Configure a vlan on SG350X

double00kevin · ‎07-03-2019

Definitely different when trying to use CLI on this thing and the GUI is horrible but I gotta work with what I got.

My network topology is simple. My SG350X is connected directly to a firewall, which is serving up IP addresses via DHCP to the current network, 172.x.x.x/24. I'm just trying to add a VLAN for a second set of computers. I don't care about any inter-vlan routing......I just need another vlan, which can access the internet.

I've got some basic knowledge of networking but for the life of me, I can't figure out the best way to set this up. Does anyone at all have any guidance??

Seb Rupik · ‎07-03-2019

Hi there,

Try this config:

!
vlan 2
vlan 10
vlan 20
!
int vlan 2
  ip address 10.10.2.1 255.255.255.252
!
int vlan 10
  ip address 10.10.10.254 255.255.255.0
  ip dhcp relay enable
!
int vlan 20
  ip address 10.10.20.254 255.255.255.0
  ip dhcp relay enable
!
ip route 0.0.0.0 0.0.0.0 10.10.2.2
!
ip dhcp relay address 10.10.2.2
ip dhcp relay enable
ip dhcp information option
!
int gi1
  desc LINK_TO_FIREWALL
  switchport mode access
  switchport access vlan 2
  no shut
!
int gi2
  switchport mode access
  switchport access vlan 10
  no shut
  spanning-tree portfast
!
int gi3
  switchport mode access
  switchport access vlan 20
  no shut
  spanning-tree portfast
!

Connect the switch gi1 to your firewall. Configure the firewall interface with the address 10.10.2.2 /30 (either as a routed interface or SVI). Configure the firewall to NAT the subnets 10.10.10.0/24 and 10.10.20.0 /24 .

Ensure that you have configured DHCP pools on your firewall for VLANs 10 and 20 and that it is listening on the interface connected to the switch. Or we can look at configuring DHCP directly on the SG350X itself.

cheers,

Seb.

double00kevin · ‎07-03-2019

I just got word that I can only turn DHCP off on the firewall, I dont have access to make any other config changes. So, with that being said, I will have to look at DHCP directly on the SG350X itself.

Seb Rupik · ‎07-03-2019

OK, remove all mention of ip dhcp helper from the previous config and add in :

!
ip dhcp server
!
ip dhcp pool network V10
  address low 10.10.10.1 high 10.10.10.253 255.255.255.0
  default-router 10.10.10.254
  dns-server 8.8.8.8
!
ip dhcp pool network V20
  address low 10.10.20.1 high 10.10.20.253 255.255.255.0
  default-router 10.10.20.254
  dns-server 8.8.8.8
!

cheers,

Seb.

double00kevin · ‎07-03-2019

Not 100% sure what/where you are talking about IP helper?

Seb Rupik · ‎07-03-2019

Sorry, I was getting my platform config confused. The final config should look like this:

!
vlan 2
vlan 10
vlan 20
!
int vlan 2
  ip address 10.10.2.1 255.255.255.252
!
int vlan 10
  ip address 10.10.10.254 255.255.255.0
!
int vlan 20
  ip address 10.10.20.254 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.2.2
!
ip dhcp server
!
ip dhcp pool network V10
  address low 10.10.10.1 high 10.10.10.253 255.255.255.0
  default-router 10.10.10.254
  dns-server 8.8.8.8
!
ip dhcp pool network V20
  address low 10.10.20.1 high 10.10.20.253 255.255.255.0
  default-router 10.10.20.254
  dns-server 8.8.8.8
!
!
int gi1
  desc LINK_TO_FIREWALL
  switchport mode access
  switchport access vlan 2
  no shut
!
int gi2
  switchport mode access
  switchport access vlan 10
  no shut
  spanning-tree portfast
!
int gi3
  switchport mode access
  switchport access vlan 20
  no shut
  spanning-tree portfast
!

cheers,

Seb.