2014 06:29 PM

Yeah that's what I did and it was easiy enough to do remotely with out losing remote access.  The whole point of using this switch in L3 mode was so I could handle the routing internal to the switch and not have to go out to the router and back to the switch at wire speed to accomplish the routing.

From what I've read the RV320 DHCP server should be disabled not DHCP relay for my needs since the DHCP servers on the switch are on the same VLANs.

I was worried about the PPTP VPN DHCP server on the RV after disabling DHCP for VLAN 1 (default) but it still seems to work fine and must operate independent and I just added that range of IPs to the excluded DHCP table on the switch so I should be good there.

So for future reference to achieve intervlan routing I not only need to create a vlan interface IP but also need to create a DHCP pool even if I don't need a DHCP server because creation of the pool activates the DHCP server and the routing function?

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to viningele

‎01-19-2014 03:31 PM

Hi Vini, the DHCP server isn't relevant to achieve intervlan routing. The DHCP server would only play a role in assigning the correct default gateway to a host.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents