SG 300 switch, VOIP setup, asymmetric routing not working...

netguyz08 · ‎05-22-2013

I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode.

DHCP relay is setup on this switch.

The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.

DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).

There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).

Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.

After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.

Am I right in the change that needs to be made? Or am I missing something else in my network layout?

-Ed

netguyz08 · ‎05-23-2013

Ended up changing the SG 300 to be 192.168.4.1 and the ASA became 192.168.4.2.

The default gateway on the SG 300 was changed to 192.168.4.2 and for the 2960 as well.

Last part was changing the ports that connected to PCs and servers. I had to reach out to Small Business Support, and configured those ports on the SG 300 to an access port, with VLAN 2, untagged.

The explanation was that when a packet leaves the port towards the PC, the VLAN tag will be removed. That is why we need to untag the VLAN on the access port.

Any ports for routers/firewalls or switches needed to remain configured in trunk mode.

-Ed