First, thanks for your kind

compromiseddonut · ‎05-13-2015

I just purchased an SG200 switch. I now see that VLANs do not work the same way as say a 2960 does.

First, let me say that if this switch had a CLI, I wouldn't be here. This is my first time ever posting to Cisco forums.

On the SG200, I can not create a new VLAN, assign ports to the new VLAN, and have PCs on that same new VLAN communicate with each other unless I take the 1/2 hour to accidentally get the default VLAN added ALONG WITH the new VLAN I created. (It's really really really hard to figure out how to do that).

I have a default VLAN (1).

I created a new VLAN 4.

I put a PC on port 1, which I assigned to VLAN 4. IP Address 10.41.7.1/24

I put a another PC in port 2, which I also assigned to VLAN 4. IP Address 10.41.7.14/24

From 10.41.7.1, I can't ping 10.41.7.14 and vice versa.

Again, as both are members of the same VLAN, why oh why won't they communicate? if I somehow play with the settings long enough to accidentally get it to show that the port is a member of BOTH VLAN 4 AND the default VLAN 1, they ping. What is the point of having VLANs if they have to be part of the default VLAN to communicate anyway? Seems pointless.

With a Cisco 2960, you, extremely simply, would do...

int range f0/1-2

switchport mode access

switchport access vlan 4

tadah! done. works like a charm. The SG200.... nah! no talkie.

Completely frustrated and utterly lost on the value of this SG200. The really bad thing is it is the very first Cisco switch I've ever sold. Won't sell another SG200 again. But I digress.

Does anyone have any idea how to make this SG200 let 2 machines ON THE SAME VLAN talk WITHOUT having to add them to the default VLAN?

Does anyone have any idea if there is some possible way to get this SG200 to work via Telnet or SSH so I can use CLI?

Thank you in advance,

MB

Richard Burts · ‎05-13-2015

MB

It is too bad that switches like this do not have a usable CLI but Cisco apparently thinks that there is a market with people who prefer a GUI to do their configuration. I have not used the SG200 and so can not talk about it from experience. I am under the impression that there is no option (not telnet, not SSH, not anything) that gets you to a CLI for configuration.

I found this document which describes how to use the GUI to configure VLANs. Perhaps something in it will be helpful.

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/Cisco_200Sx_v1_4_AG.pdf

HTH

Rick

HTH

Rick

Charles Hill · ‎05-13-2015

Are the ports configured as access ports and untagged?

Below info is from the config guide:

If the interface VLAN mode is Access, only one VLAN can be selected

and the Untagged option must be selected for the interface.

Untagged

—Select Untagged if the packets from the VLAN egress to the

port are to be untagged. Otherwise, select Tagged. An access port is always

untagged. A general port is untagged by default. This option is relevant only

if the port is a member of the VLAN.

Hope this helps.

Please rate helpful answers.

Thanks.

compromiseddonut · ‎05-14-2015

First, thanks for your kind responses (in case you don't want to read through my jibberish below).

I have figured it out I believe. This weekend, I will reset and configure again a couple times to make sure I have it down. When I have it down firmly, I will reply again.

Essentially, you create the new VLAN (2), then edit the interface settings to add the VLAN you want that port to have access to. This is the page that was really tripping me up. I never did get "Access" to work as I wanted. So, I chose "General" and it worked. Also, if you want this port to be able to manage the switch, you have to leave it at the default VLAN, which is 1 from what I found. May not be entirely accurate. (For security purposes, you should change it but just know if you want to be able to manage the switch from this port, you have to leave the VLAN # at the default.) In this example, I'm not going to allow management so I will change ithe PVID FROM VLAN 1 TO 2. Also here, I have not played with the "Frame Types" yet. I will this weekend. So you see on this simple page, there is a lot to mess up. The more I tried to select "Access" and then make changes here and there, the more confused I got. I still don't quite understand since the CLI 2960s don't have these new fancy pants words like General, or Customer. They just use Trunk and Access.

Next go to Port to VLAN to edit whether traffic is Tagged, which is the default, or Untagged. Along the top, you select the drop down box to look for the VLAN # you need (2), then click Go to see the Tagged/Untagged/Excluded status of every port in relation to the selected VLAN. Mine reads General, Untagged, and the PVID is also checked, which means this port cannot manage the switch. If it's a PC or printer, etc use Untagged. It is on this page that if you want to allow this port to be able to access another VLAN #, you would cllick the drop down and select the VLAN # you would like to give the port access to, then click Go. Find this port and select General, Untagged.

Finally, to verify all the things you just did, go to the Port VLAN Membership tab. Find the port that you just gave VLAN access to and notice the line. Port GE3 would say 2UP, 3U if you were giving that port access to VLANs 2 and 3. You can indeed give a port access to a VLAN in here as well as the step before. That seems to be just a user preference on where to do it.

Again, I will test and see if I wrote these very basic instructions correctly.

I'm also doing LAG using 4 ports and a second, redundant LAG, obviously also with 4 ports. The setup for LAG though is so simple. It automatically marks the LAG as a Trunk and adds all the VLANs to it. So getting VLANs to work between switches should be no harder than configuring just one switch; only more time consuming.

Regards,

CD

need help with SG200 VLANs and hopefully a CLI solution