Cisco manage switch help

I am new to managed switches.  I have never had to set one up.  So I am not asking for the answer directly, but maybe some guidance/online tutorials.  I have printed out the manual and I attempted this setup yesterday.  After 18 hrs and still not internet and me not getting anywhere, I am now going to reach out and see if I can get some guidance.  I have setup a DLINK DES-3528, and it is currently in production, but only default VLAN can get DHCP and I there is no intercommunication between VLANS.  I have drawn up a network map on what I am trying to accomplish.  I am still going to write out what I am trying to accomplish, but the network map will help with a visual.  I will say that I have successfully set up the firewall with VLANS and static routing.  So I do have basic knowledge.  

Port 1 on NMD Setup

Internet -----> Firewall from ISP.  IP is a static assignment.
VLAN 1 -----> Public Access (10.10.10.0/24)
VLAN 100 ------> Phone only (10.20.20.0/24)

I do have access to this firewall, but I do not change any settings on it due to the ISP manages this firewall.  The ISP is a smaller ISP and I have a good name with the company so they gave me access to the firewall.

Port 2 on NMD setup

Firewall:
Internet ---> Fortigate 60E WAN.  IP is a static assignment.
Fortigate Port 1 -----> Cisco switch.  Port 1 has a total of 5 VLANS configured on it.
Switch:
Port 28 assigned to VLAN 1 (Default 10.0.0.0/24) ----> No DHCP
Port 1-8 assigned to VLAN 100 (Domain 172.16.100.0/24) ----> DHCP & DNS comes from DC with DNS, AD, DHCP installed
Port 9-12 assigned to VLAN 101 (WiFi 10.30.30.0/31) -----> DHCP & DNS comes from DC with scope defined in DHCP
Port 13-16 assigned to VLAN 102 (NAS 10.40.40.0/31) ------> DHCP & DNS comes from DC with scope defined in DHCP
Port 17-19 assigned to VLAN 200 (Mail Server 10.50.50.0/27) ------> DHCP & DNS comes from Fortigate DHCP enabled on VLAN
Port 20-25 assigned to VLAN 300 (Phone 10.10.10.0/24) -----> DHCP & DNS comes from Firewall for phone system
Port 25-27 unassigned and locked.

DHCP & DNS Server for Domain is 172.16.100.6/24
DHCP & DNS server for Phone is 10.20.20.1/24

Each VLAN has a interface assigned with a ip of a.b.c.2 (a.b.c. = first 3 sets of ip for the vlan)

So this is what I am trying to accomplish in the end:
VLAN 1 supplies internet to all VLANS
VLAN 100, 102 can access each others resources and can access VLAN 300 network so I can manage the PBX system on 10.10.10.0/24
VLAN 101 and VLAN 200 have no communications with each other or any other VLANS on network.
VLAN 300 No communications with any VLAN except VLAN 100 for management purposes, hands out DHCP to phones attached from the DHCP server 10.20.20.1

VLAN 101 will be setup to direct known devices to VLAN 100 based on MAC address.  This way the wireless computers that need access to the Domain can access VLAN 100.

I have setup static routes in the Fortigate.  Tried every way I could possibly try and still couldnt get any inter communications among VLANS.  Also tried setting up Static Routes on Cicso with not success.  The Cisco is setup for Layer 3.

I hope I have explained this in detail, and if you have any questions please ask.  I have hit a brick wall and have turned desperate for help!  If you do tell me the answer, please explain the answer.  This is not meant for someone to set it up for me and I walk away.  I want to learn this.  I have taught myself with the help of others on here everything from programming to what I know now with networking.

Information on image:
Yellow lines are hard line Cat 5e
Red dash line is WiFi
Teal line is Mail Server VLAN
Blue line going from phone to Cisco is a Cat5e comming from back of phone.  It is given ip of 10.10.10.0/24
Black lines are from the phone network.

There are more devices that do connect to the network.  I have been seeing performance issues due to all devices on the Domain network except the phones and Mail server.  After adding the NAS server and running backups, the network does slow down.  Also when there are mettings, the outside brings in the laptops and connect to the Domain network due to location of routers.  I will eventually add a Cisco AirNet access point, waiting on the PoE injector. NMD is the Network Management Device.  It has fiber from outside going to a 4 port switch convertor.  2 Ethernets comes out from NDM, 1 goes to Network 1 Firewall, 1 goes to Network 2 Firewall.
office.jpg
LVL 2
russell12Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
For interVLAN communication L3  system mode need to be enabled.
Switching to Layer 3 Mode on the SF/SG 300 Series Switches
Layer 3 InterVLAN Routing Configuration on 300 Series Managed Switch

My guess would be that you did not configure IP helper addresses for SVIs (configure DHCP relay).
Cisco SG300 – Configure DHCP Relay to allow DHCP server to support multiple subnets
0
russell12Author Commented:
So after hours and hours of working on this, I have finally got it all working except for 2 issues.  I know one of the issues is due to routing.  I can get a DHCP from the VLAN300, but the device attached to VLAN300 has 2 VLANS.  I can get a DHCP from one VLAN but not the other.  The other issue I am having is VLAN dynamic assignment.  Based on the research you can not do MAC based VLAN with Layer 3 mode.  The only 2 ways I can identify a computer for a certain VLAN is by either MAC address or ip address.
0
JustInCaseCommented:
I can get a DHCP from the VLAN300, but the device attached to VLAN300 has 2 VLANS. I can get a DHCP from one VLAN but not the other.
I guess reason for this that only that Cisco, by default, is sending requests only from one SVI IP address until one DHCP IP address pool is depleted. Only then it will sent requests for next IP address range.
IP DHCP reservation can be configured on DHCP server to resolve this issue. MAC address of host is part of DHCP packet, so DHCP can uniquely identify requester to assign proper IP address default gateway IP address etc.

I am not sure regarding SG300 devices and dynamic VLANs. My guess that 802.1x authentication in combination with RADIUS VLAN assignment would be viable solution (Port Authentication window - RADIUS VLAN assignment - enable).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
russell12Author Commented:
I ended getting everything worked out except for the dynamic VLAN assignment. After all the research on dynamic VLAN assignment on this switch, your answer is correct.  If I was to take the switch out of Layer 3 mode, then the feature is available.  I will start on that as soon as I get the final config completed on the switch.  As for the dhcp issue, I added VLAN 2 to the switch, assigned it 10.10.20.99, set dhcp relay to 10.10.20.1, and it worked great.  The phone gets it's first IP of 10.10.10.x and then gets 10.10.20.x.  Phone works and is good now.  I want to note on here just in case anyone comes across this post looking for help, I ran into a issue where odd ip's would show it had internet, but did not.  It would update the dns record, but would not resolve and would not ping and outside ip.  In my fortigate I had 2 routes defined,  0.0.0.0/0 x.x.x.y(Gateway for isp) -WAN1 and 0.0.0.0/0 10.0.0.1 (gateway for switch) - internal.  Both we're set on 0 for administrative distance and both had priority of 0.  I spent hours trying to figure out why just ip's ending in odd numbers wouldn't resolve.  To note it didn't matter if it was staticstaticly assigned or dhcp.  The issue was the priority.  I changed the priority to 2 on the static route back to the gateway, and internet was working perfectly.  I added this because I couldn't find any solution to the problem, tbh I backed up the config and started changing stuff until It was fixed.   I want to thank you Pedrag for helping me.  You didn't not just give me the answer, you guided me in the right direction to researching the answer.  I learned alot through this process.  Thank you again for your help!!
0
JustInCaseCommented:
In most situations you should not have 2 active default routes at the same time pointing at two opposite directions (maybe there could be some corner case for such usage of default routes, but even if there is - it would not be good network design). My last resort would be  to use 2 routes of last resort in that fashion. :)

You're welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.