Roller2
asked on
Watchguard - SG300 Vlans issue
Hi all,
I face an issue with a Watchguard firewall and a SG300 Cisco switch. I have 4 Watchguard interfaces as Vlans 1, 20, 30, 40 and I cannot make the SG switch to work. In the switch, I have the vlans 1, 20, 30, 40 and the three already connected switch ports to Watchguard, are members of the appropriate vlans (20,30,40).
The switch port 1 is untagged to vlan 1 and the connection is OK. With the three vlans, 20, 30, 40, the switchports are Access type, to vlan 20, 30, 40 respectively.
The result is that that the vlans 20, 30, 40 are not working.
Does anybody can tell me the right SG300 switch port modes for the vlans 20,30,40?
Thanks
I face an issue with a Watchguard firewall and a SG300 Cisco switch. I have 4 Watchguard interfaces as Vlans 1, 20, 30, 40 and I cannot make the SG switch to work. In the switch, I have the vlans 1, 20, 30, 40 and the three already connected switch ports to Watchguard, are members of the appropriate vlans (20,30,40).
The switch port 1 is untagged to vlan 1 and the connection is OK. With the three vlans, 20, 30, 40, the switchports are Access type, to vlan 20, 30, 40 respectively.
The result is that that the vlans 20, 30, 40 are not working.
Does anybody can tell me the right SG300 switch port modes for the vlans 20,30,40?
Thanks
ASKER
Ηι!!
thank you very much for your answer.
I have to follow some guide lines, and I cannot create sub interfaces. I have 4 separate interfaces, each one with its own GW.
Your assumption for the vlan 1 is correct.
In the WatchGuard I have:
- Interface 1, as physical, trusted interface (untagged)
- Interface 2, 3, 4 as VLans 20, 30, 40 (Tagged)
in the SG Switch, I'm OK with Vlan 1 as I have described. Switch ports 2, 3, 4 are connected directly to the WatchGuard (VLAN) interfaces 2, 3, 4.
The SG Ports mode is:
- Port 2 (Vlan20) = Switch port mode General - Vlan 20 Tagged
- Port 3 (Vlan30) = Switch port mode General - Vlan 30 Tagged
- Port 4 (Vlan40) = Switch port mode General - Vlan 40 Tagged
Is it correct to use General mode?
Thanks again
thank you very much for your answer.
I have to follow some guide lines, and I cannot create sub interfaces. I have 4 separate interfaces, each one with its own GW.
Your assumption for the vlan 1 is correct.
In the WatchGuard I have:
- Interface 1, as physical, trusted interface (untagged)
- Interface 2, 3, 4 as VLans 20, 30, 40 (Tagged)
in the SG Switch, I'm OK with Vlan 1 as I have described. Switch ports 2, 3, 4 are connected directly to the WatchGuard (VLAN) interfaces 2, 3, 4.
The SG Ports mode is:
- Port 2 (Vlan20) = Switch port mode General - Vlan 20 Tagged
- Port 3 (Vlan30) = Switch port mode General - Vlan 30 Tagged
- Port 4 (Vlan40) = Switch port mode General - Vlan 40 Tagged
Is it correct to use General mode?
Thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is exact what I tried right now.
Thank you very much
Thank you very much
On the switch, VLAN 1 works (I"m assuming your IP gateway is for VLAN1?)
What are you pinging on the other VLANs to determine its not working?
You technically could've just created sub-interfaces under the main interface in the firewall, VLAN tagged it, then on the switch port 1, created a trunk to allow all those VLAN's to pass through, then segment the other ports as you see fit.