Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2746
Views
5
Helpful
7
Replies

SG300 no switchport command (requires help)

M R B
Level 1
Level 1

‎02-28-2018 03:22 AM - edited ‎03-08-2019 02:03 PM

Hi 

 

I have SG300 28 port switch which is in L3 mode

I have 3 vlans

vlan 30  IP address 10.10.30.1/24

vlan 40  IP address 10.10.40.1/24

vlan 50 IP address 10.10.50.1/24

 

I have fortigate firewall in 172.16.1.200

 

inter vlan routing is working perfect

when I try to make interface  gigabit port 28 as no swichport

it throws incomplete command error

options available are

access

customer

default-vlan

forbidden

general

mode

private-vlan

protected-port

trunk

which one should I take to assign an IP so I can give a default route to the 172.16.1.200

 

please help to find the correct option

 

thanks

Labels:
0 Helpful
7 Replies 7

Seb Rupik
VIP Alumni
VIP Alumni

‎02-28-2018 03:45 AM

Hi there,

The SG300 does not support routed interfaces.

 

Create another VLAN and SVI in the 172.16.1.0 /24 subnet and configure gi28 to be an access port in that VLAN.

 

cheers,

Seb.

M R B
Level 1
Level 1
In response to Seb Rupik

‎02-28-2018 05:25 AM

Dear Seb Rupik

 

thanks for your quick response

 

I have created the vlan 100 and the interface vlan 172.16.1.1

assign port 28 to vlan 110

and gave default route as my firewall

but cannot ping the firewall or internet is not working

need your assistance

 

Regards

 

MRB

 

 

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to M R B

‎02-28-2018 06:01 AM

Hi there,

Is your firewall interface adding VLAN tags to the frames leaving it, or does traffic leave untagged?

 

Can you share the running config of the SG300.

 

cheers,

Seb.

0 Helpful

M R B
Level 1
Level 1
In response to Seb Rupik

‎02-28-2018 08:58 PM

Dear Seb Rupik

 

please find attached SG300 Config, 

i forgot to mention vlan 20 which is a voice vlan coming form another switch which is managed by my service provider.

locally ip phones are working fine with the current config 

issues is unable to ping 172.16.1.230 which is my firewall gateway

thanks for your assistance

 

MRB

Preview file
5 KB
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to M R B

‎02-28-2018 10:10 PM

Hi,

I can check that your switch configuration is ok But you may be missing routes to add on FortiGate to local LAN. 

Login to FortiGate and Network --->Routes--->Static Routes>

Destination Subnet: 10.10.30.1 255.255.255.0

Interface: LAN (LOACL)

Destination Gateway: 172.16.1.1

 

Same you can configure for all rest VLANs. 

 

I hope that your FortiGate IP as: 

172.16.1.230

If not then change the default route the switch also. 

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Deepak Kumar

‎02-28-2018 11:34 PM

As Deepak say, but it would be prudent to add a static routes on the fortinet for all of your subnets which are routed on the SG300:

ip route 192.168.2.0 255.255.225.0 172.16.1.1
ip route 10.10.30.0 255.255.225.0 172.16.1.1
ip route 10.10.40.0 255.255.225.0 172.16.1.1
ip route 10.10.50.0 255.255.225.0 172.16.1.1

 

I've never configured a Fortinet, but you will need to have a look at the NAT ACL it has configured and ensure that it captures all of your internal subnets.

cheers,

Seb.

0 Helpful

M R B
Level 1
Level 1
In response to Seb Rupik

‎03-01-2018 05:26 AM

THanks to all 

 

its working fine after the static routes

0 Helpful
Customers Also Viewed These Support Documents