08-29-2011 12:38 AM
I setup switch in layer 3 mode.
I have a access port in vlan 10 and a access port in vlan 20.
I am able to ping form vlan 10 client to vlan20 default gateway (192.168.20.1)
I am able to ping form vlan 20 client to vlan10 default gateway (192.168.10.1)
However, I am unable to ping from vlan 10 to vlan 20 client.
If both the ports are in same vlan, then clients are able to ping each other.
Proxy Arp in enabled.
vlan 10 client ip info
192.168.10.10
255.255.254.0
GW:192.168.10.1
vlan 20 client ip info
192.168.20.5
255.255.255.0
gw:192.168.20.1
L3 switch config
==============
vmrishi#show ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.10.1/23 vlan 10 Static disable No Valid
192.168.20.1/28 vlan 20 Static disable No Valid
192.168.30.1/24 vlan 30 Static disable No Valid
192.168.80.1/24 gi24 Static disable No Valid
vmrishi#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: C - connected, S - static, D - DHCP
S 0.0.0.0/0 [1/1] via 192.168.80.2 Backup Not Active
C 192.168.10.0/23 is directly connected vlan 10
C 192.168.20.0/28 is directly connected vlan 20
C 192.168.30.0/24 is directly connected vlan 30
Thaks,
S.
08-29-2011 02:58 AM
Hi sreenath,
you want to give gateway as below for Vlan 10 clients
Ip:192.168.10.10
gateway;192.168.10.1
You want to give gateway as below for Vlan 20 clients
IP:192.168.20.5
Gateway:192.168.20.1
regards
VK Moorthy
08-29-2011 03:05 AM
Its already setup with default gateways as you mentioned but forgot to mention in the forum. I updated my blog to reflect that. Thank you.
08-29-2011 03:21 AM
Hi sreenath,
I think your switches are in VLAN-10,pls mention the gateway for switch as 192.168.10.1
regards
VKMoorthy
08-29-2011 03:33 AM
Hi VKMoorthy,
I started this setup with 2 X L2 switches uplinked to L3. Since inter-vlanrouting is not working, to narrow down the problem, I unplugged all the L2 switches and started testing interVlan routing only on ports on L3 switch.
I really do not understand what you mean to setup default GW on a L3 switch because there is no such option in GUI. In L2 switch there is though. Once inter-vlan is working I want to setup a port gi24 on L3 switch in access mode connecting to sonic firewall ip 192.168.10.2. Please clarify.
Thank you,
S.
08-29-2011 03:47 AM
Hi sreenath,
pls send the topology diagram with ip address information.
regards
VK Moorthy
08-29-2011 05:46 AM
Hi Moorthy,
In my original post I only talked about L3 switch in order to isolate the problem so that we are not discusssing the trunking configuration and other possibilites. I have include the final topology diagaram which I would like to see. But as per my original post both layer 2 swithces are powered off now.
Irrespective of where my clients are connected(L2 or L3 ) these are observations.
All clients are able to ping all vlan interfaces/gateways( 192.168.x.1)
In diagram PC1(192.168.20.5) is not able to ping PC2(192.168.10.10).
Firmware file I used:
Sx300_FW-1.1.0.73.ros
Below are the commands I used and planning to use for firewall connectivity.
------------------------
config)#ip routing
config)#interface vlan10
config-if)#ip address 192.168.10.1 255.255.254.0
config-if)#interface vlan20
config-if)#ip address 192.168.20.1 255.255.255.240
config-if)#interface vlan30
config-if)#ip address 192.168.30.1 255.255.255.0
(config)#interface ge24
switchport mode access
swithcport access vlan 80
ip address 192.168.80.1 255.255.255.0
no shutdown
(config)#ip route 0.0.0.0 0.0.0.0 192.168.80.2
------------------------------------------------------------------
Thank you,
S.
08-30-2011 03:30 AM
I am in time crunch and would appreciate a quick response from anyone in support.
08-31-2011 12:45 AM
Hi Sreenath,
I am a Pre-sales Systems Engineer not a post sales professional, so this is my attempt to respond quickly to your request..
I tried your config in layer 3 mode on my loaner SG300-28P.
Sure seems faster to configure this via the GUI than the CLI.
Here is some CLI I produced for your setup, gotta admit I used the GUI to create the CLI.
Look at the VLAN section of your GUI interface, especially port to VLAN to be sure the VLANs are configured correctly. From your posting, i'm sure you fully understand VLAN tagged and untagged terminology
Sorry, I left yout the default route to 192.168.80.2
------------------ show version ------------------
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
vlan database
vlan 10,20,30,80
exit
interface vlan 80
ip address 192.168.80.1 255.255.255.0
exit
interface vlan 10
ip address 192.168.10.1 255.255.254.0
exit
interface vlan 20
ip address 192.168.20.1 255.255.255.0
exit
interface vlan 30
ip address 192.168.30.1 255.255.255.0
exit
interface vlan 1
no ip address dhcp
exit
hostname SG300-28P
no passwords complexity enable
username dave password mypassword privilege 15
ip ssh server
no snmp-server server
ip http secure-server
ip telnet server
interface range gigabitethernet1-24
switchport trunk allowed vlan add 10,20,30
exit
All ports except my uplink ports 25-28 are tagged for all VLANs except VLAN80
Ports G125-28 are untagged in vlan 80. It seems very different to your configuration. I have to admit that sometimes it's just much easier using the GUI until the configuration is correct,
interface gigabitethernet25
switchport trunk native vlan 80
exit
interface gigabitethernet26
switchport trunk native vlan 80
exit
interface gigabitethernet27
switchport trunk native vlan 80
exit
interface gigabitethernet28
switchport trunk native vlan 80
exit
In this Config, VLAN1 is propagated on all switch ports Gi1-24 as untagged frames,
In this Config, VLAN 10,20,30 are propagated on all switch ports Gi1-24 as tagged frames
In this Config VLAN80 is propagated on all switch ports Gi 25-28 as untagged frames,
Unless there is a problem with supernetting VLAN10, Layer 3 switching between VLANs should work fine. I guess this is a example you can work from or discard
One thing also to check is to see if the IP routes come up. In my example below, no interface routes came up because I had nothing plugged into the switch. So if nothing is connected to a particular VLAN, no interface routes will appear.
SG300-28P# show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: C - connected, S - static, D - DHCP
SG300-28P# show ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.10.1/23 vlan 10 Static disable No Valid
192.168.20.1/24 vlan 20 Static disable No Valid
192.168.30.1/24 vlan 30 Static disable No Valid
192.168.80.1/24 vlan 80 Static disable No Valid
If you have a issue, your switch is covered by a excellent warranty and you can speak to a technician to see what the problem might be, It would be interesting to refer them to this posting. Contact SBSC via the following URL;
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards Dave
08-31-2011 08:55 PM
Hi Sreenath
its very easy to configure in GUI mode.pls refer the manual for SG300 .i will provide the link for that as below
https://supportforums.cisco.com/docs/DOC-13844
or
Contact the SBSC center
tp://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards
VK Moorthy
09-01-2011 10:14 PM
I will test out and let you know.
Thank you.
Sree.
12-03-2011 10:27 PM
I apologize for not getting back. Our project was differed and I started working on the switch now. I updated firwmare to latest and setup 2 vlans with same class subnet(as per belwo release notes bug. As per my understanding ivlan routing uses proxy arp) it worked but was flaky. So gave up on L3 functionality of switch.
Problem: Proxy ARP functions for subnets sharing the same class based
network. It will not work if the subnets in question belong to 2 different class based
networks. (Bugs00130163)
Example: ARP proxy forwards requests/responses between subnets 192.168.5.0/
28 and 192.168.5.32/28 which belong to the same class based network
192.168.5.0. The same principle applies when dealing with class A or B networks.
Solution: There is no workaround.
In my L2 setup I see performance problem as outlined below link. I would not recommend this switch to anyone.
12-03-2011 03:33 PM
Hello Dave,
Can you outline the step in GUI to configure VLAN Ip address?
I used command line and after saying Y, the switch hangs, as below, then I have to reboot
SG300-28(config)#vlan database
SG300-28(config-vlan)#vlan 10,20,30
SG300-28(config-vlan)#exit
SG300-28(config)#int vlan 10
SG300-28(config-if)#ip address 10.10.10.1 255.255.255.0
Please ensure that the port through which the device is managed has the proper
settings and is a member of the new management interface.
Would you like to apply this new configuration? (Y/N)[N] Y
-- At this point the switch hangs. I reboot---
Thanks
Minh
05-16-2015 05:27 PM
Three years later ..
I have an SG300-20 already set for Layer 3 mode.
Firmware Upgraded to 1.4.1.03
Created VLANs and a LAG (LAG is a member of multiple VLANs). Tried throug hWeb GUI and telnet to do this:
configure interface vlan 11
ip address 10.1.1.254 /24
at this point Cisco SG 300-20 hangs
05-18-2015 10:24 PM
I guess it worked, but the port I was connected to the wrong VLAN. Connecting to the VLAN that was allowed to access the IP did resolve the issue.
Getting routing to work was another challenge. I think among other things that still seem mysterious, is that sometimes routing works, other times it does not. That said - it is important to make sure each vlan has an IP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide