Re: SG350 Network Design/Configuration Assistance

kennyrogersjr · ‎03-08-2019

I'm going out on a limb and asking this community if they would mind assisting me in better designing my simple home network.

This is my current network diagram:

I'd like to see what this SG350 is capable of and how I can use it to enhance my networking skill-set without having the family throttle me because I accidentally nixed their Internet access.

My plans are to introduce additional VLANS, like Wireless Users, Guest, Gaming, Management, Kids, etc. I am also very interested in load balancing and utilizing that port 26 to connect to an additional port on the Modem, this way, one port isn't the only route; if I can use port 12 and 24 as well, that would be really cool. I really want the Modem to stop being my network everything and just be a "dumb" L2 Router/Border Firewall and have my SG350 be in charge of the network (DHCP included).

I look forward to the conversation!

Ken

Jaderson Pessoa · ‎03-08-2019

Hello,

I sugges to you something like it:

for vlans:

interface vlan 10

ip address 192.168.1.1 255.255.255.0

description Guest

interface vlan 20

ip address 192.168.2.1 255.255.255.0

description wireless users

interface vlan 30

ip address 192.168.2.1 255.255.255.0

description Gaming

ip dhcp pool GUEST

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8 (as you choice)

ip dhcp pool USER_WIRELESS

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 8.8.8.8 (as you choice)

ip dhcp pool GAMING

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 8.8.8.8 (as you choice)

interface port-channel 1

description LB_MODEM

switchport mode access

interface gig 1/0/12

description "Port Channel 1"

channel-group 1 mode on

interface gig 1/0/24

description "Port Channel 1"

channel-group 1 mode on

Obs: Dont forget to config Etherchannel in your MODEM

For each vlan, check NAT configuration to allow internet.

Set each port as specific vlan that you need.

Jaderson Pessoa
*** Rate All Helpful Responses ***

kennyrogersjr · ‎03-08-2019

Jaderson Pessoa,

Looking at these blocks:

interface port-channel 1
description LB_MODEM
switchport mode access

interface gig 1/0/12
description "Port Channel 1"
channel-group 1 mode on

interface gig 1/0/24
description "Port Channel 1"
channel-group 1 mode on

Since 25 is the first connection to the modem, the port-channel would be 25, correct? With that, would I be able to use 12, 24, and 26 as a channel-group, as well, just like you did above? We were debating this back at the office, but none of us knew if it would work.

I'll start configuring now to check it out. If if works, well, I guess you just killed my discussion...but in a good way.

Ken

Jaderson Pessoa · ‎03-08-2019

Since 25 is the first connection to the modem, the port-channel would be 25, correct? Yes, it is. With that, would I be able to use 12, 24, and 26 as a channel-group, as well, just like you did above? Of course, you just need change as you need. We were debating this back at the office, but none of us knew if it would work.

I'll start configuring now to check it out. If if works, well, I guess you just killed my discussion...but in a good way.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Seb Rupik · ‎03-08-2019

Hi there,

while @Jaderson Pessoa reply is correct, do you actually know if your modem supports etherchannel? If it is just your standard ISP device I would be stunned if it did!

The other option you have is just to connect two links from the SG350 to the modem. Assuming the modem participates in STP it should choose one as a root port and block the other. Is the modem really is a simple device there is a good chance that it may just take the BPDU sent from SG350 and switch it back up the other link. The SG350 will detect this as a loop and put the port in err-disabled.

If the pair of un-bundled links does work, you will at least have redundant links to the modem but incur a small delay in the event of link failure whilst STP re-converges.

cheers,

Seb,

kennyrogersjr · ‎03-08-2019

Stunned you will not be. I just finished reading through the two sg350 guides (admin & CLI) and STP is the end-game option. My modem is a simple AT&T BGW210, etherchannel isn't an option. I still want to see if it'll internally load-balance, because there are options for it. It'll take me some time to compile my list of commands I need to write and I now need to wait until after everyone is near bed to play with the configs.

Seb Rupik · ‎03-08-2019

The only other load balancing option you have would be to run a pair of Layer3 links from the modem to the SG350 and use PBR to pick one of the links towards the modem depending on the source subnet.

However, I doubt the modem will allow you create another 'inside' subnet/ interface which you could use for the Layer3 links back to the SG350.

Secondly you will need a router to perform the PBR, which the SG350 cannot do.

Given your hardware, STP redundancy is the best you can achieve, there is not much you can do to create a pair of forwarding links towards the modem.

Cheers,

Seb.

kennyrogersjr · ‎03-19-2019

I used everyone's suggestions and was able to correctly, and without console, change all IPs necessary, add the VLANs, and build the Po1 channel. But, I can't figure out how to let the in out or the out in the network. I hate ATTs modem, btw. But, i think i just need to add a static route or routes. How can i tell the switch to send traffic from 10.10.1.1 (switch Po1) to 192.168.1.6 (modem)?
I really want to post this from my pc, but...no Internet...

leecoxhouse1 · ‎03-26-2019

I would like to try one of these SG350 switches. I have a Cisco SG300-28 which I use in layer3 mode and a Cisco RV340 router. My switch does all my local routing. I have a router VLAN which I created for the router using a 30 bit mask. The router VLAN has one port which is an access port. This forces the layer 3 switch to route. Use the router as your default gateway for the switch. Then add routing statements to your router for all non-connecting networks defined on the layer 3 switch. I really want to try this on a SG350 switch. I think it is the way to go. DHCP needs to be setup on the switch. The router is hard coded with no DHCP.