Hi, I am assisting a Non-Profit organization that has a ISA500 and a SG300-10, both working fine.
They have a simple setup on the ISA500 with an internal company ports and several Guest ports for
Guest PC's and OpenMesh wifi connections. It is using the default settings on the ISA500 of the VLAN
1 as internal to the NPO and VLAN2 as the Guest VLAN, everything is working fine.
They are adding another SG300-10 to a remote office greater than 100 meters away, so it will need to
be fiber. They are in the process of getting the fiber ran.
Since this will be a fiber connection, they only want to run one line to save costs. So they need to have
internal connection ports 1-5 and Guest ports 6-10 on the remote SG300-10, ie both VLANs using the
same line. They do not want the VLANs to be able to communicate, they want to keep Guest traffic
off the internal VLAN1.
I have tried to set up the switch using the VLAN1 and 2 as we have on the router. This seems to work
on the internal ports, it will grab the proper IP addresses, but when trying to connect as Guest I am
getting the "limited connectivity" message on the test PC and no internet access.
I tried setting up another Guest VLAN and putting it in the same subnet thinking it needed it to assign
IP addresses properly, but same results.
Right now the settings below are using the test 2nd Guest VLAN. I've tried it initially using VLAN2,
neither worked. I am focusing on using port 7 on both the switch and router for testing
Please see the current setup below. Thanks in advance for any assistance, I know the NPO is grateful as well.
Apologies if the information is jumbled below, I tried best we could to cut and paste the information. Thanks.
ISA500
Status Summary
1 | GE1 | WAN | Connected | 1000M/Full Duplex | Access |
2 | GE2 | LAN | Connected | 1000M/Full Duplex | Access | 1 | 1 |
3 | GE3 | LAN | Connected | 1000M/Full Duplex | Access | 1 | 1 |
4 | GE4 | LAN | Not Connected | Auto | Access | 1 | 1 |
5 | GE5 | LAN | Not Connected | Auto | Access | 1 | 1 |
6 | GE6 | LAN | Not Connected | Auto | Access | 1 | 1 |
7 | GE7 | LAN | Connected | 1000M/Full Duplex | Trunk | 1,3 | 1 |
8 | GE8 | LAN | Connected | 1000M/Full Duplex | Access | 2 | 2 |
9 | GE9 | LAN | Connected | 100M/Full Duplex | Access | 2 | 2 |
10 | GE10 | LAN | Connected | 1000M/Full Duplex | Access | 2 | 2 |
VLANs (have tried this with using default VLAN2 GUEST and creating another VLAN3 GUESTYOUTH, same results.
Would prefer to just use GUEST VLAN that is working now if possible.
DEDEFAULT | 1 | 192.168.0.1 | 255.255.255.0 | GE2;GE3;GE4;GE5;GE6;GE7 | LAN |   |
GUFGUEST | 2 | 172.168.25.1 | 255.255.255.0 | GE8;GE9;GE10 | GUEST | |
GUEGUESTYOUTH | 3 | 192.168.2.1 | 255.255.255.0 | GE7 | LAN |  |
VOIVOICE | 100 | 10.1.1.2 | 255.255.255.0 | VOICE | |
Routing table
192.xxx.xxx.xx | 255.255.255.248 | 0.0.0.0 | U | 0 | WAN1 |
172.168.25.0 | 255.255.255.0 | 0.0.0.0 | U | 0 | GUEST |
192.168.2.0 | 255.255.255.0 | 0.0.0.0 | U | 0 | GUESTYOUTH |
192.168.0.0 | 255.255.255.0 | 0.0.0.0 | U | 0 | DEFAULT |
10.1.1.0 | 255.255.255.0 | 0.0.0.0 | U | 0 | VOICE |
127.0.0.0 | 255.0.0.0 | 0.0.0.0 | U | 0 | LOOPBACK |
SG300-10
1.3.0.62 L2 Mode
switch VLANs
VLAN ID VLAN Name Type
1Default
3GUESTYOUTHStatic
| Entry No. | Interface | Interface VLAN Mode | Administrative PVID | Frame Type | Ingress Filtering | |||
|---|---|---|---|---|---|---|---|---|
| 1 | GE1 | Trunk | 1 | Admit All | Enabled | |||
| 2 | GE2 | Access | 1 | Admit All | Enabled | |||
| 3 | GE3 | Access | 1 | Admit All | Enabled | |||
| 4 | GE4 | Access | 1 | Admit All | Enabled | |||
| 5 | GE5 | Access | 1 | Admit All | Enabled | |||
| 6 | GE6 | Access | 3 | Admit All | Enabled | |||
| 7 | GE7 | Access | 3 | Admit All | Enabled | |||
| 8 | GE8 | Access | 3 | Admit All | Enabled | |||
| 9 | GE9 | Access | 3 | Admit All | Enabled | |||
| 10 | GE10 | Access | 3 | Admit All | Enabled | |||
Port to VLAN
VLAN ID = 1
ports 1-5 untagged PVID checked
ports 6-10 forbidden no PVID
VLAN ID = 3
ports 1-5 excluded no PVID
ports 6-10 untagged PVID checked
Port VLAN Membership
1 | GE1 | WAN | Connected | 1000M/Full Duplex | Access | |||||
2 | GE2 | LAN | Connected | 1000M/Full Duplex | Access | 1 | 1 | |||
3 | GE3 | LAN | Connected | 1000M/Full Duplex | Access | 1 | 1 | |||
4 | GE4 | LAN | Not Connected | Auto | Access | 1 | 1 | |||
5 | GE5 | LAN | Not Connected | Auto | Access | 1 | 1 | |||
6 | GE6 | LAN | Not Connected | Auto | Access | 1 | 1 | |||
7 | GE7 | LAN | Connected | 1000M/Full Duplex | Trunk | 1,3 | 1 | |||
8 | GE8 | LAN | Connected | 1000M/Full Duplex | Access | 2 | 2 | |||
9 | GE9 | LAN | Connected | 100M/Full Duplex | Access | 2 | 2 | |||
10 | GE10 | LAN | Connected | 1000M/Full Duplex | Access | 2 | 2 | |||
LAN | ||||||||||
