Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2158
Views
0
Helpful
2
Replies

SG300 vlan/routing issue

chris.loverme
Level 1
Level 1

‎09-20-2013 05:19 PM

Hi,

I have an SG300-10P but it doesn't seem to working as expected, so I need some help getting the configuraiton correct. I have a workstation on a vlan (998) but it can't ping a host on the internet (8.8.8.8) but from the switch I can ping 8.8.8.8.  I'm sure I'm missing something basic/obvious, but missing it.  It looks like the switch will not send traffic back from 192.168.0.2 to 10.47.100.1? 

Switch is in Layer 3 mode.

Workstation (10.47.100.150 w/ gateway 10.47.100.1) is on port 3, vlan 998

Firewall (192.168.0.1) is on port 2, vlan 1

vlan1 ip is 192.168.0.2

vlan 998 ip is 10.47.100.1

The interface on the firewall/router is 192.168.0.1.  The firewall has a the reverse route on it telling it that in order to reach 10.47.100.1, it has to go through 192.168.0.2. I have a route on the switch telling it to go to 192.168.0.1 for 0.0.0.0.

-PC can ping the firewall (192.168.0.1), vlan1 (192.168.0.2), and vlan 998 (10.47.100.1). It cannot ping google dns 8.8.8.8

-The switch can ping google 8.8.8.8, the firewall (192.168.0.1), vlan 1 (92.168.0.2), and vlan 998 (10.47.100.1), and the workstation (10.47.100.150)

Running config:

------------

vlan database

vlan 998

exit

interface vlan 998

ip address 10.47.100.1 255.255.255.0

exit

interface vlan 1

ip address 192.168.0.2 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 192.168.0.1

interface vlan 1

no ip address dhcp

exit

bonjour interface range vlan 1

hostname switcha8b3a1

no snmp-server server

interface gigabitethernet10

exit

interface gigabitethernet3

switchport trunk native vlan 998

exit

Labels:
0 Helpful
2 Replies 2

chris.loverme
Level 1
Level 1

‎09-24-2013 11:59 AM

In case anyone else ever has this issue, I solved it, but not with an SG300. It appears the that SG300 can do intervlan routing but not route internally from an interface.  If it does do it, it wasn't documented so I gave up and put in a router.

In short, you need a Cisco router with at least 2 ethernet interfaces with the following configuration:

interface GigabitEthernet0/0

description Direct connect to firewall

ip address 192.168.0.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/1

description To Internal Network Cisco Switch

ip address 10.47.100.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip default-gateway 192.168.0.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip nat inside source list 1 interface GigabitEthernet0/0 overload

access-list 1 permit 10.47.100.0 0.0.0.255

You could probably do routing on a stick (one interface) and some type of vlan setup, but this was easier to implement.

-Chris

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to chris.loverme

‎09-25-2013 02:27 PM

Hi Chris, the small business switches do not support NAT. Your original post states you have a router

"The interface on the firewall/router is 192.168.0.1."

The switch will work fine on the internet if NAT is not needed, meaning, everything you have is a public IP provided from the ISP.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents