Inetrvlan setup on Cisco SG300-20 switch

to enable inter vlan routing type ip routing at configuration prompt

to enable dhcp from a single server you will need to setup each scope then on the switch you need to add an ip helper address to each vlan (address of your dhcp server)

e.g

conf t
int vlan 2
ip helper-address 192.168.0.1

You may also have to set the relay information insert options via....

ip dhcp relay information option-insert

in your interface configuration of your vlan

To be able to restrict your vlans you need to create ACL's for the vlan you want to restrict then apply the acl to the vlan

Dont forget to set your default gateway!

My sincere apologies for late response
I was away and I do not have access to the device.
The issue is still not resolve.
I include the present configuration to make things clear.
Thanks a lot for your assistance.

*************************

switch4ba497#sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1               gi1,gi17,Po1-8          Default      Required
 5          WAN                   gi20                static      Required
 10       Studio                  gi2-8               static      Required
 20       Service                gi9-12               static      Required
 30        Admin                 gi13-16              static      Required
 40        Data                  gi18-19              static      Required



switch4ba497#sh ip interface


    IP Address         I/F       Type     Directed   Precedence   Status
                                          Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.2.254/24    vlan 1    Static      disable    No         Valid
192.168.3.100/24    vlan 5    Static      disable    No         Valid
192.168.10.1/24     vlan 10   Static      disable    No         Valid
192.168.20.1/24     vlan 20   Static      disable    No         Valid
192.168.30.1/24     vlan 30   Static      disable    No         Valid
192.168.40.1/24     vlan 40   Static      disable    No         Valid




switch4ba497#sh run
config-file-header
switch4ba497
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 5,10,20,30,40
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay enable
ip dhcp information option
no boot host auto-config
bonjour interface range vlan 1
hostname switch4ba497
no passwords complexity enable
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5

privilege 15
ip telnet server
!
interface vlan 1
 ip address 192.168.2.254 255.255.255.0
 no ip address dhcp
!
interface vlan 5
 name WAN
 ip address 192.168.3.100 255.255.255.0
!
interface vlan 10
 name Studio
 ip address 192.168.10.1 255.255.255.0
!
interface vlan 20
 name Service
 ip address 192.168.20.1 255.255.255.0
!
interface vlan 30
 name Admin
 ip address 192.168.30.1 255.255.255.0
!
interface vlan 40
 name Data
 ip address 192.168.40.1 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet4
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet6
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet7
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet8
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet9
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet10
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet11
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet12
 switchport mode access
 switchport access vlan 20
!
interface gigabitethernet13
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet14
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet16
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet17
 switchport mode access
!
interface gigabitethernet18
 switchport trunk native vlan 40
!
interface gigabitethernet19
 switchport trunk native vlan 40
!
interface gigabitethernet20
 switchport trunk native vlan 5
!
ip route 0.0.0.0 0.0.0.0 192.168.3.1
switch4ba497#

This is entries on the router

The main issue I have now is to get internet connection for the host on the vlans.
This is still eluding me for the moment.
I am intending to use vlan5 as the WAN connection. I did that because I want to separate this wan connection from default vlan1. Kindly let me know what i am doing wrong here and how bwest to make it work in simple way. Thanks
.

Whatever config you have pasted refers only to inter-vlan communication. But as per your post, there is no problem in inter-vlan communication i.e hosts in different vlan can communicate with the NAS/each other.

The problem is: they cannot access internet. As of now, hosts coming to the switch, getting routed and accessing NAS. But hosts coming to switch for internet, going to 192.168.3.1-the router and getting dropped.

So, in short, you need to paste the router config to help us troubleshoot.Please mention what router model you are using.

PS: Never got what you meant by "ISP router is not capable to handle the nating". I have never seen a router in my life "not capable" of handling NAT. : )

Please put a block diagram in notepad or a jpg to help us understand who is connecting to where, (with IP address). Is this a new setup? Was the setup working anytime? Can you paste the ISP router config as well?


Best,

Thanks for your response.
I attached the screenshots from the router
The router is TP-Link Cable/DSL model TL-R860.
Remember the main issue is that only the directed connected vlan 5 to the router get ip address from the dhcp. The other vlans do not get ip address.
DHCP.JPG
DHCP-Client-list.JPG

I am confused.

e.g a host in port gigabit 10, is in vlan 20. He is supposed to get IP address from your DHCP server which is in vlan5 of ip 192.168.3.x ????

Vlan 5 interface gi20 connect directly to the router that serves as dhcp server ip address 192.168.3.1

I meant I was confused about your question---- "Remember the main issue is that only the directed connected vlan 5 to the router get ip address from the dhcp. The other vlans do not get ip address."

What do you mean by other vlans do not get ip address? You expect a host connected to gig10 port which is under vlan 20 should receive IP from your dhcp server which is in vlan 5???

That is what I expect. If that is not correct can you explain how do I get other vlans to get ip address from the dhcp server? Thanks

Ok.

If your PC  is on a different subnet and your DHCP server is in a different subnet you have to use the dhcp relay function so that dhcp requests are routed from different networks to the server. You have not done that in your config, hence dhcp equests from other subnets are not even reaching your server.

You have to do "ip helper-address <ip of dhcp server> i.e 192.168.3.1.
This command needs to be there for every vlan you define. So the PC's send their DHCP request to switch, switch forwards using this command to the server. Server assigns.
#int vlan 10
(config-if)#ip helper-address 192.168.3.1
#int vlan 20
(config-if)# ip helper-address 192.168.3.1 ......and so on

Please make sure 192.168.3.1 is reachable from every vlan. You can test it using an extended ping and source as that vlan.

Secondly, I hope you understand every PC's cannot get 192.168.3.x IP because it's in vlan 5. So you have to define multiple scopes in dhcp server with correct IP.

It means you need 1)192.168.10.10-192.168.10.100 2)192.168.20.10-192.168.20.100 and so on. Every vlan you defined, you have to create a separate dhcp range for that.

When DHCP requests by Ip helper-address command is forwarded by the vlan, by default DHCP requests will search for that very subnet of the vlan which has forwarde the request. So if vlan 10 is requesting DHCP will look for 192.168.10.x IP. If vlan 5 is requesting 192.168.3.x scope will be looked upon.

Best,

and you will need "ip dhcp relay information option-insert" under every vlan as well after ip helper-address command.

hi,

I am unable to create scope for each vlan as you explained.
Also ip helper-address is asking to specify destination address.  
when I did this:
#int vlan 10
(config-if)#ip helper-address 192.168.3.1
#int vlan 20

It return with this comment: % missing mandate parameter

What will the destination address be for each vlan?
Kindly give me an example. Thanks

Since it has come to hardware limitation, there is little to do.
I will leave the default vlan1 untouched and use vlan 5 for the host for now.
I will see if I can increase my budget to get capable dhcp hardware.
Thanks a lot really appreciate your assistance.