In need of help - SG300-20

jeclutterbuck · ‎07-25-2011

I've posted a couple of times but really haven't heard back.

I have an SG300-20 in layer 3 mode. I have a generic, non vlan-aware gateway.

I'm trying to setup a few vlans. if possible, i don't want to use VLAN1 because that's adminstrative.

I've created VLAN2 and i want it to be used as the VLAN in which all the other VLANS access the internet by, thus relinquishing the gateways only duties to firewalling.

if there's any inter-VLAN communication going on, it would be done via VLAN2.

I just can't to save my life, figure out how to make it work.

the ips are as follows:

gateway: 192.168.1.1

SG300

VLAN1 192.168.1.2

VLAN2 192.168.2.1

VLAN3 192.168.3.1

VLAN4 192.168.4.1

when i want to get to the gui of the sg300, i use 192.168.1.2..

the default vlan is set to vlan1, which i guess it should stay that way? like i said, it's for administrative purposes only.

all means of getting out to the internet for all pcs (assuming they're allowed out on the web) would be through VLAN2, no one would have access (other than me) to VLAN1.

help!

-Jeff

David Hornstein · ‎07-26-2011

Hi Jeff,

Like ar router, the SG300 in layer 3 mode behaves like a Layer 3 switch, so you have to tell it where to send packets. The switch is not as sophisticated in terms of software features when compared to traditional TAC supported switches, so it doesn't include any routing protocols. But it is priced accordingly, very cost effective.

Static route in SG300

So I do hope that you have added a default route to the SG300

ip=0.0.0.0 mask=0.0.0.0 nexthop=192.168.1.1

Static route in WAN router

Also you must tell the WAN router where these new networks are.

In the WAN router some static routes pointing back to the SG300 are needed

ip=192.168.2.0 mask=255.255.255.0 nexthop=192.168.1.2

ip=192.168.3.0 mask=255.255.255.0 nexthop=192.168.1.2

ip=192.168.4.0 mask=255.255.255.0 nexthop=192.168.1.2

or If the SG300 contains all your 192.168.X.X networks, one summarized static route would do;

ip=192.168.0.0 mask=255.255.0.0 nexthop=192.168.1.2

try that, and remember to save your configuration.

regards Dave

jeclutterbuck · ‎07-26-2011

Hey Dave!

Thanks so much for getting back to me. I'll have to try what you suggested when i get home.

What i'm trying to do is, as you put it, to have all off my 192.168.x.x networks contained in the switch itself.

all VLANS communicate through the switch, and only when someone wants to get out onto the web does the gateway come into play.

on the switch, VLAN2 will be the internet VLAN, not VLAN1. is this possible, or do i have to go in and set VLAN2 as the default VLAN?

Also, do i change the lan-side ip address of the gateway to 192.168.2.x or leave it as X.X.1.1?

Thanks a lot!

-Jeff

jeclutterbuck · ‎07-26-2011

Hey Dave,

I tried as you said but it didn't work, any other suggestions?

Thanks

-Jeff

David Hornstein · ‎07-26-2011

Hi jeff,

Fredrick Barnard coined the phrase "a picture is worth a thousand word."

Would you be so kind as to;

1. draw a picture of the hypothetical network

a scanned neat paper and pencil diagram is fine
microsoft paint, is fine as well as a alternative
include all IP addresses of attached IP hosts and the ports you want them on.

Save a copy of the existing configuration and attach it in your next posting..

We'll get this nailed down.

regards Dave

jeclutterbuck · ‎07-28-2011

here's that diagram i was talking about;

SO, i'm not using my WAN router for anything other than a gateway.. i will create static routes on the switch.

I believe it was you who told me to use 192.168.0.0 255.255.0.0 as the routing statement, but i must be doing something wrong because i tried that and it still didn't work.

So i guess we can try taking it from here.

What should my next step be or do you need any more info?

Thanks for all your help!

-Jeff