cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
738
Views
0
Helpful
3
Replies

SG300 VLAN no data but ping works

jasonitspyder
Level 1
Level 1

Hi, I need some help setting up VLAN on SG300 switch.

Here's the toplogy:

SG300 switch (VLAN1, and VLAN200)

|

|

ASA 5510 firewall

|

|

ISP router

VLAN 1 - Interface IP: 192.168.1.5

VLAN 200 - Interface IP: 10.10.10.254

ASA 5510 - 192.168.1.253

Static route has been added on ASA 5510 and SG300

ASA 5510

S    10.10.10.0 255.255.255.0 [5/0] via 192.168.1.5, inside

SG300

S   0.0.0.0/0 [1/1] via 192.168.1.253, 16:25:47, vlan 1

C   10.10.10.0/24 is directly connected, vlan 200

C   192.168.1.0/24 is directly connected, vlan 1

On the SG300, I have 1 port for VLAN 200 as accessport, VLAN 200 untagged, VLAN1 tagged.

I have one PC connected to VLAN 200, ip address: 10.10.10.10

Here's what I have so far:

- I can ping to the PC in VLAN 200 from any workstation in VLAN 1

- I can ping from the PC (10.10.10.10) in VLAN 200 to any workstation in VLAN 1

- I can browse the Internet by using google DNS 8.8.8.8

The problem:

- I cannot get any data between the VLAN's. I have HTTP webserver on VLAN 1, and I cannot get to it from VLAN 200. I cannot get to my DNS server in VLAN 1. I cannot access any workstation from VLAN 1 either.

The fact that I can ping from the PC in VLAN 200 to PC's in VLAN 1 and vice versa indicates that the traffic is being routed through the VLAN's. But it is just very confusing that I'm unable to get any data across.

Any help would be very much appreciated!! Thanks in advance!!

3 Replies 3

jasonitspyder
Level 1
Level 1

I just like to add:

I have added ACL to permit all traffic from any IP to any IP, and bind the ACL to both VLAN and the port.

I'm trying to send traffic across the VLAN, from VLAN 200 to VLAN 1 and vice versa. But I'm still only able to get ping's across, no other IP traffic can be sent across.

I'm attaching some screenshots here. Please help me out if you have any ideas/clues on my issue. Thanks!

Port# 7 is set to accessport for VLAN 200

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN1.jpg

VLAN 1 setting:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN2.jpg

VLAN 200 setting:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN3.jpg

IP interface config:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN4.jpg

Routes on SG300:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN5.jpg

I'm not sure if it's the ACL preventing access, so I'm setting it to permit all from any ip to any ip:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN6.jpg

Bind ACL to VLAN:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN7.jpg

Bind ACL to port# 7

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN8.jpg

Static route on my firewall ASA 5510:

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN9.jpg

Ping results from a host in VLAN 1 to VLAN 200 (from 192.168.1.40 to 10.10.10.10). I get same results vice versa.

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN10.jpg

SG300 current version (I believe it's the latest version as of now 1/21/14)

http://i780.photobucket.com/albums/yy89/jasonitspyder/SG300%20-%20VLAN%20issue/VLAN11.jpg

Did this ever get fixed?

Review Cisco Networking for a $25 gift card