Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
2
Replies

SG500X non default vLAN not connecting to internet

josh.taglia
Level 1
Level 1

‎03-19-2020 06:04 PM

I am somewhat new to routing (especially with the SG switches) and need some help to even understand if what I am doing is possible. First, the equipment is an SG500X-24 switch. I have someone that has a group of 8 offices that they want to connect to the switch. The ISP is Comcast Business and we have very limited access to the router beyond being able to plug into it. Each of the 8 offices will have two ports on the switch (Office 1, ports 1 and 2, Office 2, ports 3 and 4, etc.). Ports 23 and 24 are for connection back to the router (24) and connection to another switch for future growth (23). Each of the 8 offices will have their own DHCP pool and will not be able to access the other offices subnets. 

At present I have the switch configured to the point that it is handing out the correct IP from the pool when plugging into the different ports. If I connect a computer with a hardcoded IP to port 24 I can ping it and it can ping any device plugged into the "Office ports". A device on one vLAN can not communicate with any of the other vLANs. When plugged into port 1 (vLAN 11) I can ping the switch IP but I can not ping the Comcast router. When I ping from the switch IP I can hit the Comcast router as well as the open internet. I am having an issue getting traffic from the additional vLANs to route out to the internet. I have extremely limited access to the Comcast router and would like to be able to let the SG500X switch act as the core router for this office. Is that possible or will I need to modify the Comcast router. I was under the impression that a switch in Layer 3 mode could act entirely as a router but I am lost as to why its not routing out to the internet from the additional vLANs. I have included the config below.

 

Comcast Router: 10.1.10.1

Switch: 10.1.10.10

vLANs (10-18,90) 192.168.10.0 (11.0, 12.0, etc.)

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.03.19 20:00:18 =~=~=~=~=~=~=~=~=~=~=~=
sh run
config-file-header
SG500X-24-1
v1.4.2.4 / R800_NIK_1_4_194_194
CLI v1.0
set system queues-mode 4

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 10-18,90
exit
interface vlan 10
private-vlan primary
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Office_A_Pool
address low 192.168.11.100 high 192.168.11.254 255.255.255.0
default-router 192.168.11.1
exit
ip dhcp pool network Office_B_Pool
address low 192.168.12.100 high 192.168.12.254 255.255.255.0
default-router 192.168.12.1
exit
ip dhcp pool network Office_C_Pool
address low 192.168.13.100 high 192.168.13.254 255.255.255.0
default-router 192.168.13.1
exit
ip dhcp pool network Office_D_Pool
address low 192.168.14.100 high 192.168.14.254 255.255.255.0
default-router 192.168.14.1
exit
ip dhcp pool network Office_E_Pool
address low 192.168.15.100 high 192.168.15.254 255.255.255.0
default-router 192.168.15.1
exit
ip dhcp pool network Office_F_Pool
address low 192.168.16.100 high 192.168.16.254 255.255.255.0
default-router 192.168.16.1
exit
ip dhcp pool network Office_G_Pool
address low 192.168.17.100 high 192.168.17.254 255.255.255.0
default-router 192.168.17.1
exit
ip dhcp pool network Office_H_Pool
address low 192.168.18.100 high 192.168.18.254 255.255.255.0
default-router 192.168.18.1
exit
bonjour interface range vlan 1
ip access-list extended Office_1_ACL
permit ip any 192.168.11.0 0.0.0.255 ace-priority 1
deny ip any 192.168.12.0 0.0.0.255 ace-priority 2
deny ip any 192.168.13.0 0.0.0.255 ace-priority 20
deny ip any 192.168.14.0 0.0.0.255 ace-priority 40
deny ip any 192.168.15.0 0.0.0.255 ace-priority 60
deny ip any 192.168.16.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_2_ACL
permit ip any 192.168.12.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.13.0 0.0.0.255 ace-priority 20
deny ip any 192.168.14.0 0.0.0.255 ace-priority 40
deny ip any 192.168.15.0 0.0.0.255 ace-priority 60
deny ip any 192.168.16.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_3_ACL
permit ip any 192.168.13.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.14.0 0.0.0.255 ace-priority 40
deny ip any 192.168.15.0 0.0.0.255 ace-priority 60
deny ip any 192.168.16.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_4_ACL
permit ip any 192.168.14.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.13.0 0.0.0.255 ace-priority 30
deny ip any 192.168.15.0 0.0.0.255 ace-priority 60
deny ip any 192.168.16.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_5_ACL
permit ip any 192.168.15.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.13.0 0.0.0.255 ace-priority 30
deny ip any 192.168.14.0 0.0.0.255 ace-priority 40
deny ip any 192.168.16.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_6_ACL
permit ip any 192.168.16.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.13.0 0.0.0.255 ace-priority 40
deny ip any 192.168.14.0 0.0.0.255 ace-priority 60
deny ip any 192.168.15.0 0.0.0.255 ace-priority 80
deny ip any 192.168.17.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_7_ACL
permit ip any 192.168.17.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.13.0 0.0.0.255 ace-priority 40
deny ip any 192.168.14.0 0.0.0.255 ace-priority 60
deny ip any 192.168.15.0 0.0.0.255 ace-priority 80
deny ip any 192.168.16.0 0.0.0.255 ace-priority 100
deny ip any 192.168.18.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended Office_8_ACL
permit ip any 192.168.18.0 0.0.0.255 ace-priority 1
deny ip any 192.168.11.0 0.0.0.255 ace-priority 2
deny ip any 192.168.12.0 0.0.0.255 ace-priority 20
deny ip any 192.168.13.0 0.0.0.255 ace-priority 40
deny ip any 192.168.14.0 0.0.0.255 ace-priority 60
deny ip any 192.168.15.0 0.0.0.255 ace-priority 80
deny ip any 192.168.16.0 0.0.0.255 ace-priority 100
deny ip any 192.168.17.0 0.0.0.255 ace-priority 120
deny ip any 192.168.19.0 0.0.0.255 ace-priority 140
exit
ip access-list extended MGMT
permit ip any any ace-priority 1
exit
hostname SG500X-24-1
no logging console
no passwords complexity enable
username admin password encrypted ***** privilege 15
ip telnet server
!
interface vlan 1
ip address 10.1.10.10 255.255.255.0
no ip address dhcp
!
interface vlan 10
name Internet
ip address 192.168.10.254 255.255.255.0
!
interface vlan 11
name Office_1
ip address 192.168.11.1 255.255.255.0
!
interface vlan 12
name Office_2
ip address 192.168.12.1 255.255.255.0
!
interface vlan 13
name Office_3
ip address 192.168.13.1 255.255.255.0
!
interface vlan 14
name Office_4
ip address 192.168.14.1 255.255.255.0
!
interface vlan 15
name Office_5
ip address 192.168.15.1 255.255.255.0
!
interface vlan 16
name Office_6
ip address 192.168.16.1 255.255.255.0
!
interface vlan 17
name Office_7
ip address 192.168.17.1 255.255.255.0
!
interface vlan 18
name Office_8
ip address 192.168.18.1 255.255.255.0
!
interface vlan 90
name MGMT
!
interface gigabitethernet1/1/1
service-acl input Office_1_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 11 untagged
switchport general pvid 11
switchport default-vlan tagged
!
interface gigabitethernet1/1/2
service-acl input Office_1_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 11 untagged
switchport general pvid 11
switchport default-vlan tagged
!
interface gigabitethernet1/1/3
service-acl input Office_2_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 12 untagged
switchport general pvid 12
switchport default-vlan tagged
!
interface gigabitethernet1/1/4
service-acl input Office_2_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 12 untagged
switchport general pvid 12
switchport default-vlan tagged
!
interface gigabitethernet1/1/5
service-acl input Office_3_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 13 untagged
switchport general pvid 13
switchport default-vlan tagged
!
interface gigabitethernet1/1/6
service-acl input Office_3_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 13 untagged
switchport general pvid 13
switchport default-vlan tagged
!
interface gigabitethernet1/1/7
service-acl input Office_4_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 14 untagged
switchport general pvid 14
switchport default-vlan tagged
!
interface gigabitethernet1/1/8
service-acl input Office_4_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 14 untagged
switchport general pvid 14
switchport default-vlan tagged
!
interface gigabitethernet1/1/9
service-acl input Office_5_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 15 untagged
switchport general pvid 15
switchport default-vlan tagged
!
interface gigabitethernet1/1/10
service-acl input Office_5_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 15 untagged
switchport general pvid 15
switchport default-vlan tagged
!
interface gigabitethernet1/1/11
service-acl input Office_6_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 16 untagged
switchport general pvid 16
switchport default-vlan tagged
!
interface gigabitethernet1/1/12
service-acl input Office_6_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 16 untagged
switchport general pvid 16
switchport default-vlan tagged
!
interface gigabitethernet1/1/13
service-acl input Office_7_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 17 untagged
switchport general pvid 17
switchport default-vlan tagged
!
interface gigabitethernet1/1/14
service-acl input Office_7_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 17 untagged
switchport general pvid 17
switchport default-vlan tagged
!
interface gigabitethernet1/1/15
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/16
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/17
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/18
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/19
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/20
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/21
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/22
service-acl input Office_8_ACL default-action permit-any
switchport mode general
switchport general allowed vlan add 10 tagged
switchport general allowed vlan add 18 untagged
switchport general pvid 18
switchport default-vlan tagged
!
interface gigabitethernet1/1/23
service-acl input MGMT default-action permit-any
switchport trunk allowed vlan add 10-18,90
!
interface gigabitethernet1/1/24
spanning-tree link-type point-to-point
service-acl input MGMT default-action permit-any
switchport trunk allowed vlan add 10-18,90
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
interface loopback 1
ip address 10.1.1.1 255.255.255.0
!
exit
ip default-gateway 10.1.10.1
ip route 192.168.11.0 /24 10.1.10.1
SG500X-24-1#
SG500X-24-1#
SG500X-24-1#
SG500X-24-1#
SG500X-24-1#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP


S 0.0.0.0/0 [1/1] via 10.1.10.1, 03:10:26, vlan 1
C 10.1.1.0/24 is directly connected, loopback 1
C 10.1.10.0/24 is directly connected, vlan 1
C 192.168.10.0/24 is directly connected, vlan 10
C 192.168.11.0/24 is directly connected, vlan 11
C 192.168.12.0/24 is directly connected, vlan 12
C 192.168.13.0/24 is directly connected, vlan 13
C 192.168.14.0/24 is directly connected, vlan 14
C 192.168.15.0/24 is directly connected, vlan 15
C 192.168.16.0/24 is directly connected, vlan 16
C 192.168.17.0/24 is directly connected, vlan 17
C 192.168.18.0/24 is directly connected, vlan 18

SG500X-24-1#
SG500X-24-1#
SG500X-24-1#

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎03-20-2020 01:22 AM

I think I recall from a certain version L3 mode is enabled by default, but 

as this is a switch and not a router you may first check IP-routing (or L3 mode) is enabled.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to pieterh

‎03-22-2020 11:23 AM

Whether ip routing is enabled or not is an interesting question. I believe that it probably is enabled and that there is a different explanation for why there is not access to the Internet. I believe that the ISP device is doing address translation for the connected subnet but is not doing any address translation for any of the 192.168.x.0 networks. And the SG does not do address translation. And the ISP device would not have any route information for those networks either. So there are 2 significant problems with that traffic when it reaches the ISP device. If the original poster is able to access the ISP device and is able to make some changes we could then look into the possibility of adding routes for the new networks for the various offices and the possibility of doing address translation for them.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card