My cisco sg300 switch is not sending any traffic to my firewall?

kishore · ‎02-19-2018

i have configured the firewall to lease dhcp ip, created vlan, qos.

The configuration done on the switch are only

Switch(config)# int gi6

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 10

But still the Gi6 port shows the old ip of vlan 1 ie: 192.168.100.45, instead it should come as 192.168.10.2

Is there any other configurations necessary to be done in the switch to lease the ip and the pc shall get the ip as 192.168.10.2 of vlan 10.

Please help me.

Seb Rupik · ‎02-19-2018

Hi there,

Is the SG300 configured with a SVI in VLAN10? Do you have a DHCP pool for 192.168.100.0/24 ?

cheers,

Seb.

kishore · ‎02-19-2018

port a of firewall is connected to my switch.

So the port a is configured as 192.168.100.0

Seb Rupik · ‎02-19-2018

Hi there,

If one switchport on the SG300 is in access mode using VLAN10 and is connected to the firewall port which is providing DHCP leases, and the another switchport (Gi6) is in access mode using VLAN10 and is connected to an enduser device, then you would expect that device to receive a DHCP lease in the 192.168.100.0/24 subnet. Just changing the VLAN Id will not change the subnet.

Please can you provide the running config of the switch.

cheers,

Seb.

kishore · ‎02-19-2018

switch94ae9f#sh run

interface vlan 1
ip address 192.168.100.101 255.255.255.0
no ip address dhcp
!
interface gigabitethernet1
switchport mode access
!
interface gigabitethernet2
switchport mode access
!
interface gigabitethernet3
switchport mode access
!
interface gigabitethernet4
switchport mode access
!
interface gigabitethernet5
switchport mode access
!
interface gigabitethernet6
switchport mode access

switchport access vlan 10
!
interface gigabitethernet7
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
switchport mode access
!
interface gigabitethernet10
switchport mode access
!
interface gigabitethernet11
switchport mode access
!
interface gigabitethernet12
switchport mode access
!
interface gigabitethernet13
switchport mode access
!
interface gigabitethernet14
switchport mode access
!
interface gigabitethernet15
switchport mode access
!
interface gigabitethernet16
switchport mode access
!
interface gigabitethernet17
switchport mode access
!
interface gigabitethernet18
switchport mode access
!
interface gigabitethernet19
switchport mode access
!
interface gigabitethernet20
switchport mode access
!
interface gigabitethernet21
switchport mode access
!
interface gigabitethernet22
switchport mode access
!
interface gigabitethernet23
switchport mode access
!
interface gigabitethernet24
switchport mode access
!
interface gigabitethernet25
switchport mode access
!
interface gigabitethernet26
switchport mode access
!
interface gigabitethernet27
switchport mode access
!
interface gigabitethernet28
switchport mode access
!
interface gigabitethernet29
switchport mode access
!
interface gigabitethernet30
switchport mode access
!
interface gigabitethernet31
switchport mode access
!
interface gigabitethernet32
switchport mode access
!
interface gigabitethernet33
switchport mode access
!
interface gigabitethernet34
switchport mode access
!
interface gigabitethernet35
switchport mode access
!
interface gigabitethernet36
switchport mode access
!
interface gigabitethernet37
switchport mode access
!
interface gigabitethernet38
switchport mode access
!
interface gigabitethernet39
switchport mode access
!
interface gigabitethernet40
switchport mode access
!
interface gigabitethernet41
switchport mode access
!
interface gigabitethernet42
switchport mode access
!
interface gigabitethernet43
switchport mode access
!
interface gigabitethernet44
switchport mode access
!
interface gigabitethernet45
switchport mode access
!
interface gigabitethernet46
switchport mode access
!
interface gigabitethernet47
switchport mode access
!
interface gigabitethernet48
switchport mode access
!
exit

Seb Rupik · ‎02-19-2018

With the exception of Gi6, all the switchports will be in the default VLAN1. If you connect the firewall to Gi1 and host to Gi2. Providing DHCP and the firewall interface have been correctly configured you should get a DHCP lease in the correct subnet.

cheers,

Seb.

kishore · ‎02-19-2018

So you are saying that there no other additional configurations required for the switch. Actually the port from firewall to switch's port is truncated.

Seb Rupik · ‎02-20-2018

OK, if your firewall is adding VLAN tags to the frames leaving its interface, then you will need to configure the SG300 switchport to suit. You can then configure the remaining switchports in access mode in the relevant VLANs.

What is the interface (VLAN) configuration of the firewall interface?

cheers,

Seb.

Georg Pauwen · ‎02-20-2018

Hello,

on a side note, your configuration (if the one you posted is the full one) looks very rudimentary. You have no Vlan 10 interface, no routing, no trunk, no dhcp relay enabled anywhere. What does your network look like, are you trunking to a layer 3 device that does the routing ? Is the switch in layer 2 or layer 3 mode ? And last but not least, are you running the latest firmware (1.4.8.06 is the latest) ?

Sorry for all the questions...;)