Solved: Re: 2 SG550-x switches wont communicate - Page 2

Jah8887 · ‎03-15-2018

Right now I have a firewall with a switch(BSW1) on the same and only vlan(vlan 1) that can communicate and the pcs can get out to the internet. I attached another SG550-x switch using an SFP cable on ports te1/0/2 on both switches. I am looking to set it up so that the 2nd switch can support vlan 1 plus 2 other vlans on specific ports. I have tinkered with it and tried multiple solutions but I can't seem to get the trunking to work between the switches. I have attached running configurations of both switches. I am probably overlooking something or missing something simple but I can't seem to find it.

SW1 - Switch 1 that connects directly to firewall inside interface

SW2- Switch 2 that connects directly to switch 1 using SFP cable.

BSW1
v2.3.5.63 / RLINUX_923_093
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 9-10
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
port-channel load-balance src-dst-mac-ip
bonjour interface range vlan 1
hostname BSW1
line console
exec-timeout 5
exit
line ssh
exec-timeout 5
exit
line telnet
exec-timeout 5
exit
logging origin-id hostname
logging file notifications
username Techman password encrypted 6ca1abfa2ab82599f5277ec0a5786098feb01bb4 privilege 15
ip ssh server
snmp-server location Luray
snmp-server contact John
ip http timeout-policy 300
clock timezone " " -5
clock summer-time web recurring usa
no clock source sntp
ip domain name Bluemont
ip name-server 192.168.1.160
!
interface vlan 1
ip address 192.168.1.149 255.255.255.0
no ip address dhcp
!
interface vlan 9
name BSW2
!
interface vlan 10
name BSW2POE
!
interface GigabitEthernet1/0/5
speed 100
no negotiation
!
interface GigabitEthernet1/0/6
speed 100
no negotiation
!
interface GigabitEthernet1/0/7
speed 100
no negotiation
!
interface GigabitEthernet1/0/12
switchport trunk native vlan none
!
interface GigabitEthernet1/0/14
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/16
spanning-tree link-type point-to-point
switchport mode trunk
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/19
speed 100
no negotiation
!
interface GigabitEthernet1/0/22
channel-group 23 mode auto
switchport protected-port
!
interface GigabitEthernet1/0/23
channel-group 23 mode auto
switchport general allowed vlan add 1 tagged
switchport protected-port
switchport trunk allowed vlan remove 2-4094
!
interface GigabitEthernet1/0/24
switchport mode trunk
!
interface TengigabitEthernet1/0/2
description "Trunk to BSW2"
ip address 192.168.9.1 255.255.255.0
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan none
switchport trunk allowed vlan remove 2-8,11-4094
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface Port-Channel23
description S1
switchport general allowed vlan add 1 tagged
switchport trunk native vlan none
!
exit
macro auto enabled
macro auto processing type ip_phone disabled
macro auto processing type router enabled
arp 192.168.1.160 98:f2:b3:ed:97:35 vlan1
ip route 192.168.1.0 /24 192.168.1.1
ip route 192.168.9.0 /24 192.168.1.1

BSW2
v2.3.0.130 / RLINUX_913_193
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
unit-type unit 5 network gi uplink te
unit-type unit 6 network gi uplink te
unit-type unit 7 network gi uplink te
unit-type unit 8 network gi uplink te
unit-type-control-end
!
vlan database
vlan 9-10
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network "Pub Wireles"
address low 192.168.10.140 high 192.168.10.160 255.255.255.0
lease 8
dns-server 208.67.222.222
no auto-default-router
exit
bonjour interface range vlan 1
ip access-list extended Router
exit
hostname BSW2
line console
exec-timeout 5
exit
line ssh
exec-timeout 5
exit
line telnet
exec-timeout 5
exit
username Techman password encrypted 6ca1abfa2ab82599f5277ec0a5786098feb01bb4 pri vilege 15
ip ssh server
snmp-server location Luray
snmp-server contact John
ip http timeout-policy 300
ip domain name bluemont
ip name-server 208.67.222.222
!
interface vlan 1
name Internal
no ip address dhcp
!
interface vlan 9
name "Router to Switch 10"
!
interface vlan 10
name Public
ip address 192.168.10.150 255.255.255.0
!
interface GigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 10
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/2
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 10
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/3
switchport access vlan 10
!
interface GigabitEthernet1/0/4
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 10
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/9
switchport access vlan 10
!
interface GigabitEthernet1/0/10
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/11
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/12
spanning-tree link-type point-to-point
switchport mode trunk
switchport protected-port
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/13
switchport access vlan 10
!
interface GigabitEthernet1/0/14
switchport access vlan 10
!
interface GigabitEthernet1/0/15
switchport access vlan 10
!
interface GigabitEthernet1/0/16
switchport access vlan 10
!
interface GigabitEthernet1/0/23
spanning-tree link-type point-to-point
switchport mode trunk
switchport general allowed vlan add 9 tagged
switchport access vlan 9
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet1/0/24
storm-control broadcast level 10
spanning-tree link-type point-to-point
switchport access vlan 9
switchport trunk native vlan 9
switchport trunk allowed vlan remove 1-8,11-4094
macro description router
macro auto smartport type router $native_vlan 9
!
interface TengigabitEthernet1/0/1
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 10
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface TengigabitEthernet1/0/2
description "Trunk Vlan1 BSW2"
ip address 192.168.9.2 255.255.255.0
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan none
switchport trunk allowed vlan remove 2-8,11-4094
macro description "switch "
macro auto smartport type switch $native_vlan 1,9,10
!
exit
macro auto enabled
macro auto processing type ip_phone disabled
mac address-table static ec:1d:8b:b1:e7:b1 vlan 9 interface GigabitEthernet1/0/2 4
ip route 192.168.1.0 /24 192.168.9.1
ip route 192.168.10.0 /24 192.168.9.1

Deepak Kumar · ‎03-25-2018

Hi,

Then I am advised to you that you have to reconfigure both switches and add an L3 switch on top of both switches (Between Sw1 and Firewall) and create SVI (VLAN 9 & VLAN 10) on the L3 switch and create both VLANs on both L2 switches. So there will no routing required on your L2 switches. All routing parts will be done by your L3 switch as Intervlan routing and a default route to ASA also.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Jah8887 · ‎03-25-2018

I could potentially use this Cisco 4331 router to do that then correct? I would place it after the firewall like so

Asa > Router > SW1 > SW2

Deepak Kumar · ‎03-25-2018

Yes,

You are correct.

Regards,

Deepa Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Jah8887 · ‎03-25-2018

I appreciate all the assistance in helping me work on this issue over the past few days.