Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
5
Replies

Configure a vlan on SG350X

double00kevin
Level 1
Level 1

‎07-03-2019 07:19 AM - edited ‎07-03-2019 07:34 AM

Definitely different when trying to use CLI on this thing and the GUI is horrible but I gotta work with what I got. 

 

My network topology is simple.  My SG350X is connected directly to a firewall, which is serving up IP addresses via DHCP to the current network, 172.x.x.x/24.     I'm just trying to add a VLAN for a second set of computers.  I don't care about any inter-vlan routing......I just need another vlan, which can access the internet.   

 

I've got some basic knowledge of networking but for the life of me, I can't figure out the best way to set this up.  Does anyone at all have any guidance??

0 Helpful
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎07-03-2019 07:37 AM

Hi there,

Try this config:

!
vlan 2
vlan 10
vlan 20
!
int vlan 2
  ip address 10.10.2.1 255.255.255.252
!
int vlan 10
  ip address 10.10.10.254 255.255.255.0
  ip dhcp relay enable
!
int vlan 20
  ip address 10.10.20.254 255.255.255.0
  ip dhcp relay enable
!
ip route 0.0.0.0 0.0.0.0 10.10.2.2
!
ip dhcp relay address 10.10.2.2
ip dhcp relay enable
ip dhcp information option
!
int gi1
  desc LINK_TO_FIREWALL
  switchport mode access
  switchport access vlan 2
  no shut
!
int gi2
  switchport mode access
  switchport access vlan 10
  no shut
  spanning-tree portfast
!
int gi3
  switchport mode access
  switchport access vlan 20
  no shut
  spanning-tree portfast
!

Connect the switch gi1 to your firewall. Configure the firewall interface with the address 10.10.2.2 /30 (either as a routed interface or SVI). Configure the firewall to NAT the subnets 10.10.10.0/24 and 10.10.20.0 /24 .

Ensure that you have configured DHCP pools on your firewall for VLANs 10 and 20 and that it is listening on the interface connected to the switch. Or we can look at configuring DHCP directly on the SG350X itself.

 

cheers,

Seb.

 

0 Helpful

double00kevin
Level 1
Level 1
In response to Seb Rupik

‎07-03-2019 07:45 AM

I just got word that I can only turn DHCP off on the firewall, I dont have access to make any other config changes.  So, with that being said, I will have to look at DHCP directly on the SG350X itself.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to double00kevin

‎07-03-2019 08:17 AM

OK, remove all mention of ip dhcp helper from the previous config and add in :

!
ip dhcp server
!
ip dhcp pool network V10
  address low 10.10.10.1 high 10.10.10.253 255.255.255.0
  default-router 10.10.10.254
  dns-server 8.8.8.8
!
ip dhcp pool network V20
  address low 10.10.20.1 high 10.10.20.253 255.255.255.0
  default-router 10.10.20.254
  dns-server 8.8.8.8
!

cheers,

Seb.

0 Helpful

double00kevin
Level 1
Level 1
In response to Seb Rupik

‎07-03-2019 09:08 AM

Not 100% sure what/where you are talking about IP helper?  

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to double00kevin

‎07-03-2019 02:58 PM

Sorry, I was getting my platform config confused. The final config should look like this:

!
vlan 2
vlan 10
vlan 20
!
int vlan 2
  ip address 10.10.2.1 255.255.255.252
!
int vlan 10
  ip address 10.10.10.254 255.255.255.0
!
int vlan 20
  ip address 10.10.20.254 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.2.2
!
ip dhcp server
!
ip dhcp pool network V10
  address low 10.10.10.1 high 10.10.10.253 255.255.255.0
  default-router 10.10.10.254
  dns-server 8.8.8.8
!
ip dhcp pool network V20
  address low 10.10.20.1 high 10.10.20.253 255.255.255.0
  default-router 10.10.20.254
  dns-server 8.8.8.8
!
!
int gi1
  desc LINK_TO_FIREWALL
  switchport mode access
  switchport access vlan 2
  no shut
!
int gi2
  switchport mode access
  switchport access vlan 10
  no shut
  spanning-tree portfast
!
int gi3
  switchport mode access
  switchport access vlan 20
  no shut
  spanning-tree portfast
!

cheers,

Seb.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card