08-25-2021 01:35 PM
Hello I was going over the link https://blog.router-switch.com/2016/07/cisco-switches-comparison-and-solutions/ trying to figure out what will work best for my needs.
The 2 items I have unofficially chosen are
SG350XG and the
WS-C3650-24PD-S
but I really am not getting a defining difference. To be honest I am sort of confused between the SG Series and the Catalyst (in general). Is there a link or database that could explain to me the main differences? Why would one choose a Catalyst over the SG?
Ideally I am interested in the SG 12 port 10gig access over the 2 spf+ 10gig ports. Clearly there’s a reason why a Cat with 12 10gig is thousands and and thousands of $$ more.
Any links or advice on the nitty gritty differences of why one over the other?
08-25-2021 03:01 PM
Hello @fbeye ,
SG series are Small business switch and they do not run IOS .
Catalyst switches are Enterprise solution and they run IOS and IOS XE in the newer models.
>> Clearly there’s a reason why a Cat with 12 10gig is thousands and and thousands of $$ more.
Different operating system , different hardware that can mean more capacity in interface buffers, QoS features more robust support for multicast, routing protocols and so on.
Hope to help
Giuseppe
08-25-2021 03:30 PM
You ask an interesting question about Cisco SG switches vs Catalyst switches. I would start with the observation that the Catalyst switches are designed more for Enterprise environments. They are somewhat more sophisticated, scale for higher performance, and may have some features (especially in routing technologies) not available in the SG series. The SG switches are designed for Small and Medium Business environments. They are designed to be easier to configure and manage but may not have all the capabilities of the Catalyst. And in terms of pricing the SG switches will generally be less expensive than the Catalyst.
What kind of environment do you have? How important are some of the advanced features?
Perhaps these links will have information that could be useful
https://community.cisco.com/t5/switching/sg-switches-compared-to-catalyst-switches/td-p/3384646
https://techprojournal.com/cisco-catalyst-vs-cisco-smb/
08-27-2021 07:10 AM
I was looking at the SG350X more so than the Catalyst, and I was also looking into the 1000 Series as mentioned by other response.
I suppose my needs are not too intricate or demanding. Half being adventurous for a new toy and half for a separate device to perform a simple task;
A Switch that will allow connectivity among vlans but nothing to do with Internet. This would be a separate device on a network that serves only connectivity among vlans for data. No restrictions.
I am going over manuals and I feel I am constantly getting stuck on vlan interface vs Ethernet interface.
If I have vlan 1, vlan 2 and vlan 3. Would I create an IP address on an interface in each vlan for routing among each other or a vlan interface ip for routing among each other? The vlan interface or Ethernet interface in reality become L3 when assigned an IP….. But can the other interfaces in each vlan stay L2 or must they also be L3 for the routing?
08-27-2021 07:41 AM - edited 08-27-2021 07:41 AM
Hello @fbeye ,
if you have basic needs the SG series can be a good choice.
>> I am going over manuals and I feel I am constantly getting stuck on vlan interface vs Ethernet interface.
If I have vlan 1, vlan 2 and vlan 3. Would I create an IP address on an interface in each vlan for routing among each other or a vlan interface ip for routing among each other? The vlan interface or Ethernet interface in reality become L3 when assigned an IP….. But can the other interfaces in each vlan stay L2 or must they also be L3 for the routing?
The SVI = Switched Virtual Interface is a logical interface like a loopback but its state is up/up only if at least one L2 port in the corresponding L2 VLAN is up/up and in STP forwarding state (this is called autostate)
So for inter vlan routing you need :
to create the L2 Vlans
to associate the L2 VLANs to access ports an/or trunk ports
to configure
ip routing at global level
and to configure the SVI for each VLAN.
Only the SVI needs an IP address in the subnet that you want to use in that VLAN the L2 ports don't need it.
Another way to see it : the SVI is an internal host that takes part in the L2 VLAN if the L2 VLAN is operational ( see note above about autostate).
The duty of the SVI is inter VLAN routing and routing to/from routed interfaces.
The SVI provides the default gateway for the L2 VLAN ( broadcast domain)
Hope to help
Giuseppe
08-27-2021 07:56 AM
Interested. So in order for the hosts connected to these vlans to also communicate with other vlans they need to use the vlan IP on the Switch as their Gateway? Would that then disable each hosts Internet access? Seems like the hosts have to choose Internet access or subnet / vlan access to other networks.
The networks connected to each vlan do have their own Internet access so I can’t allow one vlan to have another vlans outside (WAN) IP access.
In short; Each host has their own Internet access but through the Switch (SG350X) ((not the main switch I utilize)) they can access each other.
08-27-2021 03:09 PM
This question now has several aspects to respond to. First let me try to address the aspect of Ethernet interfaces vs vlan interfaces. An Ethernet interface is a physical interface and a vlan interface is a virtual interface. What I describe is generally true of Catalyst switches and other Ethernet switches. On these switches an Ethernet interface is a layer 2 interface. The Ethernet interface belongs to a vlan. The switch configuration may assign the Ethernet interface to a vlan. If there is not a specific vlan assignment then the Ethernet interface belongs to vlan 1.
You can not simply assign an IP address to an Ethernet (physical) interface on the switch because a layer 2 interface can not have an IP address. You would assign an IP address to the vlan interface (virtual interface). A device connected to the Ethernet interface can have an IP address (in the subnet that is used for that vlan) but the Ethernet interface itself would not have an IP address. (note that some switches support configuring the Ethernet interface with the command no switchport and this converts the Ethernet interface from being a layer 2 interface to being a layer 3 interface and the interface can now be configured with an IP address).
So on an Ethernet switch the Ethernet interfaces belong to a vlan and do not have IP addresses. Each vlan can be configured with a vlan interface which is a layer 3 interface for that vlan and could have an IP address.
By default Ethernet switches are layer 2 switches and forward traffic between interfaces based on mac address. A layer 2 switch can forward traffic within a vlan but is not able to forward traffic between vlans. To forward traffic between vlans the layer 2 switch needs to be connected to a layer 3 device to provide inter vlan routing. If the Ethernet switch has ip routing enabled it becomes a L2/L3 switch and is able to forward traffic between vlans. In this case each vlan on the switch may have a vlan interface and an IP address on that vlan interface to allow the switch to do inter vlan routing.
The other aspect of your response is about vlan 1, vlan 2, and vlan 3. This presumes that you have enabled ip routing on the Ethernet switch. You would have some Ethernet interfaces assigned to vlan 1, some other Ethernet interfaces assigned to vlan 2, and other Ethernet interfaces assigned to vlan 3. All of these Ethernet interfaces remain layer 2 interfaces. Note that if you use the no switchport command to convert an Ethernet interface from layer 2 to layer 3 than that interface no longer belongs to any vlan. So after you have assigned appropriate Ethernet interfaces to each vlan you would configure a vlan interface for each vlan, and assign an IP address to each vlan interface. If you have done these steps then the switch will be able to do inter vlan routing and each vlan would be able to communicate with the other vlans on the switch. If you want any of the devices connected to this switch to have Internet access then the switch would need a default route to be able to forward traffic from the vlan to the device that provides Internet access.
08-28-2021 08:27 AM
Alright that explains a lot.
The vlans are what separate the hosts connecting to the Switch into their own Subnets.
This will simply allow them only to talk to each other (not outside their vlan/subnet).
By adding an IP address to a vlan and enabling IP ROUTING (are both assumed to work together?) I then create a L3 point of contact for the Subnets/vlans to now route/communicate “outside” themselves?
Does this require any ip route on the Switch itself to each subnet or only on the Routers supplying the DHCP Server for those Subnets or none of that because the Switch with the vlan IP’s and the ‘ip routing’ enabled would essentially do the routing itself?
Or even though ip routing is enabled and vlans have IP addresses, everything still needs a route to each other?
Also, would devices that connect to this said switch need their gateway to be the vlan ip Gateway on the Switch to talk to the other vlans?
As I write this I am also messing around with the switch instead of just waiting for answers so I am indeed being proactive.
08-28-2021 09:09 AM
There are several parts of your response that I want to respond to. Let me start by saying that if you have ip routing enabled it only makes sense if there are at least 2 locally connected subnets. And that implies at least 2 vlans with vlan interfaces with IP addresses configured. But it is possible to have a vlan with a vlan interface with an IP address but not enable ip routing. The vlan interface with an IP address but not ip routing is frequently called the management interface and it allows you to remotely access the switch to manage it and allows the switch for forward things like snmp or syslog or other functions.
You make a correct comment about vlans. A vlan allows all of the devices connected in that vlan to communicate with each other. Without ip routing they will not be able to communicate with anything outside of the vlan.
You start a question by saying "Does this require any ip route on the Switch". When you enable ip routing on the switch it allows communication between the subnets that are on that switch. If those subnets are to communicate with any subnets that are outside of the switch then the switch needs additional routes. Those routes might be static routes configured on the switch for outside resources (and especially a static default route is common) or those routes might be learned by a dynamic routing protocol that can be configured on the switch (EIGPR, OSPF, etc).
Your other question was "Also, would devices that connect to this said switch need their gateway to be the vlan ip Gateway on the Switch". It is usual that devices in the vlan/subnet would have their default gateway as the switch vlan address in that subnet. But there could be circumstances where you would configured the default gateway of some of the devices as something outside of the switch.
08-29-2021 09:53 AM
Well I find myself in a weird situation.
Switch has ‘ip routing’ enabled. There are 3 vlans on the Switch. Each vlan has an ‘interface vlan ip’ associated with it within its subnet.
I can ping all and everything except one device. On the PC I have created a static route ‘route add 10.0.2.0 mask 255.255.255.0 192.168.1.7’ and I can now ping:connect to everything.
my concern is that why am I having to add a route that the Switch clearly already knows, as the 192.168.1.7 is vlan 1 ip and the said device I was unable to ping (10.0.2.111) also connects through the same switch and had a vlan 3 IP address of 10.0.2.5?. I mean they are all on the same switch, different vlans and subnets yes, but the ip route I have to manually input on PC should be a “duh” for the Switch.
Is this a Windows issue where’s its networking protocols are needing the route or does the Switch need a route?
vlan 1 192.168.1.7
vlan 2 10.0.1.5
vlan 3 10.0.2.5
ip routing
currently no ip routes on the SG350X Switch.
Just such a weird thing. Why I have to add a manual route when it’s all going through same switch. 10.0.2.111 and 10.0.2.126 are both devices on the vlan 3 10.0.2.0. Both have their Gateway 10.0.2.1. With NO manual Windows route, can only connect to 10.0.2.126 but WITH manual Windows route can connect to .111 and .126. Seems highly unusual.
(Irrelevant of what ips I had before I am now working with what is mentioned above).
08-29-2021 10:05 AM - edited 08-29-2021 10:09 AM
Hello
if it just the one pc then i would clear down the ip stack and windsock api of that single host and test again?
Is a windows device by any chance?
Edited- i see it is..so
open cmd ( in admin privilege mode)
netsh interface ip reset
netsh winsock reset
shutdown -r -f -t 10
08-29-2021 10:32 AM
Morning
So I did indeed do that but to no avail.
That did have me looking more into my NIC TCP/IP options. I noticed that I leave the IP to automatically obtain an it stays all 0.0.0.0 and when I go into Advanced under Default Gateways I add 192.168.1.7 and 192.168.1.1 (though 1.1 disappears cause I assume it is default for it) it then greys out my TCP/IP so I cna not input an IP but it has hard coded 192.168.1.7 as gateway and then it all works. And this is with me REMOVING my original 'route add' command.
What is weird is if I manually input 192.168.1.7 as Gateway and manually fill my IP address, I can see and connect to all networks but no Internet. If I leave all auto, I can access internet but not all networks..... With doing it this way under Advanced, it somehow uses 192.168.1.1 as default gateway but then a 2nd Gateway for LAN access?
Weird.
08-29-2021 02:51 PM
Hello
Sounds like host issue not network any case try and delete network card drivers and re-install- then test again- or just update them.
08-31-2021 08:54 AM - edited 08-31-2021 06:51 PM
It may very well be a host issue but I also verified same results on a different Windows 10. Is there a chance at all that the servers respond differently by having a vlan interface ip as a gateway between subnets rather than an interface IP address as is currently has and works? Would Routing be seen differently between an interface or vlan ip setup? Cause at the end of the day by going from an interface ip to a vlan interface ip is where the trouble begins.
The biggest issue of all I have is that I have 3 vlans. 2 are coming from the ASA, 192.168.1.0 and 10.0.1.0. Why? Cause each subnet has their own Internet WAN address. The 3rd vlan is coming from an “offsite” Router that has its own WAN but I can utilize its LAN side 10.0.2.0.
Correct me if I am wrong but if I make vlan 1,2,3 on Switch with IP routing should it NOT ping each other? They don’t.
So I do vlan 1 192.168.1.5, vlan 2 10.0.1.5 and vlan 3 10.0.2.5. They don’t ping.
I then create Ethernet INTERFACES with same IP’s. No ping. What’s the point of “ip routing” or even the Switch I have then if they can see each other? The subnets are NOT having an origin on the Switch, only using the switch as a “hello neighbor”. So 10.0.1.0 has 10.0.1.1 as Gateway and so forth. I will even see examples of my same type of scenario and yet it doesn’t communicate. I don’t get it. 3 stupid vlans to talk to each other. How is that even remotely hard to do, and yet it doesn’t do.
09-02-2021 09:19 AM
Also from what I can tell on most examples is that the Switch is creating the vlans and the Subnets whereas I am trying to connect vlans whose IP subnets do NOT originate on the Switch. I wonder if this has any effect on the configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide