Solved: SG300-20 Can't route traffic to internet

Ledude · ‎03-14-2023

I've been trying to configure this switch since I bought it a long time ago. Never got time to make it to work so it's been collecting dust and then I found out the Switch is now EOL. Well, not wanting to waste it, I decided to configure it again but for some reason, I can't seem to make it work. So I created 4 VLANs 1 default

My interface settings

Port to Vlan Settings/Membership

IpV4 Interface

IpV4 Routes which I think where the issue is:

DHCP is all working just fine.

For some reason, every time when the computer is plugged into the port, the outgoing interface change to its Vlan number. I think this has something with the routing issue but I'm not quite sure where to fix it.

Router/gateway address is 192.168.4.1

I'm seriously at the end of my wit here. I'm not quite sure where to go next. What am I missing? Any advice is appreciated.

KJK99 · ‎03-16-2023

Re. Port to VLAN Membership

„For some reason, all of the VLANs with Access VLAN MODE don't have the option for me to change it to Tagged.”

That’s not what I tried to say. If a port is access, it will be untagged. It cannot be tagged. I was referring to trunk ports. If you set the port mode to trunk, you should be able to add some or all VLANs to it. The trunk port will be tagged in those additional VLANs.

Re. IPv4 Routes

If you can’t change the Remote routes, remove them and recreate the corresponding VLAN interfaces (SVIs). When you do this, the switch should create proper Local routes automatically. Actually, I think you should delete all those routes and all VLAN interfaces and start fresh, Even your Local routes do not show Next Hop.

Re. DHCP

You misunderstood me. You try to change those gateway exactly the way I warned you not to. When you have VLANs, the VLAN interfaces (SVIs) are the gateways for your end-point devices. The SVIs are shown on the IPv4 Interfaces screen. For devices in your VLAN 10, the gateway IP address should be 10.1.3.1.

Re. Static Routes on Router

That was about the static routes on your ASUS router, not the switch. I'm not sure what you are trying to do.

My advice was based on your switch configuration.

Default Route: 0.0.0.0 0.0.0.0 192.168.4.1 VLAN :1

The above tells me that the router IP address is 192.168.4.1.

VLAN 1 Interface: 192.168.4.2 255.255.255.0

The VLAN 1 interface is the gateway to the other VLANs for traffic from Internet.

Kris K

View solution in original post

Kasun Bandara · ‎03-14-2023

1. try disabling smart port feature.

2. make sure your 192.168.4.1 doing NAT towards internet

2. make sure your router at gateway have routes added to VLAN networks correctely.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Ledude · ‎03-15-2023

Thank you but can you help out with more specifics on points 2 and 3? The 4.1 which is the router is already doing NAT to the internet. It's my Asus Router RT-AX88U which is only a year or two old. Assuming that's what you meant. In the third part, I"m a bit puzzled.

Ledude · ‎03-15-2023

Is this what you are talking about?

balaji.bandi · ‎03-15-2023

1. On the switch make sure you enable Layer3 routing.

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5073-switching-to-layer-3-mode-on-the-sf-sg-300-series-switches.html

2. Remove all Routings from switch and only add routing to 0.0.0.0 0.0.0.0 192.168.4.1

3. From asus all subnet route back to switch - IP need to change from 192.168.4.1 to 192.168.4.2 for the routing to work.

4. Apart from Routing - you need to 10. x.x.x in Asus to do NAT to get to the internet.

End device connected to switch, should able to ping 192.168.4.2 and 192.168.4.1

if this is working, then try ping 8.8.8.8 to test NAT working - if this is working?

then make sure end device has the correct DNS like 8.8.8.8 then you should able to browse internet.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

KJK99 · ‎03-15-2023

There are several issues there.

Re. Interface Settings

All trunk ports should have PVID 1 since VLAN1 is the native/default VLAN. Also, you should have an access port in VLAN1 for the link to the router. I guess a trunk port will work, too, but there is no reason to use a trunk port if the device on the other end of the link is not VLAN-aware.

Re. Port to VLAN Membership

As above. Also, if you need a trunk port, that port should be in more than one VLANs. Moreover, only VLAN1 should be U[ntagged]. The other VLANs should be T[agged].

Re. IPv4 Routes

Those Remote routes are wrong. They should be Local like the other ones Local ones, i.e. they should be Local and Directly Connected to VLANs matching the subnets.

Re. DHCP

Make should the gateways are set to the IP addresses of the corresponding VLAN interfaces, not for example to the IP address of your router.

Re. Static Routes on Router

The Gateway should be 192.168.4.2, not 192.168.4.1. Also, there is no reason to use different Metrics or use IP addresses of the VLAN interfaces for the Network addresses, like 10.1.3.1 instead of 10.1.3.0. Actually, instead of defining four routes, you can have just one 10.1.0.0 255.255.0.0 192.168.4.2 LAN. It will work for all four network you have now and any other 10.1.x.x network you may introduce in the future.

I hope I’ve covered everything.

Kris K

Ledude · ‎03-16-2023

Thank you for your help @KJK99. Still not working since I can't really change much via GUI. Haven't tried CLI yet and I don't see why it will work using CLI but not GUI. I'm super puzzled.

Re. Interface Settings

All trunk ports should have PVID 1 since VLAN1 is the native/default VLAN. Also, you should have an access port in VLAN1 for the link to the router. I guess a trunk port will work, too, but there is no reason to use a trunk port if the device on the other end of the link is not VLAN-aware.
Agree and that's exactly what I did. The trunk is only for servers that run ESXI and its VLAN aware.

Re. Port to VLAN Membership

As above. Also, if you need a trunk port, that port should be in more than one VLANs. Moreover, only VLAN1 should be U[ntagged]. The other VLANs should be T[agged].
For some reason, all of the VLANs with Access VLAN MODE don't have the option for me to change it to Tagged. At least on the GUI side. Haven't tried the CLI yet tho.

Re. IPv4 Routes

Those Remote routes are wrong. They should be Local like the other ones Local ones, i.e. they should be Local and Directly Connected to VLANs matching the subnets.
For some reason, I have no way of changing it. I can only add Remote but not the local ones. It switched to local only when plugged. Which is why I'm puzzled.

Re. DHCP

Make should the gateways are set to the IP addresses of the corresponding VLAN interfaces, not for example to the IP address of your router.
That's the only option I have. I can't use the IP address of the router for the default router IP address even if I tried.

Re. Static Routes on Router

The Gateway should be 192.168.4.2, not 192.168.4.1. Also, there is no reason to use different Metrics or use IP addresses of the VLAN interfaces for the Network addresses, like 10.1.3.1 instead of 10.1.3.0. Actually, instead of defining four routes, you can have just one 10.1.0.0 255.255.0.0 192.168.4.2 LAN. It will work for all four network you have now and any other 10.1.x.x network you may introduce in the future.
Unfortunately, it won't let me.

KJK99 · ‎03-16-2023

Re. Port to VLAN Membership

„For some reason, all of the VLANs with Access VLAN MODE don't have the option for me to change it to Tagged.”

That’s not what I tried to say. If a port is access, it will be untagged. It cannot be tagged. I was referring to trunk ports. If you set the port mode to trunk, you should be able to add some or all VLANs to it. The trunk port will be tagged in those additional VLANs.

Re. IPv4 Routes

If you can’t change the Remote routes, remove them and recreate the corresponding VLAN interfaces (SVIs). When you do this, the switch should create proper Local routes automatically. Actually, I think you should delete all those routes and all VLAN interfaces and start fresh, Even your Local routes do not show Next Hop.

Re. DHCP

You misunderstood me. You try to change those gateway exactly the way I warned you not to. When you have VLANs, the VLAN interfaces (SVIs) are the gateways for your end-point devices. The SVIs are shown on the IPv4 Interfaces screen. For devices in your VLAN 10, the gateway IP address should be 10.1.3.1.

Re. Static Routes on Router

That was about the static routes on your ASUS router, not the switch. I'm not sure what you are trying to do.

My advice was based on your switch configuration.

Default Route: 0.0.0.0 0.0.0.0 192.168.4.1 VLAN :1

The above tells me that the router IP address is 192.168.4.1.

VLAN 1 Interface: 192.168.4.2 255.255.255.0

The VLAN 1 interface is the gateway to the other VLANs for traffic from Internet.

Kris K

Ledude · ‎03-19-2023

I found a very strange problem that I can't figure out why but my problem is solved of course with a different issue right now. So this is what I did per your suggestion.

On the router said, I add the reverse routing address to 192.168.4.2.

on the switch side, I have to change the network pool address from say 10.1.3.0 to 10.1.30.0. This is the part that I can't explain. As soon as I changed the address, everything just work. I've also found a device in my network that's using 10.1.4.1 and I still can't figure out where or what that device is. So the easiest way to fix it for me is to change the network pool to 10.1.40.0 and again that solves my problem.

The different issue now I have is to configure LAG to work in that switch combined with Truenas Scale Server using LAG. That's a different subject that needs a new post. Thank you again