02-17-2013 05:46 AM - edited 03-07-2019 11:45 AM
I just purchased a Cisco SG300 managed switch and would like to seperate my network into two VLAN's, one for my lab environment and the other for everything else.
I have the switch in L3 mode and and been reading the admin guide but I'm still at a loss with VLAN configuration.
This is a 10 port switch, so maybe I could start with 5 ports for my lab and 5 ports for the rest?
What role will my router play in all of this? It also has VLAN capability.
02-17-2013 07:43 AM
Hi,
You could use switch in L2 mode.
Here is simple configuration:
1. Create two VLAN, for example #10, #20.
2. Assign access 5 ports for a lab with VLAN 10 and for other 5 ports LAN network put into VLAN 20.
3. Port connected to router assign VLAN 20 and enable DHCP server on it. So hosts connected on VLAN 20 ports can get IP addresses from DHCP.
Sent from Cisco Technical Support Android App
02-17-2013 09:28 AM
Sounds easy enough, how hard is it to assign the ports to the VLAN? "Port VLAN membership"?
02-17-2013 09:35 AM
Here you can find manual
http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
Sent from Cisco Technical Support Android App
02-17-2013 10:21 AM
OK I could really use some help here, I have done the following and created VLAN "20".
Click VLAN Management > Create VLAN. The Create VLAN page is displayed:
VLAN ID = 20.
VLAN Name = "NAME".
VLAN Type = Static.
Click VLAN Management > Interface Settings:
Ports 6 through 10 are now "Access" and show as "Untagged".
Having issues doing ports 1-5 because when I make changes I loose the connection to the GUI, I do not have a console cable at the moment.
Can 1-5 be changed to VLAN 10 anyway? what happens to the default VLAN 1?
02-17-2013 10:41 AM
Was able to enable telnet, here is config (not sure if this helps).
switch606e33#show run
config-file-header
switch606e33
v1.2.7.76 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 10,20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switch606e33
aaa authentication enable Telnet enable
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password da39a3ee5e6b4b0d3255bfef95601890afd80709 encrypted
exit
username cisco password encrypted 1ee779d633e8de7503635aff74d44dd87cc37247 privi
lege 15
ip telnet server
!
interface vlan 10
name Lab
!
interface vlan 20
name Streaming
!
interface gigabitethernet1
switchport trunk allowed vlan add 10
!
interface gigabitethernet2
switchport trunk allowed vlan add 10
!
interface gigabitethernet3
switchport trunk allowed vlan add 10
!
interface gigabitethernet4
switchport trunk allowed vlan add 10
!
interface gigabitethernet5
switchport trunk allowed vlan add 10
!
interface gigabitethernet6
switchport mode access
switchport access vlan 20
!
interface gigabitethernet7
switchport mode access
switchport access vlan 20
!
interface gigabitethernet8
switchport mode access
switchport access vlan 20
!
interface gigabitethernet9
switchport mode access
switchport access vlan 20
!
interface gigabitethernet10
switchport mode access
switchport access vlan 20
!
switch606e33#
02-17-2013 03:03 PM
Hi Scott, I do not know what the WRT supports but this is kind of an icky implementation per se. I am assuming the WRT only supports 1 DHCP scope. If that is the case then only 1 subnet will have DHCP unless you have an external DHCP server handling this for you. I am also assuming the WRT does not support vlans.
Secondly, you are right, the switch should be layer 3 mode. Each vlan interface should have an IP address. If you want both VLAN to get to the internet, the WRT router will require a static route to point to the vlan interface of the switch with a metric of 1.
When connecting a device to the switch the default gateway will be the IP address of your vlan interface that you're connecting to.
Here is a post that will give you an idea how to make this work
https://supportforums.cisco.com/thread/2123434
-Tom
Please mark answered for helpful posts
02-18-2013 06:41 AM
The WRT does support VLANS if this helps any?
If any of these editing option worked in my browser I would attach a pic, at any rate this link will do:
http://scj6771.smugmug.com/photos/i-Hb6k4Md/0/L/i-Hb6k4Md-L.png
What I would like is ports 2-6 for everything else in the house and ports 7-10 for my home lab, port 1 I assume would be for my router?
02-18-2013 06:51 AM
Hi Scott, since that router supports vlans then this is be quick to resolve.
From your output here is a sample.
interface gigabitethernet1
switchport trunk allowed vlan add 10
This means the gi1 port is configured as 1u,10t.
This means your router must have vlan 1 and 10 added to a port.
So how to try to make it work vlan 1 will be untagged. Vlan 10 will be tagged. The assigned to bridge looks like it will be LAN.
It seems you will just need to hit the tick box on the WRT page for vlan 1 and 10. The only thing I don't like what I see is on that bottom of the vlan page there is a section that says "tagged". I do not know if this is a blanket configuration or individual port configuration. If hitting a vlan tick box means it will inherently make it tagged you may not have to use 'vlan 1' tick box since it is an untagged frame anyway.
So I would play with that some on the router while connecting the router to gi1.
-Tom
Please mark answered for helpful posts
02-18-2013 06:56 AM
Well I have wiped out that config when I changed to L3 mode. If this will be easier without the router then I'm all for it? At this point what am I gaing from the router? I only use it for the wireless, I think I can turn it into an access point anyways.
02-18-2013 07:03 AM
Well, you can do the same yet. You don't need IP addresses on the vlan interfaces. I'd just leave that alone. Simply create the vlans desired that the router supports. Native vlan = the vlan that your flat network communicates on. Meaning, if your router is 192.168.1.1 and the switch is 192.168.1.2 the native vlan is 1 that functions on that network.
The additional vlans will be the tagged vlans. So you make create a trunk port and define 1 as untagged 1u, then tag the rest, in the example 10.
-Tom
Please mark answered for helpful posts
02-18-2013 07:11 AM
OK, so do this again but I can still keep in L3 mode?
Here is simple configuration:
1. Create two VLAN, for example #10, #20.
2. Assign access 5 ports for a lab with VLAN 10 and for other 5 ports LAN network put into VLAN 20.
3. Port connected to router assign VLAN 20 and enable DHCP server on it. So hosts connected on VLAN 20 ports can get IP addresses from DHCP.
02-18-2013 07:16 AM
Scott, do you plan to use 2 wires from the router or just 1?
-Tom
Please mark answered for helpful posts
02-18-2013 07:25 AM
At this point whatever is easiest, I just want my streaming/gaming and lab traffic seperated.
02-18-2013 07:31 AM
Fastest easiest is this-
Vlan 1 = IP address subnet of your router and switch (which is created by default)
Create a second vlan such as vlan 10
Make an access port for vlan 10 on the switch
Assign a LAN port on the WRT router to be vlan 10
Run 2 wires, one for the vlan 10 port, another for the vlan 1 port
Assign DHCP to each router port
On the switch navigate
Spanning Tree -> STP status and global settings
Spanning Tree State -> Remove the check box (this globally disables spanning tree)
apply changes.
This should work and get you going.
-Tom
Please mark answered for helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide