Solved

Inetrvlan setup on Cisco SG300-20 switch

Posted on 2013-06-03
17
2,471 Views
1 Endorsement
Last Modified: 2013-06-28
Hi,
i have a L3 cisco switch and i want to setup inter vlan and i want the host on these Valn to be able to access data on the NAS.
So far i was able to setup the vlan and the ost on the vlan can access the NAS but none of the host can get to internet.
I was thinking my ISP router is not capable to handle the nating i got another ADSL router TP Link but still same result.
Also i will like to have this in DHCP so i will not need to configure ip address every time i want to add a host to a vlan.
One other thing i will like to add is guest vlan that will not ahve access to the internal network but only has access to internet.
I need your assistance. Thanks
1
Comment
Question by:ldnnet
  • 8
  • 6
17 Comments
 
LVL 2

Expert Comment

by:NiceCuppaTea
ID: 39216465
to enable inter vlan routing type ip routing at configuration prompt

to enable dhcp from a single server you will need to setup each scope then on the switch you need to add an ip helper address to each vlan (address of your dhcp server)

e.g

conf t
int vlan 2
ip helper-address 192.168.0.1

You may also have to set the relay information insert options via....

ip dhcp relay information option-insert

in your interface configuration of your vlan

To be able to restrict your vlans you need to create ACL's for the vlan you want to restrict then apply the acl to the vlan

Dont forget to set your default gateway!
0
 

Author Comment

by:ldnnet
ID: 39257451
My sincere apologies for late response
I was away and I do not have access to the device.
The issue is still not resolve.
I include the present configuration to make things clear.
Thanks a lot for your assistance.

*************************

switch4ba497#sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1               gi1,gi17,Po1-8          Default      Required
 5          WAN                   gi20                static      Required
 10       Studio                  gi2-8               static      Required
 20       Service                gi9-12               static      Required
 30        Admin                 gi13-16              static      Required
 40        Data                  gi18-19              static      Required



switch4ba497#sh ip interface


    IP Address         I/F       Type     Directed   Precedence   Status
                                          Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.2.254/24    vlan 1    Static      disable    No         Valid
192.168.3.100/24    vlan 5    Static      disable    No         Valid
192.168.10.1/24     vlan 10   Static      disable    No         Valid
192.168.20.1/24     vlan 20   Static      disable    No         Valid
192.168.30.1/24     vlan 30   Static      disable    No         Valid
192.168.40.1/24     vlan 40   Static      disable    No         Valid




switch4ba497#sh run
config-file-header
switch4ba497
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 5,10,20,30,40
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay enable
ip dhcp information option
no boot host auto-config
bonjour interface range vlan 1
hostname switch4ba497
no passwords complexity enable
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5

privilege 15
ip telnet server
!
interface vlan 1
 ip address 192.168.2.254 255.255.255.0
 no ip address dhcp
!
interface vlan 5
 name WAN
 ip address 192.168.3.100 255.255.255.0
!
interface vlan 10
 name Studio
 ip address 192.168.10.1 255.255.255.0
!
interface vlan 20
 name Service
 ip address 192.168.20.1 255.255.255.0
!
interface vlan 30
 name Admin
 ip address 192.168.30.1 255.255.255.0
!
interface vlan 40
 name Data
 ip address 192.168.40.1 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet4
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet6
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet7
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet8
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet9
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet10
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet11
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet12
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet13
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet14
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet16
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet17
 switchport mode access
!
interface gigabitethernet18
 switchport trunk native vlan 40
!
interface gigabitethernet19
 switchport trunk native vlan 40
!
interface gigabitethernet20
 switchport trunk native vlan 5
!
ip route 0.0.0.0 0.0.0.0 192.168.3.1
switch4ba497#
0
 

Author Comment

by:ldnnet
ID: 39257466
This is entries on the router
This is the entries on the router
0
 

Author Comment

by:ldnnet
ID: 39259015
The main issue I have now is to get internet connection for the host on the vlans.
This is still eluding me for the moment.
I am intending to use vlan5 as the WAN connection. I did that because I want to separate this wan connection from default vlan1. Kindly let me know what i am doing wrong here and how bwest to make it work in simple way. Thanks
.
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39279058
Whatever config you have pasted refers only to inter-vlan communication. But as per your post, there is no problem in inter-vlan communication i.e hosts in different vlan can communicate with the NAS/each other.

The problem is: they cannot access internet. As of now, hosts coming to the switch, getting routed and accessing NAS. But hosts coming to switch for internet, going to 192.168.3.1-the router and getting dropped.

So, in short, you need to paste the router config to help us troubleshoot.Please mention what router model you are using.

PS: Never got what you meant by "ISP router is not capable to handle the nating". I have never seen a router in my life "not capable" of handling NAT. : )

Please put a block diagram in notepad or a jpg to help us understand who is connecting to where, (with IP address). Is this a new setup? Was the setup working anytime? Can you paste the ISP router config as well?


Best,
0
 

Author Comment

by:ldnnet
ID: 39282088
Thanks for your response.
I attached the screenshots from the router
The router is TP-Link Cable/DSL model TL-R860.
Remember the main issue is that only the directed connected vlan 5 to the router get ip address from the dhcp. The other vlans do not get ip address.
DHCP.JPG
DHCP-Client-list.JPG
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39282121
I am confused.

e.g a host in port gigabit 10, is in vlan 20. He is supposed to get IP address from your DHCP server which is in vlan5 of ip 192.168.3.x ????
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:ldnnet
ID: 39282165
Vlan 5 interface gi20 connect directly to the router that serves as dhcp server ip address 192.168.3.1
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39283492
I meant I was confused about your question---- "Remember the main issue is that only the directed connected vlan 5 to the router get ip address from the dhcp. The other vlans do not get ip address."

What do you mean by other vlans do not get ip address? You expect a host connected to gig10 port which is under vlan 20 should receive IP from your dhcp server which is in vlan 5???
0
 

Author Comment

by:ldnnet
ID: 39283715
That is what I expect. If that is not correct can you explain how do I get other vlans to get ip address from the dhcp server? Thanks
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39283760
Ok.

If your PC  is on a different subnet and your DHCP server is in a different subnet you have to use the dhcp relay function so that dhcp requests are routed from different networks to the server. You have not done that in your config, hence dhcp equests from other subnets are not even reaching your server.

You have to do "ip helper-address <ip of dhcp server> i.e 192.168.3.1.
This command needs to be there for every vlan you define. So the PC's send their DHCP request to switch, switch forwards using this command to the server. Server assigns.
#int vlan 10
(config-if)#ip helper-address 192.168.3.1
#int vlan 20
(config-if)# ip helper-address 192.168.3.1 ......and so on

Please make sure 192.168.3.1 is reachable from every vlan. You can test it using an extended ping and source as that vlan.

Secondly, I hope you understand every PC's cannot get 192.168.3.x IP because it's in vlan 5. So you have to define multiple scopes in dhcp server with correct IP.

It means you need 1)192.168.10.10-192.168.10.100 2)192.168.20.10-192.168.20.100 and so on. Every vlan you defined, you have to create a separate dhcp range for that.

When DHCP requests by Ip helper-address command is forwarded by the vlan, by default DHCP requests will search for that very subnet of the vlan which has forwarde the request. So if vlan 10 is requesting DHCP will look for 192.168.10.x IP. If vlan 5 is requesting 192.168.3.x scope will be looked upon.

Best,
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39283821
and you will need "ip dhcp relay information option-insert" under every vlan as well after ip helper-address command.
0
 

Author Comment

by:ldnnet
ID: 39284130
hi,

I am unable to create scope for each vlan as you explained.
Also ip helper-address is asking to specify destination address.  
when I did this:
#int vlan 10
(config-if)#ip helper-address 192.168.3.1
#int vlan 20

It return with this comment: % missing mandate parameter

What will the destination address be for each vlan?
Kindly give me an example. Thanks
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
ID: 39284311
I can create multiple scopes in cisco devices and windows/linux servers. You can also use any windows/linux or any dhcp server to create multiple pools. If you cannot in your router that is the hardware limitation then. You need a separate server in any old PC.


Commands in sequence in the switch should be,

conf t
int vlan 20
ip helper-address 192.168.3.1
ip dhcp relay information option-insert
exit
int vlan 10
ip helper-address 192.168.3.1
ip dhcp relay information option-insert
exit
int vlan30
...
......
......
....
and so on.....
0
 

Author Comment

by:ldnnet
ID: 39284462
Since it has come to hardware limitation, there is little to do.
I will leave the default vlan1 untouched and use vlan 5 for the host for now.
I will see if I can increase my budget to get capable dhcp hardware.
Thanks a lot really appreciate your assistance.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

VMware Update Manager(VUM) “error code: 15” during ESXi 6.0 Remediate update in VUM operation
VM backup deduplication is a method of reducing the amount of storage space needed to save VM backups. In most organizations, VMs contain many duplicate copies of data, such as VMs deployed from the same template, VMs with the same OS, or VMs that h…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now