Cisco Switches :: SG300 10 Layer3 And InterVLAN Routing
Apr 25, 2011
I'm trying to get the following running.
I have 4 Subnets
VLAN 1 172.20.0.0/16 with the default GW 172.20.200.254
VLAN 10 192.168.10.0/24 with the default GW 192.168.10.2
VLAN 59 192.168.59.0/24 with the default GW 192.168.59.254
VLAN 130 192.168.130.0/24 with the default GW 192.168.130.254
[Code]....
With absolutly the same settings I did this with an HP E4200-12G L3 Switch (which is now doing the job) so there is no routing mistake in the other components.For me it looks like, the SG300 doesn't like to be NOT the default gateway.
View 7 Replies
ADVERTISEMENT
Aug 28, 2011
I setup switch in layer 3 mode. I have a access port in vlan 10 and a access port in vlan 20. I am able to ping form vlan 10 client to vlan20 default gateway (192.168.20.1) I am able to ping form vlan 20 client to vlan10 default gateway (192.168.10.1) However, I am unable to ping from vlan 10 to vlan 20 client. If both the ports are in same vlan, then clients are able to ping each other. Proxy Arp in enabled.
vlan 10 client ip info
192.168.10.10
255.255.254.
[Code].....
View 12 Replies
View Related
Oct 17, 2012
I have an issue with correctly configuring sg300 layer 3 switch behind ASA 5505 (incl Security Plus License) The setup is as follows:
CISCO SG300 is configured as a Layer 3 Switch
Native VLAN 1: ip address 192.168.1.254, default route (inside interface ASA 192.168.1.1)
Extra VLANs on Switch defined
VLAN 100 with 192.168.100.0/24, default gateway 192.168.100.254
VLAN 110 with 192.168.110.0/24, default gateway 192.168.110.254
VLAN 120 with 172.16.0.0/16, default gateway 172.16.10.254
From the different VLANS(100,110,120) I am able to connect to all devices in the other VLANS (except for Native VLAN 1; it's not pingable)From switch cli I can ping my firewall (192.168.1.1) and all other vlan gateways and vlan devices (VLAN1,100,110,120) From asa cli I can only ping my switch port (192.168.1.254), but no other devices in the other VLANs.
What do I need to change or setup in the switch or asa configuration in order for the other vlans to access the Internet through the ASA. I will not use the ASA as intervlan routing device, because the switch is doing htis for meI tried changing the asa int e0/1 into trunkport (uplink port on switch also), to allow all vlans, but as soon as I do that I cannot ping to 192.168.1.254 from ASA cli anymore.
View 2 Replies
View Related
Apr 18, 2011
Some tips and trick on how to configure and sg300 for intervlan routing.
I already have the switch set up for layer 3 I already set up multiple vlans and each vlan has a ip interface setup with the desired subnet I see the local routes set up in the static routing page.
I cannot seem to get from one subnet/vlan (I am using one subnet for each VLAN) to the next.
View 6 Replies
View Related
Jul 26, 2011
I'm setting up two vlans and I would like all of vlan 2 to only have access to the WAN router on vlan1 at 192.168.30.1.
VLAN1 192.168.30.x
VLAN2 192.168.31.x
I've setup the VLANS and static routes and I'm able to access the WAN router at 192.168.30.1 from the 192.168.31.x network and everything is fine.
I'm getting an error setting up the IPv4 based ACL that is designed to allow the 192.168.31.x network access to only the 192.168.30.1 WAN router.
The first rule I setup is to permit source 192.168.31.0 / 0.0.0.255 dest 192.168.30.0/0.0.0.255 to allow all traffic to from the 192.168.31. net to access the 192.168.30.x net. Then I was going to deny the dest of 192.168.30.1-255 but I'm not sure of the wildcard to use for that.
I'm not clear on the wildcards but I'm also getting the following error when I setup the first ACE rule:
"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."
I suspect the error is related to how I'm using the wildcards?
View 4 Replies
View Related
Aug 5, 2012
I'm trying to configure intervlan routing between a cisco 2801 router and HP/Amer switches. Using int fa0/1 and subinterfaces I was sure I had it configured correctly, but I cannot ping the default gateways when I place a host in a particular vlan. Below is what I have configured.
HP switch - port 9 connects to fa0/1 on 2801
ip default-gateway 10.1.100.1
trunk 9 Trk1 trunk
trunk 10 Trk2 trunk - to another switch
[code].....
View 4 Replies
View Related
Nov 21, 2012
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies
View Related
Oct 11, 2012
I have a test setup of a C3750 stack as a core and some 2960's as access switches.[URL] - The switches at the bottom is the new network (VLANNED). The switches on the left is the current production network (10.1.1.0/24) From the C3750 to the router is a /30 network.
There will be 6 VLANs but at the moment I have one configured. VLAN50 - 10.5.1.0/24 From the C3750 I can ping my current production network, internet, other VLANs in the testsetup, ... Everything.From the C2960 I can ping other VLAN's, reach the gateway, reach the router, reacht the currenct production network. But I can't reach internet. I've configured "ip default-gateway 10.5.1.254" on the C2960. C3750 relevant config is down below.How is it that I can reach other networks connected to the router and not internet from the access switches? I'm just trying to ping 8.8.8.8.
!
ip routing
!
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.1.2 255.255.255.252
[code]....
View 5 Replies
View Related
Jun 2, 2012
I am trying get inter vlan routing to work on a DF 300 - 24 port switch. I have an existing company network on 192.168.111.0 and want to create a vlan on 192.168.1.1 that can talk to 192.168.111.0. I have enabled layer 3 routing on the switch via console and also provided the ip routing command. I have the following VLAN's:
VLAN1 - Default 192.168.111.0
VLAN2 - 192.168.1.0
I have enabled DNS and provided my two DNS servers 192.168.111.82 & 192.168.111.212. I have set the VLAN1 interface to 192.168.111.217 and VLAN2 interface to 192.168.1.1.
Ports FE1 - FE15 are set to access ports and assigned to VLAN1 (untagged)
Ports FE16 - FE24 are set to access ports and assigned to VLAN2 (untagged)
I have set a default route for the switch to 0.0.0.0 0.0.0.0 192.168.111.254 (Draytek 2600 router). I have connected a computer (A) to VLAN1 port FE3 and a computer (B) to VLAN2 port FE16. I have set Computer A default gateway to 192.168.111.217 and its IP address to 192.168.111.94. I have set Computer B default gateway to 192.168.1.1 and IP to 192.168.1.2.
Computer A has access to Mdaemon, file server via network drives but no internet (cannot ping google) and can ping computer B and RDP onto computer B.
Computer B can ping computer A and RDP onto computer A but does not have access to the company network i.e MDaemon, file server etc. It also cannot access the internet.
From the console I can ping [URL]and all ip addresses in the company network i.e. 192.168.111.82 (DNS server). If I scan computer A wirh wireshark the internet starts working weird!
Configuration show below:
switch7c0a71#show run
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
[code]....
View 40 Replies
View Related
Jul 11, 2012
I have two 3750 layer3 switches and I need to connect them via stack cable.so if I connect them with the stack they will be act as an one switch, but for the configuration if I create a VLANs on the master switch (applied all the configuration on the master one) this configuration will be transfered to the slave one or I have to repeat the configuration that I did on the master.
View 5 Replies
View Related
Aug 29, 2011
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
View 1 Replies
View Related
May 26, 2011
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
View 2 Replies
View Related
Mar 31, 2012
We have recently purchased a SG300 to break up our network which most consists of virtual machines via Bridged networking on network machines. I have created successfully Vlans and the physical machines are capable of communicating across the different subnets that I have created via the SG300 however the Virtual machines can no longer be reached.
View 2 Replies
View Related
Feb 8, 2012
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies
View Related
Jul 25, 2012
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies
View Related
Jun 6, 2012
I have a connection on IP 192.168.1.21, Subnet 255.255.255.0 - this is on the default VLAN1 on the switch. I need to route this to IP 10.0.3.101, Subnet 255.255.252.0 - which is set up on VLAN2 on the switch. I have set the switch to Layer 3 via console.
how I setup this route? I am use the Browser based interface.
View 15 Replies
View Related
May 12, 2013
I have a project I am working on that will require routing over a MetroE circuit to connect a few sites together back to HQ. Although, I know this can be accomplished several ways, I have come up with a solution that I think will work, but would like you all's input as to whether this is adequate and if my thoughts on how to properly "organize" the network are right.
I have been working with the SG300 line in Layer 3 mode and have not had any issues in a test setup I have here in the office. Basically my thought is to have a single VLAN/subnet allocated for each physical site. That will handle the basic interoffice connectivity etc. I also have a need to prioritize voice/video traffic throughout the entire network. My plan was to create an additional VLAN/subnet to house the teleconferencing equipment. Thats pretty much the jist of the setup. My only question is how to properly prioritize the voice/video VLAN.
View 3 Replies
View Related
Feb 8, 2013
What does "ip routing" do on the CLI on the SG300? When I do this, I see it enables ip forwarding, but there is no mention of this in the CLI manual. I'm just trying to figure out what I would use this for, and if I should leave it enabled, or disable it. I have several different SG300 switches in L3 mode, and they are set up in a multi-vlan environment...
View 2 Replies
View Related
Dec 11, 2012
A brief background on the setup: I recently switched out my switch. It was a Cisco 3750 10/100 switch and I wanted to upgrade to Gig. The cost of a Gig+POE 3750 is too much to bite so I opted for the SG300. My router is a Cisco 891. Here is the setup:
Cisco 891:
two SVI's: vlan1 and vlan 100
Vlan1 = 10.0.1.1/24
[Code].....
With the 891+3750, I was able to add "ip pim sparse-dense-mode" on all the SVI's and hosts could join any multicast group, irregardless of which vlan the host was a member of.
Now I've changed switches, and I dont get the same love. I have the PIM statement on both SVI's on the 891, but Im unsure of what I need to configure on the SG300. I have enabled "Bridge multicast filtering" + "IGMP snooping". What can I do to get similar functionality using the SG300 + 891? I assume this is my lack of understanding IGMP in general, but was able to get away with it using the PIM statements on the 891+3750 stack.
View 4 Replies
View Related
Jan 20, 2013
I have a SG300-28P that is our Main VLAN Switch. Though the VLANs that I have on it are there mostly because of our Edge Router and our AP541Ns.We have the Following VLANs defined (Subnets Changed to conseal Piblic IPs) [code]
VLAN200 and VLAN201 come into Our Edge Router and out on a Single GE Port via VLAN Tagged to thje SG300.The SG 300 Splits them out to Untagged Ports and they are connected to Two Firewalls, each with a IP in the 200 and 201 Subnets. The AP510 has the VLAN200, VLAN192 and VLA101 tagged Subnets sent to it. The AP521 has three SSID, each associated with a Paticular VLAN.
This all works fine, though there are a few hidden flaws. Since all of the VLANs are present, both Internal and Public IPs, one could craft packets form one network and use the SG300 as its gateway to the other subnet and Gain Access. How can I isolate the Subnets, so that I can still use the SG300 as a Default Gateway for the 10.1.0.0/16 Network Make it so if someone from the 10.1.0.0/16 netwok accesses the 201.201.201.0/24 Subnet it uses the SG300's 0.0.0.0 0.0.0.0 default router (the Firewall IP) and not the VLAN InterfaceIf somone in the 201, 200, 192 Subnets uses the SG300 as a Gateway and tries to access a 10.1.0.0/16 address it gets blocked.
View 1 Replies
View Related
Mar 17, 2012
configure my new SG300-28P. When I have started the switch, I have specified a new password and enabled telnet in order to setup the switch in Layer 3 mode.
After a restart, the switch took its IP address from a DHCP server. When I try to set a static IP address (192.168.2.1), I receive the following error message: Duplicated IP interface on the same subnet.
The IP address 192.168.2.1 is not used by any device within the network. For information, the message doesn't appear when the switch is in Layer 2 mode.
why I can't change the IP address of default vlan in Layer 3 mode ? All I can do is set the IP address to static or dynamic.
For test purpose, I have added 2 vlans. But I wasn't able to route traffic between vlan. how to configure the switch to route traffic between vlan?
find below details informations about my VLANs.
- Default (VLAN ID 1)
IP Address : 192.168.2.1
Subnet : 255.255.255.0
[Code].....
View 3 Replies
View Related
Oct 22, 2011
I've seen lots of posts from people having problems routing traffic between two vlans with some complicated examples. Any simple step-by-step example for an SG300 switch (in layer 3 mode) to configure two vlans and sending traffic between the two vlans without an external router?
-VLAN1 10.10.10.0
-VLAN2 10.10.20.0
I've tried to do this through the GUI and can't seem to make it work. I'm missing something in the GUI.
View 6 Replies
View Related
Oct 28, 2012
I just purchased a SG300-10 switch and loaded the newest 1.27 firmware on it. Setup my VLANS and trunks but I have this weird issue. My setup:
I have the SG300-10 as my main switch and changed it over to L3 so it can be my main core in my small network. On port 1, vlan 200 is setup as my native PVID untagged and I have it set to trunk vlan's 210(LAN network), 220 (management vlan) tagged over to a Dell powerconnect 5224 24port switch. On port 1 of the Dell switch, I have it setup as a trunk there as well with the same setup (native PVID vlan set to 200 untagged, trunking 210 and 220 tagged).
View 12 Replies
View Related
Nov 27, 2011
I am trying to set up the SG300-52 and am struggling, I have a domain controller with IP address 192.168.0.1 I have a broadband router that is has a dynamc ip address. I have set up vlan1 aand vlan2
Vlan1 is getting its ip address from the domain which is 192.168.0.110
vlan2 is getting its ip from the broadband router.
I have setup Domain Name System in the Ip configuration tab
on Vlan1 I have a connected a dumb switch this connects all the computers in the local network. What I cannot get to work is the internet vlan.
who has setup up vlan routing with domain controller
View 6 Replies
View Related
Feb 26, 2013
My organization wishes to host a LAN gaming event. The setup I have in mind involves a 24-port switch for connecting all the player computers and having that switch connected to a smaller "core" switch which has the the game server and router connected to it. I'd like to know if I can set things up as follows...
SG200-26 with ports 1-24 on seperate VLANs so they cannot talk to eachother. I'd then like ports 25 and 26 to be an aggregated (for bandwidth and redundancy) trunk port to carry all 24 VLANs plus an additional management VLAN (ex. VLAN 100) that will be used for accessing the switch. I'd like those aggregated trunk ports to connect to an SG300-10 "core" switch which will be connected to the game server and to a router for internet access.
I'd like the ability to have two network connections from the game server to the switch, one on the management VLAN and one on a different VLAN (ex. VLAN 50) that will be accessed by the players (ports 1-24 on the SG200-26). The core switch needs the ability to perform restricted inter-VLAN routing, in that it doesn't allow VLANs 1-24 to talk to eachother but they can talk to the server's VLAN but only through specific service ports (ex. port 12345, 12346). Is this possible?
Furthermore how would I configure the SG300-10 to allow VLANs 1-24 to talk to VLAN 50, but not themselves or VLAN 100. As well, I'll probably have the router on it's own VLAN (ex. VLAN 60) and allow VLANs 1-24 to access it but only through HTTP port 80 for web access.
View 9 Replies
View Related
Apr 23, 2012
I'm trying to add an outbound policy on Layer3 interface on a 6500. The will be used to prioritize voice traffic. The environment contains 2 sites with 2 6500's each with VSS and a metro Ethernet link between them. I seem to be having problems prioritizing the voice across this link.
View 1 Replies
View Related
Mar 29, 2012
We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers. We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain, the point to point links alone just to get one additional VRF on each floor required far too many Vlans.As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
View 2 Replies
View Related
Nov 21, 2011
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
Dec 18, 2011
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Aug 20, 2012
I'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
View 3 Replies
View Related
Jan 19, 2012
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies
View Related
