Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4043
Views
0
Helpful
1
Replies

VLAN Problem - Cisco SG300-28

wintermute1
Level 1
Level 1

‎09-18-2012 02:10 PM - edited ‎03-07-2019 08:57 AM

Objective: I have a large home network that I would like to split into two VLANS, one for my regular devices, and one for an IP camera system. I would like to separate the IP camera traffic from my regular network, but I still need to be able to access the cameras from devices on the other VLAN. I would like to have all of the non-camera devices on the subnet 10.0.0.0/22, and the IP cameras on the subnet 10.0.4.0/24.

Equipment: I have an Asus RT-N66U router running Tomato USB, and a Cisco SG300-28 managed switch (Layer 3 mode). I would have prefered to use a small business router from Cisco, but I had too many instability issues with the RV220W. The router is connected to a modem on its WAN port, and the managed switch on a LAN port. All of the devices and IP cameras are connected to the managed switch on ports GE1 through GE9.

I would like the managed switch to do as much of the heavy lifting as possible. I have tried a number of times to get the VLANs setup, but I am having problems routing the traffic between them. I have gone through a number of tutorials and guides, but I must be doing something incorrectly. Here is what I have done so far:

First I setup the two subnets on the router. I am a little unsure if this step is correct.

1 - Network 800.png

I assigned the SG300-28 a static IP address of 10.0.0.2. There are five Apple Airport Extremes connected to the switch that are being used as wireless access points, I have assigned each of them static IPs on the 10.0.0.0/22 subnet as well. Each of the Sonos devices, and a network printer are also assigned static IPs on the 10.0.0.0/22 subnet. All of the other devices on this subnet are given IP addresses via DHCP. I assigned static IP addresses to each of the cameras on the 10.0.4.0/24 subnet.

2 - Static DHCP 800.png

I verified that the SG300-28 "System Mode" is set to "L3". I then created a VLAN for the IP cameras through "VLAN Management > Create VLAN".

3 - Create VLAN 800.png

After creating the IP camera VLAN, I setup the IPv4 interfaces through "IP Configuration > Management and IP interfaces > IPv4 Interface".

4 - IPv4 Interface 800.png

The IP cameras are plugged into ports GE1 through GE9. I added these ports to VLAN 2 (Cameras) as Untagged ports through "VLAN Management > Port to VLAN".

5 - Port to VLAN 800.png

I then changed the Interface VLAN Mode for each of the ports in VLAN 2 (Cameras) to "Access" through "VLAN Management > Inteface Settings".

6 - Interface Settings 800.png

At this point I have tried a number of different settings for routing traffic between the two VLANS, but nothing I have tried seems to work. I have tried setting up static routes between the two subnets without success. I tried creating a rule in the router under "Advanced > LAN Access", but this did not work.

7 - LAN Access 800.png

I removed that that setting , and tried creating static routes between the two subnets. I am missing something, or have done something incorrectly. I don't think what I am doing is particularly difficult, I just can't seem to get things working. I have read through a number of guides, but they tend to gloss over details, or just haven't worked for my situation. Any help would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

Tom Watts
VIP Alumni
VIP Alumni

‎09-18-2012 03:12 PM

Hi Winston, first you want to simplify everything here.

Disconnect everything, take host A and host B and the switch.

If you take the switch, assign an IP interface to each VLAN, then assign a single port to each VLAN and connect a device to each port, there will be intervlan communication provided that the default gateway for each connecting device is set as the IP address you assigned to the VLAN interface.

The switch dynamically builds the directly connected routes. The intervlan communication won't fail unless an external issue such as firewall which does not respond to ICMP.

Now, if you want internet to work and your router does not support VLAN, then you need a static route on the router to point to the gateway (VLAN interface of the switch) to be able to send traffic to the correct destination then the switch in turns forwards the request since it has the information stored in the CAM.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card