cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
0
Helpful
1
Replies

SG300 Setup Help

Don Nelson
Level 1
Level 1

Hi,

So here is my current setup & I am going to type this out as best as I can.

I have a modem from my ISP (1 ethernet port) that is running on DHCP & a Cisco Asa5505 that is currently doing DHCP for my devices hooked up to my layer 2 switch on the 192.168.1.x subnet & a cheap WAP just doing internal wifi.

I recently purchased a SG300-10P as certain circumstances were going to require me to hook up a 2nd ASA and was going to need a 2nd port to the outside world for work (They were going to give me a WAP & IP Phone). Things have changed & I currently not sure where to go from here as far as hooking everything up & Im fairly new to networking.

I converted the switch to Layer3 and the latest firmware. I have setup multiple Vlans on the switch & DHCP for each Vlan.

192.168.2.0 PC Network

192.168.3.0 Server Network

192.168.4.0 Wireless Network

192.168.5.0 Guest Wifi Network

I setup Port 10 as an uplink for the Layer 2 switch to allow Vlans 2,3,4. I still have to configure the layer 2 switch with the Vlan information so I can tag ports to get the right IP Addresses.

I have Port 3 setup as a trunk for Vlan 4 & 5 (I have to configure the WAP later on which is fairly easy).

Here is where I am stuck:

Currently my SG300-10P is setup with an IP of 192.168.1.x

Would it make more sense to have the ASA as my router connecting between the Modem and the SG300-10P on the 192.168.1.x network, or would I be better off having the modem plugged into the SG300-10P then have the ASA on one of the ports? Someday I would like to be able to use my 5505 so I can VPN into my network (A whole different ball of wax for another weekend).

I would like to have all of the networks have Internet Access.

I want to restrict the the guest wifi network from seeing the other networks other than Internet.

I think that pretty much covers it and just want to make sure I get the routes configured right and everything hooked up properly. Any help or suggestions are appreciated. I'd like to make it as easy as possible with the best solution for expandability if work decides to give me another Asa again.

 

Thank you,

Don

 

 

 

 

1 Accepted Solution

Accepted Solutions

michael o'nan
Level 4
Level 4

I would go modem > ASA > SG300. The SG300 should have a default route to the ASA and the ASA will need routes for each subnet pointing back at the SG300 so it knows how to get back. Hopefully that will help you in some direction.

View solution in original post

1 Reply 1

michael o'nan
Level 4
Level 4

I would go modem > ASA > SG300. The SG300 should have a default route to the ASA and the ASA will need routes for each subnet pointing back at the SG300 so it knows how to get back. Hopefully that will help you in some direction.