cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
182389
Views
80
Helpful
28
Replies

Cisco SG300-10 - How to set up Inter VLAN routing.

I have an urgent issue with the above switch:

I have a connection on IP 192.168.1.21, Subnet 255.255.255.0 - this is on the default VLAN1 on the switch. I need to route this to IP 10.0.3.101, Subnet 255.255.252.0 - which is set up on VLAN2 on the switch. I have set the switch to Layer 3 via console.

Could someone please advise how I setup this route? I am use the Browser based interface.

Gavin

28 Replies 28

David Hornstein
Level 7
Level 7

Hi Gavin,

I know you set the switch into layer 3 mode already, but for others.  i think step 6 maybe be a relevant starting point for you. But the notes in red  far below are commonly neglected items.

step 1. Make sure the switch is using the most current version of firmware. As of today 7th June 2012,  that firmware is version 1.1.2.0

Step 2  change system mode.

I have to change the switches default  switching mode from layer 2 to layer 3

I personally find it easier to change the switch default layer 2 mode to layer 3 mode via a telnet session.

If your USB to serial dongle works fine goto to step 4 and enter the switch console menu..

otherwise  I have to enable the telnet service on the switch via the GUI.

Step 3.    telnet (or console)  into the switch and login .

         

Step 4.     type in 'menu' or try the CLI method as shown below

Step 5.      Goto menu   item 4.  'System Mode'   and  edit and change the mode to layer 3


Read the warning on that page as seen in the screen capture above, as the switch is reset to factory defaults, but with Layer 3 mode enabled..

The switch will reboot to factory defaults, but now we can add IP interfaces to your VLAN interfaces.

Below is the cli method;

CLI method

switch38cbaf#set system mode router

Changing the switch working mode will *delete* the startup configuration file

and reset the device right after that.

It is highly recommended that you will backup it before changing the mode, continue ? (Y/N)[N] Y


step 6. I want to  create the second vlan for the 10.0.0.x network

In my SG300-10P setup,  I  evenly segmented the switch ports as follows;

.

I will make ports 5 to 8 untagged in this new vlan 2  as per the screen capture below.

My reasoning was that any device such as a users PC or maybe server,  most likely is non vlan aware, so they expect to see untagged ethernet frames.

Now now go down to IP Configuration> IPv4 interfaces in the GUI,   and add a new IP address for this new VLAN 2.

note:

  • For the interface route to become active (ping-able) on VLAN 2,  a Host must be plugged into vlan 2

  • The router connected onto VLAN1 will have  to have a static route for the 10.0.0.x network with

        a gateway address of 192.168.1.21.

  • Remember to save your configuration , by clicking save at the top right corner of the GUI.

hope this helps

regards Dave

Thanks Dave,

I have set it all up as you suggest but I cannot ping from VLAN1 to VLAN2 (I'm using 2 PCs to test this).

Also, does this setup allow and external device (in this case a Honeywell Modbus Client) on VLAN2 to request information from VLAN1 connection (In this case a Siemens CP443 Comms Card on 192.168.1.21, 255.255.255.0) via the IP 10.0.3.101, 255.255.252.0 as this is what our customer requires - they dont want to connect to any other devices on VLAN1.

Could you expand further on the static route and gateway parts please.

Thankyou for your assistance so far.

Gavin

Hi Gavin

Look closely at the following diagram. It roughly drawn by MS Paint, but a picture is worth a thousand words.

Print the diagram below, and follow closely the story as it unfolds.

There are two Hosts (PCs ) connected on the Sg300-10 switch., in my example above

A PC on switch port 1,  IP address=192.168.1.22 in VLAN1

IP host on switch port 7 with  IP= 10.0.3.111  in VLAN 2.

Lets say the host in VLAN 2 , which I will call host2  wants to 'talk' to the host in VLAN 1, which i will call host1.

Here is a vervbalized   story of how host2 wants to talk with host1

In general IP hosts,  can onlt talk to other IP hosts in their IP network.

But Host2 wants to communicate or send a  packets to host1 . 

Host2 has a default gateway, which is the IP address of VLAN2 on the SG300-10P

In other words it sends packets to the switches at IP address  10.0.3.101, and lets the switch decide how and where to forward the packet destined for host1.

Host1 has a default gateway, but that  is the IP address of the router, 192.168.1.1.

So,  when Host1 tries to communicate  anywhere outside it's known network, it just forwards the packet to the WAN router , and the wan router  has to make a decision as to  where to forward a packet.

Notice the routing table on the right side of the router. 

This table shows only  two entries in my example. The first entry with just about all the zero's in it is called a default route..

This default route basically tells the router , if you don't know where to send the packet,  send it out the WAN  interface to the next hop of  76.0.1.223. (In other words it lets the internet or service provider make the next decision as to  where to send a packet next.)

The second Router  route entry tells the router how to get to the 10.0.0.0 /22 network.

This static route statement, keyed in manually by me, if verbalized in english tells the router the following;

  to get to the 10.0.0.0 /22 network,  your next hop will be 192.168.1.21 on vlan 1.

Ah, 192.168.1.21 is the IP address of VLAN1 on the switch.

ok,  That's the rules.

So now we sort of understand some rules, so lets look at where the packets flow around this hypothetical network...

host2 wants to talk to host 1.

Host2 send a packet,  that is intercepted by switch interface vlan2 , IP address 10.0.3.101

The switch then looks in it's internal route table, but it knows where the 192.168.1.0 network is, because it has a interface  directly connected to vlan1.

That SG300-10  switch interface  has a ip address of 192.168.1.21.

Ok so,  the packet gets to HOST1 because the switch actually knows where host1 is.

But what happens when host1 wants to reply to host2.

host1 ( the PC) looks in it's built in and  hidden route table , but all it has is a default gateway of 192.168.1.1.

This default gateway is like the default route on the WAN router.

host1 just forwards the packets from unknown sources to it's default gateway, the router.

So, host1 (192.168.1.responds to host2 (10.0.3.111), by sending it's response to the router.

(Host1 can only assume that this traffic from 10.0.3.111 came from the router.   yeah pretty dumb.)

The router looks up it route table, but it knows where the 10.0.3.0 network is.  It looked through it's route table and says  to itself.

Oh,  i have to forward the packet from host1 to my host at 192.168.1.21, because it know where 10.0.0.0 network is.

The router doesn't know that 192.168.1.21 is a switch. 

the router lets that device at 192.168.1.21  worry about forwarding host1 response to host2.

That's basically the story, and explains what the wan router should have a static route .  Most routers, even domestic routers allow for the addition of a static route.

I hope this story helps you and other understand the packet flow..may have to read this story a few times.

regards Dave

Hi Dave,

This is excellent and very helpful however one more question if you dont mind.

I do not have the external router referred to in your response (nor the internet connection). I only want to make sure that bi-directional communication can be possible between Host 2 & Host 1.

Is this possible without additional equipment? It appears the Host 2 can get through to Host 1 OK but not the other way round.

Please excuse the ignorance here - I am an electrical & control engineer who doesnt dabble in IT very often (at least not to this extent anyway)

If you could clarify that would be great and thanks again for your patience.

Regards

Gavin

Hi gavin,

Still using the network diagram ;

If you make host1 default gateway, 192.168.1.21, as seen in the diagram above,   then both host1 and host2  (on the different vlan) will be able to communicate. 

note: If the process control device,  communicates by broadcasting  traffic within the LAN, then  the broadcast will not jump normally from one vlan to the other vitual LAN (VLAN) .

regards Dave

Thanks Dave,

I can now communicate from one VLAN to another. I have 2 x Hosts also on VLAN1 which do not have default gateway input capability - I can ping them but it usually times out after 1 response maybe 2. Is there a way I can setup a route in the SG300-10 for these devices which will allow it to be reliably "pinged"? They are Bently Nevada Type 92 Communications Gateways.

Thanks

Gavin

Hi gavijn,

I was away for a couple of weeks..sorry.

No need for setting up a routes..I would look elsewhere for the issue as when you create the VLAN and associate a IP address with it, a interface route is automaticcaly create when the vlan becomes active (device plugged into it).

regards Dave

This is informative indeed!  Thank you David and Gavin.

I have a similar arrangement, except I have two SG300-28 switches.  They are linked via GB fiber port.

Switch 1 has one VLAN (VLAN1) and Switch 2 has two VLANs (VLAN2 and VLAN3).  Existing post helps me understand how to get traffic between VLAN2 and VLAN3, but am unsure how to get traffic routed between the two switches and all of the respective VLANs. There needs to be a way to route traffic between any/all 3 VLANs.  How would I best approach this arrangement?

Thanks for any help you can provide,

Jeff I

Hi Jeff,

What follows is an approach you can take.

Let me preface my discussion by stating  that  Layer 3 switching within the 300 series is pretty simple,

You have to tell the switch how to route by manually  adding  static routes to tell the switch where to send packets.

The switch is smart enough to create interface routes under two conditions;

  • when you add a IP address and associate that with a VLAN an IP interface is created
  • This interface   becomes active only when at least one  switchport  interface is administratively up within the VLAN.   When it becomes active a interface route  appears in the sswitches IP route table.

phew.. them is a heap of words

Ok.. so let me try to  expand  and explain by using the diagram from the example way above.  I am connecting two layer 3 enabled SG300-10 switches together via a cat5e or even better CAT6 cable. 

Notice in switch two (on the right) I have assigned a IP address to the VLAN 1 interface of 192.168.1.22.

I then add a  static routes within each switch , telling each switch how to get to the IP  networks on the other switch.

I picked VLAN 1 in my example above as all ports are untagged in VLAN 1 by default, so VLAN1 existed on both switches.

Notice that on switch two,  I added something called a default route that has a next hop to the IP address of Switch 1 Vlan 1 interface.

This tells Switch 2, if you don't know where to send the IP packet send it onto vlan1 with a next hop of 192.168.1.21.

we may have to continue our discussion.

regards Dave

Hi Dave,

The explanation is great, unfortunately I cannot get either of the first two scenarios to work.

I have two Windows 7 workstations set up as the hosts, with their gateway addresses set to point to the respective VLAN address on the switch.

I have a Linksys WRVS4400N set up as the router on Port 10

The switch was originally on 1.0.0.4, and I have loaded the latest firmware 1.2.9.44, and also reset the switch to factory defaults before entering the configuration, and it still will not work.

From each host I can ping their respective VLAN address on the switch, and on VLAN 1 I can ping the router, from the workstation on that VLAN.

Both hosts show in the ARP table.

But I cannot establish communications between VLAN's in either direction.

Any Ideas, I have spent several days trying different setups with no success.

Many Thanks Richard

Hi Richard, if you are using the WRVS4400n, you need to make a trunk port on the switch with the default vlan untagged, all additional vlans tagged. On the WRVS4400n you will need to create the 2nd vlan and do the same thing, the default vlan 1 untagged, all additional vlans tagged.

If you are using the switch by itself and nothing else around, this topic answers the question.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

Unfortunately still not working.

Here is what I have currently setup.

Host 1     IP address     192.168.1.100     mask     255.255.255.0     Gateway Address     192.168.1.1

     Connected to Port 1 as Trunk with Vlan 1 untagged and Vlan 2 tagged.

Host 2     IP Address      10.0.3.111          mask     255.255.252.0     Gateway Address      10.0.3.101

     Connected to Port 7 as Trunk with Vlan 2 tagged and Vlan 1 excluded.

Router     IP Address     192.168.1.1        mask     255.255.255.0     Port 1     VLAN 1     Trunk: None

     Connected to Port 10 as Trunk with Vlan 1 untagged and Vlan 2 tagged.

     Routing table in WRVS 4400N

     Destination     192.168.1.0     Mask     255.255.255.0     Gateway     192.168.1.1        LAN

                              192.168.1.0     Mask     255.255.255.0     Gateway     0.0.0.0                 LAN

                              70.79.152.0     Mask     255.255.252.0     Gateway     70.79.155.142   WAN

                              70.79.152.0     Mask     255.255.252.0     Gateway     0.0.0.0                 WAN

                              239.0.0.0          Mask     255.0.0.0              Gateway     0.0.0.0                 LAN

                              0.0.0.0               Mask     0.0.0.0                  Gateway     70.79.152.1        WAN

Switch is in Layer 3 with firmware 1.2.9.44

CDP enabled

LLDP enabled

VLAN 1     default     Static     192.168.1.21     255.255.255.0     Valid

VLAN 2     Voice     Static      10.0.3.101          255.255.252.0     Valid

Static Route     Destination:     0.0.0.0/0          Next Hop Router:     192.168.1.1     Static     Metric: 1

From Host 1, I can access the internet and ping any port or device on Vlan 1

From Host 2, I can ping any portor device on Vlan 2.

Nothing else works, Host 1 cannot ping host 2

If I try and enter a static route in the router of destination 10.0.3.0/22 with gateway 192.168.1.21 it is rejected.

If I try and enter a static route in the switch of destination 10.0.3.0/22 with gateway 10.0.3.111 it is rejected (Ip mask does not cover the destination address).

I cannot find how to create Vlan2 on WRVS4400n or how to tag or untag its ports.

regards

Richard

Hi Tom,

Unfortunately still not working.

Here is what I have currently setup.

Host 1     IP address     192.168.1.100     mask     255.255.255.0     Gateway Address     192.168.1.1

     Connected to Port 1 as Trunk with Vlan 1 untagged and Vlan 2 tagged.

This should be vlan 1 untagged

Host 2     IP Address      10.0.3.111          mask     255.255.252.0     Gateway Address      10.0.3.101

     Connected to Port 7 as Trunk with Vlan 2 tagged and Vlan 1 excluded.

This should be vlan 2 untagged

Router     IP Address     192.168.1.1        mask     255.255.255.0     Port 1     VLAN 1     Trunk: None

     Connected to Port 10 as Trunk with Vlan 1 untagged and Vlan 2 tagged.

     Routing table in WRVS 4400N

     Destination     192.168.1.0     Mask     255.255.255.0     Gateway     192.168.1.1        LAN

                              192.168.1.0     Mask     255.255.255.0     Gateway     0.0.0.0                 LAN

                              70.79.152.0     Mask     255.255.252.0     Gateway     70.79.155.142   WAN

                              70.79.152.0     Mask     255.255.252.0     Gateway     0.0.0.0                 WAN

                              239.0.0.0          Mask     255.0.0.0              Gateway     0.0.0.0                 LAN

                              0.0.0.0               Mask     0.0.0.0                  Gateway     70.79.152.1        WAN

Router table on the router doesn't matter since you're trying to be local to the switch

Switch is in Layer 3 with firmware 1.2.9.44

CDP enabled

LLDP enabled

VLAN 1     default     Static     192.168.1.21     255.255.255.0     Valid

VLAN 2     Voice     Static      10.0.3.101          255.255.252.0     Valid

Static Route     Destination:     0.0.0.0/0          Next Hop Router:     192.168.1.1     Static     Metric: 1

This is fine

From Host 1, I can access the internet and ping any port or device on Vlan 1

From Host 2, I can ping any portor device on Vlan 2.

Host 2, you won't access the internet until you get the router sorted out

Nothing else works, Host 1 cannot ping host 2

If I try and enter a static route in the router of destination 10.0.3.0/22 with gateway 192.168.1.21 it is rejected.

If  I try and enter a static route in the switch of destination 10.0.3.0/22  with gateway 10.0.3.111 it is rejected (Ip mask does not cover the  destination address).

I cannot find how to create Vlan2 on WRVS4400n or how to tag or untag its ports.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

I tried the setup you recommended without the router, but no inter vlan communications in either direction.

           

   

However in digging deeper I discovered that the switch interprets the VLAN 2 address of 10.0.3.101 irrespective of the subnet mask, as belonging to network 10.0.0.0.

This can be seen when you do; show ip route

Maximum Parralel Paths: 1 (1 after reset)

IP Forwarding: enabled

C 10.0.0.0/22 is directly connected. vlan 2

C 192.168.1.0/24 is directly connected. vlan 1

If I connect my router as shown earlier, and enter an addtional route using 10.0.0.0 as the destination address using gateway 192.168.1.21, I can get most of the communications working, ie;

Host 1 to Vlan1 works

Host 1 to Internet works

Host 1 to Host 2 fails

Host 2 to Vlan 2 works

Host 2 to Internet works

Host 2 to Host 1 works

Note; The router is an older Linksys WRVS4400n and the firmware is different to the Cisco model.

 

If I insert a second router on Vlan 2 and enter a static route to it on the switch, I can communicate from Vlan 1 to the second router, but that defeats the purpose of a layer 3 switch, and uses up an additional port that I need.

It really is beginning to appear that this SG300 switch is not operating correctly.

regards

Richard

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X