Solved: Re: Cannot get simple VLAN setup to work

AJ_YYZ · ‎07-12-2020

New to networking, testing at home lab trying to setup 2 VLANs on Layer 3 enabled SB500, VLAN setup seems fine but I cannot ping the gateway/firewall from the switch and cannot got in the internet from either of the 2 VLAN I created. Can someone point me in the right direction? I seem to be missing something basic n the setup that I could not catch in all the forum posts I read through and the youtube videos I watched trying to setup Layer 3 routing and VLANs on the switch.

for simplicity, what I am trying to do is setup 2 VLANs on L3 switch SB500 and have internet connectivity from both of those VLANs and intervlan connectivity without going through the gateway (not looking for router on the stick setup)

Network:

Unifi Dream Machine Pro (Gateway Router/Firewall) (192.168.1.1)

Cisco SB500 in L3 (vlan1 192.168.1.235)

Created VLAN10

Created VLAN20

Interface GE1 - Access, untagged - PVID10

Interface GE2 - Access untagged - PVID20

Interface GE24 - Trunk to Dream Machine Pro

IPv4 Interface for VLAN10 192.168.10.1

IPv4 interface for VLAN20 192.168.20.1

I have also enabled DHCP for both VLANs and setup Network Pools

At this point, I can connect PC1 to GE1 and get an IP from DHCP on the switch, I can access the switch via 192.168.1.235 and via 192.168.10.1

I can SSH on the gateway router (Dream Machine Pro) and I can ping Vlan1, Vlan10 and Vlan20 IPs

I cannot however ping the gateway from the switch, neither can I go on the internet from VLAN10 or 20

Am I missing a static route on the switch and/or on the gateway router or am I missing something else? if I try to get on the internet, Chrome just says at the bottom Resolving Host, I tried IP of yahoo.com but still no go.

AJ_YYZ · ‎07-14-2020

Hi All,

My issue regarding setting up Cisco SB500 (Layer 3) with Unifi Dream Machine Pro is resolved.

What I was missing 2 things:

1) Static route on the Dream Machine (my default gateway router) for VLAN10 and the VLAN1

This enabled me ping my default gateway and internet IP addresses then I knew the issue is with DNS only since I was still not able to access yahoo.com

2) I added DNS in Network Pools settings for VLAN10 (Domain Name Server IP Address (Option 6): 192.168.1.1)

Above steps is what I needed to get to the internet from VLANs, now on to connecting PoE APs to the switch and configuring SSIDs for IoT devices and putting them on a separate VLAN than personal devices.

Screen Shot 2020-07-14 at 5.52.26 PM.png

Screen Shot 2020-07-14 at 5.52.14 PM.png

View solution in original post

Deepak Kumar · ‎07-12-2020

Hi

What is the default gateway on your systems?

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

AJ_YYZ · ‎07-12-2020

Ubiquiti Dream Machine Pro (192.168.1.1)

Cable Modem (Bridge Mode) > Dream Machine Pro > Cisco SB500

AJ_YYZ · ‎07-14-2020

Hi @Deepak Kumar

its 192.168.1.1 (Dream Machine Pro) which is connected to the internet through bridged cable modem.

I am able to setup InterVLAN connectivity with switch being in Layer 3 mode. I can get an IP from DHCP on the switch. I can open the switch interface from browser using Vlan1 IP and VLAN10 IP.

I just cannot ping the default gateway and neither can I get on the internet from VLAN10 that I created.

Georg Pauwen · ‎07-12-2020

Hello,

in addition to the overhead using the SB500 as a layer 3 switch, it is also a lot more complicated to configure it and to get Internet connectivity. Is it an option to use the SB500 as just a layer 2 switch ? I would just create the Vlans, and the use the Ubiquity as DHCP server and router, as outlined in the video below:

https://www.youtube.com/watch?v=so_DM10V8M4

AJ_YYZ · ‎07-12-2020

Hi George

I will give that a try but the reason I was trying to setup the switch as layer 3 is because I was under the impression that layer 2 carries more overhead in router on stick setup (everything across vlans will need to go through the gateway router). For example if I want to simply look at the security camera on vlan2 from vlan1, that traffic will go through the router. Am I wrong?

thanks,

Georg Pauwen · ‎07-13-2020

Hello,

you are right. But unless your local traffic is very heavy, the router on a stick setup shouldn't be a problem. With most networks, Internet traffic outweighs local traffic anyway. I would try to get it to work using the video, and check if you experience any delays with the local traffic after that...

AJ_YYZ · ‎07-13-2020

I followed the steps from the video but I am getting a self-assigned IP on the computer connected to VLAN10 port instead of IP being assigned from the Unifi Dream Machine Pro.

Do I need to enable DHCP relay on the switch?

switchc33a0c#show vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN

Vlan       Name           Tagged Ports      UnTagged Ports      Created by    
---- ----------------- ------------------ ------------------ ---------------- 
 1           1                             gi1/1-28,Po1-32          V         

switchc33a0c#conf
switchc33a0c(config)#int Ge1/24
switchc33a0c(config-if)#switchport mode trunk
switchc33a0c(config-if)#end
switchc33a0c#conf
switchc33a0c(config)#vlan 10      
switchc33a0c(config)#int GE1/1
switchc33a0c(config-if)#switchport mode access
switchc33a0c(config-if)#switchport access vlan 10
switchc33a0c#show vlan       
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN

Vlan       Name           Tagged Ports      UnTagged Ports      Created by    
---- ----------------- ------------------ ------------------ ---------------- 
 1           1                             gi1/2-28,Po1-32          V         
 10         10                                  gi1/1               S

AJ_YYZ · ‎07-14-2020

Hi All,

My issue regarding setting up Cisco SB500 (Layer 3) with Unifi Dream Machine Pro is resolved.

What I was missing 2 things:

1) Static route on the Dream Machine (my default gateway router) for VLAN10 and the VLAN1

This enabled me ping my default gateway and internet IP addresses then I knew the issue is with DNS only since I was still not able to access yahoo.com

2) I added DNS in Network Pools settings for VLAN10 (Domain Name Server IP Address (Option 6): 192.168.1.1)

Above steps is what I needed to get to the internet from VLANs, now on to connecting PoE APs to the switch and configuring SSIDs for IoT devices and putting them on a separate VLAN than personal devices.

Screen Shot 2020-07-14 at 5.52.26 PM.png

Screen Shot 2020-07-14 at 5.52.14 PM.png