Cisco SG300-10 Connect two seperate subnets (i.e. 192.168.101.xxx to 192.168.100.xxx)

Been racking my brains with this for days and can't seem to see what I am missing here.

I have two networks in the same building (Two separate companies but they need to share access to a particular program for accounting on the server in the second subnet).  There is one network cable that runs between the two offices to connect them for this particular program.   (This used to work by the way until we recently replaced the SBS2003 server (Which used to be the DHCP for that side of the office) with Server 2012 R2 Standard (Which I did not want to be the DHCP anymore and have passed that on to the router)

I have updated the SG300 to the latest bootloader and firmware (With much difficulty.  What's with the bootlooder having to be done via a TTFP server instead of local file download like the firmware?  Plus I have to go through 4 different firmware versions before I could get to the final one!)

Ok.  So the two subnets are 192.168.101.xxx and 192.168.100.xxx.  The server that we need access to is on the 192.168.100.xxx subnet.

I have added my two vlans and given them the IP addresses of 192.168.101.6 and 192.168.100.3 (Both with masks of 255.255.255.0)

I have included the appropriate ports into the appropriate VLANS  (2 ports for the 192.168.101 and one for the 192.168.100  That is because on the 192.168.101 side there is a router for the internet access  (192.168.101.5)  The computers on the 192.168.101 side are all fixed IP (Though when I am finished with this I will probably enable the DHCP option in the SG300 to give them DHCP capability.  But the internet still goes through the router.

the following was added into the ipv4 routes automatically:
Destination IP Prefix          Prefix Length        Route Type           Next Hop Router IP Address      Route Owner              Outgoing Interface        
                 192.168.100.0             24                       Local                                                                      Directly Connected                VLAN 2    
                 192.168.101.0             24                       Local                                                                      Directly Connected                VLAN 1    
   
I thought that if I added this:

                 192.168.100.11          32                     Remote                 192.168.100.11                        Static                                        VLAN 2

that it should automatically pick up any requests to 192.168.100.11 and route them through VLAN 2 to the server on the other side.

But alas that does not seem to be the case.

Additional info:

There is another router on the VLAN 2 side at 192.168.100.1 which is set to DHCP and working for that side just fine.

Any help much appreciated.  Have been struggling with this for 2 days now.

Please don't hesitate to let me know what other info you might need to help me resolve this.  I am fairly computer literate but do not know much about subnets and the like.

Other things I thought of after posting.  When I try to ping my 192.168.100.11 IP address I am getting a response back from the router on this side (192.168.101.5) saying "destination host unreachable".  I thought that adding the ipv4 route mentioned above is supposed to make it reroute when it sees the request to access 192.168.100.11?

The wiring is as follows.  Internet from fiber optic to RV042 Router with fixed IP address for Wan side and 192.168.101.5 for LAN side (DHCP Turned off as previously mentioned).  Lan side goes to the SG300 VLAN 1 (101.6) and also another port of the VLAN 1 goes to another standard switch which feeds the rest of the computers and hardware on this side.

VLAN 2 (100.3) goes to a standard HP Procurve Switch on the 100.3 side.  As previously mentioned there is a Router on that side (100.1) with DHCP enabled and working.  The server (100.11) is fixed IP outside of the scope of the router.

Carl
LVL 1
jctcomAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
If I understand your topology correctly, you have 2 separate routers for the 2 networks.
router 1 has both 192.168.100.0/24 and 192.168.101.0/24 while router 2 has 192.168.100.1/24.

If what I summarized is correct, then it won't work due to conflict. Remove the 192.168.100.0 /24 interface from router 1 and configure route on router 2 that points to router 1
If my summary is incorrect, please provide a diagram that displays how the two networks are connected with their IPs

Assuming your connections are correct, be aware that routing is a two way traffic. You have routes configured on the first router, you also need routes configured on the 2nd router.

Also, is this a typo
192.168.100.11          32                     Remote                 192.168.100.11                        Static
That's a host IP telling itself it's a remote network

I hope this helps
JustInCaseCommented:
I am not sure about topology (draw of topology could help a lot).
:)
As for other parts.
First question is where is default gateway located, packets need to be routed from default gateway to other location, and also, need to be routed on the way back.
You need to create static routes that will point to next hop how to reach specific address.
I am getting a response back from the router on this side (192.168.101.5) saying "destination host unreachable"
This means that router have no idea how to reach network 192.168.100.0/24 (or host 192.168.100.11) that you are trying to reach, so most likely packets use default route and go to internet (and dropped).

ip route 192.168.100.11 255.255.255.255 x.x.x.x
This is the way to tell the router that - when you try to reach host 192.168.100.11 you should go to x.x.x.x, he knows how to reach that address. Maybe on host x.x.x.x you need to add also static route to point where is location of host 192.168.100.11. And that's not all, routers should also need to know how to reach host that sent ping (or any other request). So, on routers on the way back you should point to hosts or network(s) how to get back ip route 192.168.101.0 255.255.255.0 y.y.y.y - to reach 192.168.101.0/24 network next hop address is y.y.y.y. Also, all routers that receive packet that have host from network 192.168.101.0 as destination need to know how to reach there.
jctcomAuthor Commented:
I understood that the SG300 (In Layer 3 mode) Could connect two subnets without needing another managed switch on the other end.  and it did work up until we replaced our server recently.  the only change I made other than replacing the server was to make the Router (192.168.100.1) the DHCP server instead of the Windows Server box (192.168.100.11) on that side of the network.

Here is a diagram of how the hardware is connected currently:

Network Diagram
Here is a link to the image in case you want a larger view that you can draw on or something and post back?

Network Diagram Link

Hopefully that will make it more clear.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

JustInCaseCommented:
If your gateway is on SG300 (ip address 192.168.101.6) and routing is enabled on it then you should not need any route there, since it have directly connected interfaceto 192.168.100.0/24 network . Packets to network 192.168.100.0/24 will be routed directly to VLAN2. But if your default gateway is Cisco RV042 IP address 192.168.101.5 (and I guess that is the case here)  RV042 have no idea how to reach 192.168.100.0/24
So, I guess that static route that point to 192.168.101.6 as next hop to reach 192.168.100.0/24 network should solve that problem. Other way would be to add static route on your hosts route -p ADD 192.168.100.11 MASK 255.255.255.255  192.168.101.6 - this would add permanent route in windows hosts how to reach server 192.168.100.11. But on the way back you also have problem, all traffic from 192.168.100.0/24 server including 192.168.100.11 for other networks goes directly to default gateway 192.168.100.1 and gateway have no idea where is network 192.168.101.0/24 located so it will use default route to forward traffic. Again you can use the same solution add route on router2 how to reach network 192.168.100.0/24 - ip route 192.168.101.0 255.255.255.0 192.168.100.3 or add permanent route to windows server route -p ADD 192.168.101.0 MASK 255.255.255.0 192.168.100.3
I guess simplest way would be to set route on router1 (RV042) and add permanent static route on server.
Best way would be to redesign network so SG300 become default gateway, but that would also mean creating separate VLAN for connection with RV042 (and I don't know what changes would be needed there), so I guess that is not the option here.
jctcomAuthor Commented:
I did try to add the route on the SG300
192.168.100.11 MASK 255.255.255.255  192.168.101.6
 But when I try to add that in the SG300 comes back with an error
Gateway cannot be one of the addresses configured on this device..
same thing with
192.168.101.0 MASK 255.255.255.0 192.168.100.3
 (Doing this via the GUI as I do not know the command lines).

The incoming internet connection is a Fixed IP address with fixed DNS numbers.  I don't see any way in the SG300 to add that info to make it the internet router as well as the internet gateway.  But maybe I am not looking in the right place?

I thought that from the 101.xxx workstations perspective that since the SG300 is before the RV042 router that it would grab any traffic trying to get to 100.xxx and route it through VLAN2 before it ever reaches the RV042 router (101.5)?

I did try on one of the computers that need to reach the 100.11 server setting it's IP configuration to DHCP and it grabbed a proper address looks like from the SG300 but with the gateway set to the RV042 (Which I think it would still need to do to maintain internet access?)

I will have to look at any other responses in a few hours when I get up again as it is almost 3am here and I am starting to nod off.

Carl

Carl
JustInCaseCommented:
If your gateway is on SG300 (ip address 192.168.101.6) and routing is enabled on it then you should not need any route
cmd - run as administrator (if you have permissions)
This one should be added to windows server
route -p ADD 192.168.101.0 MASK 255.255.255.0 192.168.100.3
so server would directly send packets to SG300 switch if packets have destination IP address in 192.168.101.0/24 network

This one can be added to windows hosts (if there is a few of those can be done, if there is more than few...)
route -p ADD 192.168.100.11 MASK 255.255.255.255  192.168.101.6
This will make hosts send packets for server 192.168.100.11 to SG300 switch (other traffic to 192.168.100.0/24 network would not be affected with this route)

This can you can add to RV042 to point switch as next hop, so switch can route packets
ip route 192.168.100.11 mask 255.255.255.255 192.168.101.6
Switch knows where are both networks and even if it would be allowed to add static routes those would not be in use.

And this one you can be configured on router 2 to forward packets to SG300 switch
ip route 192.168.101.0 mask 255.255.255.0 192.168.100.3

So, you can do it with Windows routes or routers routes manipulation (no need for both on one side (network)).
In any case you don't configure any routes on SG300 since switch is directly connected to both networks. :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jctcomAuthor Commented:
Thank you so much.  When I saw your last message it looked fairly easy to test.  So I went ahead and stayed up to implement it and it worked perfectly.

There are only 3 workstations at the moment from VLAN 1 that need to connect to VLAN 2 so doing this per workstation is not a big deal.

I am guess in in my previous scenario when I was running the Server 2003 Small Business edition I must have put something like this into the IP / DHCP Scope of the server to get this working but that was 8 years ago and I didn't remember what I had done.

Thank you so much for your help and I am happy that my clients will now be able to access their accounting software when they get in in the morning (about 4 1/2 hours from now!)

Carl.
JustInCaseCommented:
I am glad I could help.
And, as usual - problem with adding static to PC instead of change router configuration is that after some time you forget about what you did, and when you change something (add new server or add new PC) you need to remember what was the little thing that you did to make it work.
That's why I mentioned that best solution would be to make SG300 default gateway ....
:)
jctcomAuthor Commented:
Well I won't be forgetting again.  This whole thread is going to get rewritten and posted into my private FAQs.  (You might be able to see them @ http://glpi.jct.ca )

I think I have opened up the FAQ section to public.

Carl.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.