Link to home
Start Free TrialLog in
Avatar of durrence71
durrence71

asked on

Cisco SG500 port mode for VoIP and intervlan traffic setup

I have two questions in regard to configuration for a new VoIP system.  I have a SG500 with two VLANs, 1 and 30.   1 is the default and 30 is a new one for voice.  VLAN 1 is 192.168.1.0/24 and VLAN 30 is 10.10.1.0/24.  I have searched and got conflicting reports on whether my ports should be set to access mode or trunk mode.  The ip phones are set to use VLAN 30 and the computer in turn plugs into the phone.  It seems to work in both the modes, but would prefer to use whatever is the best method.  My 2nd issue, is that I need to access a management website on VLAN 30 from VLAN 1.  On the SG500, GUI and CLI, I can ping both VLAN interfaces (192.168.1.1 and 10.10.1.1), but from a computer on VLAN1, pinging the interface for VLAN 30, times out.   Even from a device on VLAN 30, pinging VLAN 30 interface times out, but I can ping other devices on VLAN 30.  I saw in a Cisco guide called Demo Script 300 Series managed Swtich.pdf, that by adding the VLANs, it would create two local type routes in the IPv4 Static Routes tab, but it didn't.   It won't let me manually add them since it says that the remote gateway can't be on the switch.  Remote and reject are the only two types of routes that I can create.  If I use the CLI and type show ip route, I see both VLAN interfaces and they say they are directly connected.   Why am I not able to ping?
Avatar of giltjr
giltjr
Flag of United States of America image

In access mode frames are sent untagged and only one VLAN's traffic can go in/out of that port.  Since you need two VLAN's to use VIOP and "LAN data", you need to be configured as a trunk.   The VIOP VLAN (30) should be tagged on each port you need it on and "LAN Data" VLAN (1) should be untagged.

The SG500 is a L3 switch so it should be able to do Intra-VLAN routing without any problems.

Have  you enabled routing on it?
Avatar of durrence71
durrence71

ASKER

I do have ip routing enabled.   I have SG300 at another office and they do the Intra_VLAN routing perfectly.   I feel that it is something to do with the VLAN 30 being marked as a voice vlan that is somehow keeping it from routing.
Can you do show ip route on the SG500 and see if it has both subnets there, with the correct subnet masks?
When I do a show ip route, I do see both subnets.   They are listed as directly connected.  Thu more testing, I'm finding out this.

On VLAN 1, I'm not tagging traffic.   On VLAN 30, I'm tagging traffic.   I have a laptop connected to a trunk port.   If I leave the traffic untagged, I can ping the VLAN 30 interface, but nothing else on the subnet that is tagging traffic to VLAN 30.   If I set the port to tagged on VLAN 30, I can ping other devices on the VLAN 30, but not the VLAN 30 interface.  I can also ping both VLAN interfaces, but not anything past that.

So since I'm tagging some traffic, is the L3 switch not capable of routing tagged traffic across to non tagged traffic networks?
Is all of this on a single switch?

If so this should work.  Now if you are crossing switches, say from SG500#1 to SG500#2, you will need to tag VLAN1 and VLAN30 traffic on the trunk link between the two switches.
It is on the same switch.  I've narrowed it down to something to do with one VLAN having untagged traffic and one VLAN having tagged traffic.  If I set one port on the VLAN with tagged traffic to be on that VLAN, but use untagged traffic, I can then ping it.   Does the tagging of traffic on a VLAN make it so that it can't be routed between VLANs?
ASKER CERTIFIED SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here is the sanitized copy of the config.
running-config.txt
I think it has something to do with:

     voice vlan state disabled

Not sure what to set this to there are 3 other options:

oui-enabled
auto-enabled
auto-triggered

The default is auto-triggered, so I would try that first.  I will continue reading, but that is the first thing that jumped out at me.
I will give these a try in the morning and let you know
I only see one port setup as trunk, gi1/1/24.  

Any port that is suppose to have a phone and PC on it needs to be trunk with allowed VLAN of 30 and don't code a native VLAN.  The default native VLAN is 1, and the native VLAN is untagged by default.

If the port is just going to have a PC, it should be access mode.

If the port is just going to have a phone, it should be access mode, but on VLAN 30.
I had it that way earlier with same end results. I've tried a million different combos on trouble shooting this.  I've read mix comments on the trunk or access mode.  From what I've read.  The newer model phones with the switch built in do the trunking and tag the phone traffic and leave the pc traffic untagged.  The phone and computer work either way,  trunk or access mode.  Just no pinging across the vlan.  The laptop I'm trying to ping has no phone with it. The computer I'm using does.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
giltjr Was a huge help and steered me towards the solution.   My last comment is the total outcome of what fixed it.