VLANS On Cisco SF300

C. S. · ‎11-04-2014

I have two SF300's I'm working with, one is a 24 port the other is an 8 port.
My situation is I have location A in one part of town and Location B in another part of town, the two locations are connected via Fiber. Location A (8 Port Switch) has 3 different networks for different purposes. The network scheme being used is:
VLAN 1 - 192.168.200.
VLAN 2 - 192.168.202.
VLAN 3 - 192.168.205.
I have the VLANs setup on both sides of the fiber with all ports being protected from each other except for port 1 which is being used on both sides for fiber connection.
At Location B (24 Port Switch), I need to have VLAN 1 going to ports 2-12, VLAN 2 going to 13-16, and VLAN 3 going to 17-24.
I am able to pick up the .200 network while on ports 2-12 as well as any of the other ports, and if I set a static IP while in ports 17-24 I can get the .205. I am unable to pick up via DHCP the .202 network while in it's respective ports though. I do however pick up the .202 network while in VLAN 1 ports, which I do not want.

Please help!
I have protected and blocked all that I know to and am still getting crossover into the other networks.

Thanks,
Adam

Aleksandra Dargiel · ‎11-04-2014

Hi Adam,

I am a bit confused... but are those VLANs local and routed by switch or global? What do you mean by "picking up VLAN"? Unicast or broadcast traffic?

I am afraid we might need more information in regards the topology and how the testing has been done.

Kind regards,

Aleksandra

C. S. · ‎11-05-2014

I'm sorry, I should have explained better.

The VLANs are all local, and are being routed by a sonicwall firewall that is also the router.

Right now, it is probably broadcast, just because I have not changed anything regarding the actual traffic. Is there a way to shape the traffic within the SF300s (e.g. Unicasting)?

When I said picking up DHCP, I was meaning that while in a VLAN 1 port, I am sometimes getting a VLAN 2 IP via DHCP.

I need to have it so that while in VLAN 2 ports on the 24 port switch, I am only getting the corresponding VLAN 2 IP scheme that should be coming from the 8 port switch (main). And the same goes for all other VLANs, they should not be able to reach / cross over to any of the other VLANs .

So basically what I need is for 3 VLANs to go through port 1 on the 8 port, travel through the fiber connection to the second location, come into port 1 on the 24 port and distribute out to the corresponding marked VLANs on the 24 port.

If you have any guidance on that, I would appreciate it.

Thanks,

Aleksandra Dargiel · ‎11-10-2014

Hello,

The basic idea is:

1. port with end hosts should be set in access mode with ONLY one respective VLAN

2. ports connecting to another switch, firewall etc. should be configured as trunk with:

--> all VLANs tagged

--> management VLAN untagged

--> Port VLAN ID (PVID) matching the management VLAN

This way the broadcast domain should be extended up to the DHCP server or DHCP relay agent. Normally broadcast is used mainly during obtaining DHCP address and when searching for other host mac address, ARP. Broadcast is not routable and it will not cross VLANs if above recommendations are followed.

Other than that most of the traffic is unicast. Unicast is routable and this is how you would have for example internet access.

I hope it helps a bit :-)

Aleksandra