SG350 VLAN Routing and Default Gateway

tp147 · ‎05-02-2023

Hello,

I'm Thorsten from Germany and new to this Forum.

I have a SG350 28 Port Switch and I have Problems with configuring VLANs, VLAN Routing DHCP and connection with the Standard Gateway on the Firewall (192.168.1.1)

So long I have only VLAN1 (DHCP Client disabled) with its Interface 192.168.1.254, IP Range from .101 to .199, Default Router = 192.168.1.1 and DNS Server IP = 8.8.8.8 my network works fine and all Clients (MACs, Win11, FreeBSD) can connect to the Switch, have Internet Access and can Ping each other.

Now I added VLAN10 with its Interface 192.168.10.254 and a 2nd DHCP Address Pool from .101 to .199 and DNS Server =8.8.8.8

1st Problem is, I cannot add the Default Gateway 192.168.1.1, because it is not in the same Network

So the Clients on the 192.168.10.0 Network gets the 192.168.10.254 as the default router and Internet access doesn't work as well as pinging the other Clients from VLAN 1.

IPv4 Routing is enabled and I created a default route = 0.0.0.0 192.168.1.1 length=0 metric=4

With Manuel configuration on clients network interface ist works and Ping is enabled in Win11 Firewall

Firmware was updated recently last week to the newest version and I added a tech support file form switch diagnostics.

I've watched every Video from CISCO tech talks and others and read several docs I'd found but I can find a mistake

Where is my mistake? What can I do get the inter VLAN Routing work and get Internet access to the clients with auto DHCP Config?

Every Help will be appreciated & sorry for my "German English"

Thanks & Regards

Thorsten

Flavio Miranda · ‎05-02-2023

Hi

To enable IP Routing all you need to do is check the box in IPV4 Configuration and IPv4 Interface

But you problem may not stop here. The way to connect this switch to internet should be using a Router not a firewall.

The problem your are facing is happening because the switch and the gateway (firewall on this case) should be connected using Trunk and not Access Interface. When you have more than one vlan, you need to have a trunk in between in order to tag the traffic and separate it accordingly.

If your firewall understand trunk, you can create a "Router on a stick" topology and make it to work, but if not, you will need a router in between.

tp147 · ‎05-03-2023

Thanks so far,

the firewall is a pfSense on a 4core Celeron which is also a router. when I configure all ip addresses and gateways manually it works. So I want the DHCP Server doing this for me...

But, I'm afraid the switch has a defect, because, when I try to add an IPv4 Interface the switch hangs immediately in that moment I click apply and I have to perform a cold reboot. The same happens when enabling DHCP after adding a pool and also adding a new interface through ssh cli.

So after factory reset I only have VLAN1 in its 192.168.1.0 network. The first problems came up as I configured the port to the firewall as a trunk. The switch becomes slower and slower until it hangs. A cold reboot ends up in the same status so I performed a cold factory reset.

since then I can add a new VLAN but when I try to add a new Interface to the new VLAN the switch hangs.

What is your opinion?

Thanks & Regards

Thorsten

Flavio Miranda · ‎05-04-2023

This switch is a layer2 switch, I dont believe you have have DHCP server on it. And the problem with trunk can be incompatibility or misconfiguration.

As I said, I would you recommend you to get a router and add it between the switch and the Firewall.

tp147 · ‎05-04-2023

Hi,

I have to disagree with you:

As you can see, The Switch has a DHCP Server Option and I configured an IP Pool to provide IPv4 addresses to clients, furthermore it works before the issues came up

And I can also switch the Ports to a Layer 3 Mode

Regards

Thorsten

Flavio Miranda · ‎05-04-2023

Got it. I did not check the datasheet, sorry.