cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15005
Views
0
Helpful
13
Replies

Sg300-28 inter-vlan routing

Hello

I appreciate and thanks in advance if you can help with this simple configuration

In SG300, in layer 3 mode, how can you make 2 VLANs see each other?

In my home lab:

VLAN1             default (GE1:  Access mode)  192,168,2.254

VLAN10           Static  (GE24: Access mode)  192.168.10.1

Common Port              GE25: Trunk Mode conected directly to my router interface 192.168.2.1)

VLAN1    can communicate with outside world and internet, for example, from another subnet: 192.168.1.0

VLAN10  is not visible from from outside and from VLAN1

How can I allow traffic from VLAN10 to go through the common Port GE25 to the outside world?

The Router config says: VLAN10 is diretly connected to 192.168.2.1 but I cannot ping it. I wonder why?

Regards

Minh

--------------------------------------------------

SG300#show vlan

Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN

Vlan       Name                   Ports               Created by

---- ----------------- --------------------------- ----------------

1           1            gi1-23,gi25-28,Po1-8            D

10       VLAN10                  gi24                    S

SG300#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via 192.168.2.1, 36:24:22, vlan 1

C   192.168.2.0/24 is directly connected, vlan 1

S   192.168.10.0/24 [1/1] via 192.168.2.1, 27:23:12, vlan 1

2 Accepted Solutions

Accepted Solutions

Need to set default gateway on the switch at 192.168.2.1

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Hi Minh, see this post for some guidance

https://supportforums.cisco.com/message/4178990

-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

13 Replies 13

mpyhala
Level 7
Level 7

Minh,

In Layer 3 Mode the switch will route between VLANs. The default VLAN 1 becomes the gateway for any additional VLANs. (192.168.2.254 is the gateway for 192.168.10.x) You only need to create a VLAN interface for each VLAN, which you have already done.

The port connected to the router should an access port VLAN 1 untagged. In the router, create a static route to 192.168.10.x that looks like:

To get to 192.168.10.0/24, go to 192.168.2.254

This will allow VLAN 10 to have internet access. The default gateway for VLAN 10 hosts is 192.168.10.1.

Since VLAN 10 is directly connected to VLAN 1, there is no need to create any route in the switch.

- Marty

Thanks Marty!

Following your advice, It works almost 100%!

I can ping any host from any VLAN, from VLAN1 <=> VLAN10

Except that I cannot ping the ineterface of the router that the switch is directly conneted to, which is 192.168.2.1

from host 192.168.10.2, I can ping

192.168.2.254, 192.168.2.x, exxept 192.168.2.1

It does not make sense to me but i could not figure out why?

Regards

Minh

Hi Minh,

Does host 192.168.10.2 have internet access?

Can it ping another host that is directly connected to the router?

- Marty

Hi Marty

192.168.10.2 

Does not have internet access, cannot ping yahoo,com

And Cannot not ping 192.168.2.1  (the 2nd Interface of my Pfsense Firewall router)

192.168.10.2 Can ping any host in VLAN1 including the IP interface

192.168.2.254

192.168.2.8

192.168.2.29

Anyhost in VLAN1 can ping 192.168.10.2

Best Regards

Minh

Minh,

Do you still have the route:

S   0.0.0.0/0 [1/1] via 192.168.2.1, 36:24:22, vlan 1

- Marty

Need to set default gateway on the switch at 192.168.2.1

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Thanks Tom

Yes I did

I can ping 192.168.2.1 from a host in VLAN1.  And all hosts in VLAN1 can access internet as well

Hi Marty, Hi Tom

I run into the following situation:

1- When I add VLAN10 interface, the switch add automatically IPV4 Route and make it uneditable, with no next IP, and does not allow Internet access to VLAN10

2- When I delete VLAN Interface, the switch automatically change IPV4 toute to remotely connected to next hope IP 192.168.2.1, This would allow internet access to VLAN10

3- How can we add IP Route manually and able to set next hop IP to 192.168.1.1 which would allowed internet access to VLAN10

Please see screen shot below

Thanks Tom & Marty

snap001138.jpg

Marty

Yes. I still have it

SG300#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via 192.168.2.1, 31:50:40, vlan 1

C   192.168.2.0/24 is directly connected, vlan 1

C   192.168.10.0/24 is directly connected, vlan 10

Hi Minh, see this post for some guidance

https://supportforums.cisco.com/message/4178990

-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom, Marty

I follow closely the guidance and still stuck at the single issue My VLAN10 still stuck inside and cannot see the internet

Here is the summray:

Port GE25 connects directly to 192.168.2.1. Trunk, untagged

VLAN1: Port 1-22   Access Mode, untagged

VLAN10 Port 23, 24  Acccess Mode, untagged

1- VLAN1 Can see VLAN10, vice versa (can ping each other).

2- VLAN1 Can see the internet.

3- VLAN10 Cannot see the internet.

It seems packet originates from VLAN10 destinated to 192.168.2.1 via VLAN1, cannot be forwarded. 

I wonder why?

Best Regards

Minh

Hi Marty

I have another question

How can this step be done on the router whaout creating a VLAN interface?

He already have 192.168.2.1 in the previous step. He is now creating 192.168.3.1. So there must be an Interface for this network. But this is his VLAN network 192.168.3.0 on the switch?

snap001150.jpg.

Hi Marty, Toms

Thanks! Thanks! Thanks! It works so I am happy.

Thank you for sending the link to the Guidance Document.

I finally makes it work with Pfsense firewall router. My VLAN10 can see the internet

The find out The term Multiple Subnet on One Pbysical Iterface on Pfsense means create a a Virtual IP alias

For those who has similar problem like mine, I attach here my entire LAB and a reference

Best Regards

Minh