Mark Beamon
asked on
I am new to VLANs, I have a CISCO SG300-10. How do I configure 3 VLAN to create 3 separate networks which can communicate on the 1 SG300-10 switch
I am new to VLANs, I have a single CISCO SG300-10. How do I configure 3 VLAN to create 3 separate networks which can communicate on the 1 SG300-10 switch. Would be nice to provide internet access. I cannot tell step by step how to do this. I have read the posts, but none match up pt for pt with SG300-10 interface. Not sure whether to use General or Trunk, Tag or Untagged.
I am creating 3 VLANs on the SG300-10
VLAN 1 = default 192.168.1.254 on GE1
VLAN 10 = 192.168.0.250 =GE3-GE5
VLAN 20 =172.16.20.250 = GE7-GE9
VLAN 30 = 192.168.77.250=GE10
How should the ports be configured so the hosts on the VLANs can communicate with each other. I keep reading the inter vlan should happen automagically, but it is not happening.
I am creating 3 VLANs on the SG300-10
VLAN 1 = default 192.168.1.254 on GE1
VLAN 10 = 192.168.0.250 =GE3-GE5
VLAN 20 =172.16.20.250 = GE7-GE9
VLAN 30 = 192.168.77.250=GE10
How should the ports be configured so the hosts on the VLANs can communicate with each other. I keep reading the inter vlan should happen automagically, but it is not happening.
If routing is not happening routing is not enabled.
! enter privileged mode
enable
!
! enable routing with command below - If this command is entered manually, the Startup Configuration file is deleted and the device is rebooted. It is highly ! recommended to back up the Startup Configuration file before executing (if there is configuration already present and need to be kept)
set system mode router
!
config t
!
! create default route assumes that next-hop router IP is 192.168.1.254
! (and that upstream router also have routes to local networks)
! create vlans
(conf)# vlan database
(config-vlan)# vlan 1,10,20,30
!
! create SVIs for VLANs and assign IP addresses to it
(config)# interface vlan 1
(config-if)# name PathOut
(config-if)# ip address 192.168.0.1 /24
!
(config)# interface vlan 10
(config-if)# name Office
(config-if)# ip address 192.168.0.250 /24
!
! filter traffic if you want to (looks like you don't want, but to have it here if you will need it :)
(config-if)# name Guests
(config-if)# ip address 172.16.20.250 255.255.255.0
(config)# interface vlan 30
(config-if)# name Production
(config-if)# ip address 192.168.77.250 255.255.255.0
!
! assign ports to VLANs as access
!
(config)# interface gi1
(config-if)# switchport mode access
(config-if)# switchport access vlan 1
!
(config)# interface gi3-5
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
!
(config)# interface range gi7-9
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
!
(config)# interface gi10
(config-if)# switchport mode access
(config-if)# switchport access vlan 30
! enter privileged mode
enable
!
! enable routing with command below - If this command is entered manually, the Startup Configuration file is deleted and the device is rebooted. It is highly ! recommended to back up the Startup Configuration file before executing (if there is configuration already present and need to be kept)
set system mode router
!
config t
!
! create default route assumes that next-hop router IP is 192.168.1.254
! (and that upstream router also have routes to local networks)
! THESE ROUTES SHOULD BE CONFIGURED ON UPSTEAM DEVICE!
! ip route 192.168.0.0 255.255.255.0 192.168.0.1
! ip route 172.16.20.0 255.255.255.0 192.168.0.1
! ip route 172.16.77.0 255.255.255.0 192.168.0.1
(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.254
! create vlans
(conf)# vlan database
(config-vlan)# vlan 1,10,20,30
!
! create SVIs for VLANs and assign IP addresses to it
(config)# interface vlan 1
(config-if)# name PathOut
(config-if)# ip address 192.168.0.1 /24
!
(config)# interface vlan 10
(config-if)# name Office
(config-if)# ip address 192.168.0.250 /24
!
! filter traffic if you want to (looks like you don't want, but to have it here if you will need it :)
! assign filter to vlan(config)# interface vlan 20
! service-acl input DENY-ACCESS-1
! Filter traffic from other VLANs
! ip access-list extended DENY-ACCESS-1
! deny ip any 172.16.20.0 0.0.0.255
! deny ip any 192.168.77.0 0.0.0.255
! permit ip any any
(config-if)# name Guests
(config-if)# ip address 172.16.20.250 255.255.255.0
! Filtering again!
! service-acl input DENY-ACCESS-2
! ip access-list extended DENY-ACCESS-2
! deny ip any 172.16.0.0 0.0.0.255
! deny ip any 192.168.77.0 0.0.0.255
! permit ip any any
(config)# interface vlan 30
(config-if)# name Production
(config-if)# ip address 192.168.77.250 255.255.255.0
!
! assign ports to VLANs as access
!
(config)# interface gi1
(config-if)# switchport mode access
(config-if)# switchport access vlan 1
!
(config)# interface gi3-5
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
!
(config)# interface range gi7-9
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
!
(config)# interface gi10
(config-if)# switchport mode access
(config-if)# switchport access vlan 30
ASKER
Thank you both. I saw the other article, but it did not go into detail as to the port set up. Should the ports be tagged or untagged. Trunk or general. I am using the WebUI, so what does switchport mode access translate to in the webui?
Where can I verify if routing is enabled or not?
Thank you
Where can I verify if routing is enabled or not?
Thank you
Generally, it is untagged, however, on some devices in that case you need to configure also PVID to match the same VLAN as untagged (there is option for PVID, but I never used GUI for SG300). But, as much as I can see, there is also access on the port list in the GUI.
much of the port designation deals with what the use is. ONe if this is a voice based network, you would use the cisco LLDP and auto-assign vlan to device based on the mac identity which is either a phone/communication device or something else.
YOu have three vlans that are not defined/described on their use
so it is hard to answer which is the better option tagged or untagged.
YOu have three vlans that are not defined/described on their use
so it is hard to answer which is the better option tagged or untagged.
ASKER
My 3 VLANs are all data based, no voice or video.
Thank you
Thank you
OK, so now you have to make sure the devices that you want are connected to the ports designated as that VLAN.
Beside the switch what else do you have? which systems need external access all, only one .........
your initial setup of the VLAN seesms ok... you can use the example to set the rules/interactions between/among the vlans. ....
Beside the switch what else do you have? which systems need external access all, only one .........
your initial setup of the VLAN seesms ok... you can use the example to set the rules/interactions between/among the vlans. ....
ASKER
I have the SG300, then I will have 2-3 separate hosts on each VLAN with static IP addresses, and each VLAN may or may not have a Cradlepoint wireless router on there acting as a DHCP server.
Thank you.
Thank you.
ASKER
The hosts are notebooks, desktops and ip devices
Thank you
Thank you
Are you running into issues after configuring the inter vlan communications that needs further attention?
ASKER
Sorry, I could not get back online to say THANK YOU. My issue has been resolved.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Short, sets the switch to operate and do what you want.
https://supportforums.cisco.com/discussion/11520346/cisco-sg300-10-how-set-inter-vlan-routing