Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1556
  • Last Modified:

Cisco SGE 2000 Switch VLAN Configurations

Hi,

I currently have a Cisco SGE 2000 Switch.  The switch has been reset to factory default.  All ports were on VLAN 1 but I created a new VLAN 5 and put all ports on VLAN 5 instead.  All the ports are set as Untagged Access ports under VLAN 5.  I configured the new IP, Subnet, and Gateway of the Switch to point to the SonicWALL TZ215 Firewall which connects to the Modem for internet.  The SonicWALL has already been configured correctly using Port 4 to connect the Switch with DHCP, etc…

I then plugged an Ethernet cable into Port 1 of the Switch which connects to the SonicWALL on Port 4.  I then plugged a spare laptop into Port 2 of the Switch to see if I could get internet.  Everything worked correctly for getting an IP automatically from the SonicWALL.

I decided to then create a new VLAN 10 and dedicate Ports 13-23 on the Switch to be part of VLAN 10 instead of VLAN 5.  So as of right now Ports 1-11 on the Switch are part of VLAN 5 and Ports 13-23 are part of VLAN 10.  Also remember that Port 1 on VLAN 5 connects to the SonicWALL which goes out to the internet.

If I try to connect to Ports 2-11 with the spare laptop, it gains access to the internet.  When I try to connect to Ports 13-23 it doesn’t get access to the internet.

How am I able to connect to Ports 13-23 and be able to gain access to the internet just like Ports 2-11?
I’m using the GUI Interface for configuring everything on here for the Switch as I find it easier.  If someone could please assist me with what needs to be done through the GUI if possible that would be great.

Thanks
0
Lumious
Asked:
Lumious
1 Solution
 
Soufiane Adil, Ph.DIT, Network Architect - CCNP/CCDPCommented:
Can you issue SHOW RUN command and copy/past the config?
0
 
LeoCommented:
try taking out port authentication on one of the ports and then try it.
0
 
Bryant SchaperCommented:
I cannot comment on the GUI side easily, but if I am understanding you now have two vlans, and the router(sonicwall) is on port 4 (I know you said 1 as well, but it does not matter).  Sense 1-11 are access ports on VLAN, and 13-23 are access ports on VLAN 10, they cannot talk to each other without a router.

The sonicwall will either need to be setup to trunk VLAN 5 and 10, along with switchport 1 trunking 5 and 10 as well:


Switch:
switchport trunk allwed vlan all
switchport mode trunk

Another option is to use another port off the sonicwall and assign it an IP on VLAN 10 and connect to access port on VLAN 10 as well.
0
 
LumiousAuthor Commented:
Hi

The following is a summary of the Cisco Switch Configs.  Nothing special has been done besides the following:

VLAN 5:
Ports 1-11
Port 1 of Switch connected to Port 4 of SonicWALL
Port 3 of Switch connected to Testing Laptop (Internet Success)

VLAN 10:
Ports 13-23
No Internet Access on any ports

Below you will find my Config for my HP Procurve that I have in my testing environment.  As you can see, the internet vlan is VLAN 5 with an untagged port 1.  In the rest of the VLANs you see that port 1 is tagged, gaining the other vlans access to VLAN 5.  

I was trying to accomplish something like this on my Cisco Switch but am a little confused since the terminology is a little different.

Please let me know of any suggestions.

---------------------------------------------------
EXAMPLE OF MY HP PROCURVE

; J9279A Configuration Editor; Created on release #Y.11.44

hostname "ProCurve 2510G-24 - A"
ip default-gateway 10.5.1.254
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   no ip address
   no untagged 1-24
   exit
vlan 5
   name "Internet"
   untagged 1
   ip address 10.5.1.193 255.255.255.0
   jumbo
   exit
vlan 103
   name "iSCSi-103"
   untagged 20-24
   no ip address
   tagged 1,14-19
   jumbo
   exit
vlan 102
   name "vMotion-102"
   no ip address
   tagged 1,8-13
   jumbo
   exit
vlan 104
   name "VM-MGMT-104"
   no ip address
   tagged 1-7
   jumbo
   exit
spanning-tree
spanning-tree force-version RSTP-operation

---------------------------------------------------------

BSCHAPER:
- I'm probably going to have to go with what you suggested but am a little confused on how to go about it as I'm not that efficient in the command line.  As you can see from the example above from my HP Procurve, it's already set up correctly on the SonicWALL accepting all the VLANs and what not.  So I guess what I'm now asking, is how can I get this Cisco Switch to be identical to my HP ProCurve Switch?
0
 
Bryant SchaperCommented:
What is the model of sonicwall, not familiar with their interface, I can take a look, then give you a sample config for the SG.

this is what  I have when connecting to a cisco router:

Switch:

interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 5
 spanning-tree portfast

interface GigabitEthernet1/0/24
 description Uplink to Router
 switchport mode trunk
 switchport trunk allowed vlan all

but the firewall side is a bit more work, if it was a router, I would just use the following:

interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.5
 encapsulation dot1Q 5 native
 ip address 10.0.5.1 255.255.255.0
 !
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.0.10.1 255.255.255.0
 
Then if vlan 5 needs to access machines on vlan 10 or vice versa it would just be an ACL


For the switch if you wanted to use two Ethernet ports from the Sonicwall to the SG the above switch config is the same just ignore the trunk command and make access ports and a cable from each vlan will connect to the sonicwall.  The sonicwall will then have rules to allow access as it will treat each port as a unique network (again depending on model).  The last one I used was the TZ180 I think and it was a WAN port and small switch.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now