06-09-2013 08:09 PM
Greetings.
I just recently purchased the SG500-52 Switch and is currently trying to configure the device for inter-VLAN connection and internet access.
I have set the device to L3 Mode. The gateway config IP is 192.168.9.254. The default VLAN ID is 1. The PC used for configuring the switch is plugged into the GE2 LAN port, and the internet is plugged into the GE48 LAN port.
I have 3 VLANs set up. VLAN 20 for Sales, VLAN 60 for Accounting, and VLAN 90 for IT. Port membership are as follows. All untagged
- GE1,GE2,GE25,GE26 are VLAN 20
- GE6 is VLAN 60
- GE9 is VLAN 90
- GE48 has membership of all VLANs. (1UP, 20T, 60T, 90T)
All ports are set to trunk mode, except for GE48, which has been set to General. IPs are manually configured with DHCP turned off.
From this PC (192.168.20.1), I can Ping and detect the computers within the same VLAN (VLAN 20) but computers in the different VLAN is completely inaccessible. Furthermore, I cannot access the internet.
Please help. Any suggestions would be appreciated. If you need more info, please do ask.
P.S. Sorry for my English.
06-09-2013 09:48 PM
you need to assign an IP for each VLAN and make that the default gateway for the devices using that VLAN. What is 192.168.9.254 and what VLAN is it in? Also, it does not seem you need trunk ports anywhere they could be access ports, but it is ok to leave as trunks as longs as the untagged PVID is the VLAN you want.
as example-
interface vlan 60
ip address 192.168.60.1 255.255.255.0
interface VLAN 90
ip adress 192.168.90.1 255.255.255.0
06-09-2013 11:36 PM
Thank you for such a prompt response.
192.168.9.254 is the IP for the SG500 itself and it is located in VLAN 1. I configured the switch from VLAN 20 and therefore I used the address 192.168.20.254.
I have set the IPs in all VLAN with the corresponding address (.20.254 for VLAN 20, .60.254 for VLAN 60, .90.254 for VLAN 90). The remaining IPs are left for the client PCs.
I checked the Network Settings in Windows and set the default gateway and DNS to 192.168.20.254, but still couldn't access the internet at GE48.
P.S. - GE48 is a router which handles all internet traffic and has a designated IP of 192.168.9.29 and is a member of VLAN 1.
06-10-2013 08:27 AM
OK a couple more thoughts.
Make sure the ports if left as trunks have native VLAN to be what you want.
i.e.
interface gigabitethernet1
switchport trunk native vlan 60
Do you have a default route for the internet in the switch?
ip default-gateway 192.168.9.29
when you test internet ping 4.2.2.2 or 8.8.8.8 to first rule out DNS issues.
06-10-2013 07:23 PM
The default route for internet has already been assigned (192.168.9.29 as default gateway). When I pinged from the switch (using HyperTerminal), the connections were fine. (Tested, 8.8.8.8, 4.2.2.2, www.google.com, all were successful) However, I could not ping from the client's PC from other VLANs. (Tested from VLAN 20)
Btw, regarding to trunk/access configuration, I experimented with both, except GE48 (to the internet) as General. Still couldn't access to the internet.
06-10-2013 08:29 AM
Also, I see no reason to use trunk ports in your configuration. They can all be access ports since you are doing inter-vlan routing on the switch. The ports you described can just be in the single VLAN and your router can be VLAN1.
06-10-2013 08:37 PM
Can you post switch config? Maybe also ipconfig and trace route from workstation?
Why do you feel you want router on trunk port rather than access vlan1 only?
Sent from Cisco Technical Support iPhone App
06-10-2013 08:54 PM
Here's the "show running" from the switch.
% missin
no ssd file integrity control
SG500(co
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
% bad parameter value
!
vlan database
SG500(con
vlan 20,60,90 gigabitether
exit1
voice vlan oui-table add 0001e3 Siemens_AG_phone________alue
SG500(config)#interface gigabi
voice vlan oui-table add 00036b Cisco_phone_____________d parameter value
SG500(config)#int
voice vlan oui-table add 00096e Avaya___________________
% bad parameter value
SG
voice vlan oui-table add 000fe2 H3C_Aolynk______________
% Unrecognized command
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
% missing mandatory par
passwords aging 0
h
18 by
ip ssh server6
Port gi1/1/
clock timezone " " 7TRUNK.
clock source browser
SG500#
SG5
ip name-server 192.168.9.29
SG500(config)#int
ip domain polling-interval 18:****tems
ip telnet server500(config-if)#s
!t
interface vlan 1ve vlan 20ackets
ip address 192.168.9.254 255.255.255.0ke
SG500(config-if)#11-Jun-2013 09:16:5
ip address 192.168.90.254 255.255.255.0
!
interface gigabitethernet1/1/1
switchport trunk native vlan 20
!
interface gigabitethernet1/1/2
switchport mode access
switchport access vlan 20
!
interface gigabitethernet1/1/6
switchport trunk native vlan 60
!
interface gigabitethernet1/1/9
switchport mode general
switchport general allowed vlan add 90 untagged
switchport general pvid 90
!
interface gigabitethernet1/1/48
spanning-tree portfast
switchport mode access
!
exit
ip default-gateway 192.168.9.29
SG500#
Here's one of the client (VLAN 20) ipconfig
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6ca1:fa53:236e:40e7%11
IPv4 Address. . . . . . . . . . . : 192.168.20.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
Here's the Trace Route from the client.
Tracing route to 192.168.9.29 over a maximum of 30 hops
1 1 ms 4 ms 4 ms 192.168.20.254
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
I'm not sure whether I misconfigured anything. I tried switching GE48 from General to Access. Still no avail.
06-10-2013 09:07 PM
The config didn't show very clean but I don't see anything like
interface vlan 20
IP address 192.168.20.254
Is it there?
Sent from Cisco Technical Support iPhone App
06-10-2013 09:20 PM
Yes, I typed it down to the switch through HyperTerminal.
SG500#config
SG500(config)#interface vlan 20
SG500(config-if)#ip address 192.168.20.254 255.255.255.0
SG500#config
SG500(config)#interface vlan 60
SG500(config-if)#ip address 192.168.60.254 255.255.255.0
SG500#config
SG500(config)#interface vlan 90
SG500(config-if)#ip address 192.168.90.254 255.255.255.0
SG500#config
SG500(config)#interface vlan 1
SG500(config-if)#ip address 192.168.9.254 255.255.255.0
06-10-2013 09:38 PM
Hmm. It would be good to see a clean config to be sure, but I am not sure what is wrong. What kind of router? If it is a firewall it could reject source address from other subnet then internal interface is on.
Sent from Cisco Technical Support iPhone App
06-10-2013 09:43 PM
The router is a Linksys RV042. I'm pretty unconvinced of the firewall since the SG500 switch could ping through and PCs in VLAN 1 could access the internet directly. I would presume that's its an issue with the inter-VLAN internet connectivity.
06-10-2013 09:50 PM
Can you ping router on vlan 1 from pc on vlan 20?
Sent from Cisco Technical Support iPhone App
06-10-2013 09:53 PM
All PCs in other VLANs cannot ping the router at VLAN 1.
06-10-2013 10:00 PM
So inter-vlan is working..
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide