Sg300-28 inter-vlan routing

Answered Question
Feb 23rd, 2014
User Badges:

Hello



I appreciate and thanks in advance if you can help with this simple configuration



In SG300, in layer 3 mode, how can you make 2 VLANs see each other?


In my home lab:


VLAN1             default (GE1:  Access mode)  192,168,2.254

VLAN10           Static  (GE24: Access mode)  192.168.10.1

Common Port              GE25: Trunk Mode conected directly to my router interface 192.168.2.1)


VLAN1    can communicate with outside world and internet, for example, from another subnet: 192.168.1.0

VLAN10  is not visible from from outside and from VLAN1


How can I allow traffic from VLAN10 to go through the common Port GE25 to the outside world?


The Router config says: VLAN10 is diretly connected to 192.168.2.1 but I cannot ping it. I wonder why?


Regards

Minh


--------------------------------------------------

SG300#show vlan

Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN


Vlan       Name                   Ports               Created by

---- ----------------- --------------------------- ----------------

1           1            gi1-23,gi25-28,Po1-8            D

10       VLAN10                  gi24                    S




SG300#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static



S   0.0.0.0/0 [1/1] via 192.168.2.1, 36:24:22, vlan 1

C   192.168.2.0/24 is directly connected, vlan 1

S   192.168.10.0/24 [1/1] via 192.168.2.1, 27:23:12, vlan 1

Correct Answer by Tom Watts about 3 years 5 months ago

Hi Minh, see this post for some guidance

https://supportforums.cisco.com/message/4178990



-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/

Correct Answer by Tom Watts about 3 years 5 months ago

Need to set default gateway on the switch at 192.168.2.1



-Tom
Please mark answered for helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
mpyhala Sun, 02/23/2014 - 14:41
User Badges:
  • Gold, 750 points or more

Minh,


In Layer 3 Mode the switch will route between VLANs. The default VLAN 1 becomes the gateway for any additional VLANs. (192.168.2.254 is the gateway for 192.168.10.x) You only need to create a VLAN interface for each VLAN, which you have already done.


The port connected to the router should an access port VLAN 1 untagged. In the router, create a static route to 192.168.10.x that looks like:


To get to 192.168.10.0/24, go to 192.168.2.254


This will allow VLAN 10 to have internet access. The default gateway for VLAN 10 hosts is 192.168.10.1.


Since VLAN 10 is directly connected to VLAN 1, there is no need to create any route in the switch.


- Marty

minh06_pham05_60 Mon, 02/24/2014 - 00:07
User Badges:

Thanks Marty!


Following your advice, It works almost 100%!


I can ping any host from any VLAN, from VLAN1 <=> VLAN10


Except that I cannot ping the ineterface of the router that the switch is directly conneted to, which is 192.168.2.1


from host 192.168.10.2, I can ping


192.168.2.254, 192.168.2.x, exxept 192.168.2.1


It does not make sense to me but i could not figure out why?


Regards

Minh

mpyhala Mon, 02/24/2014 - 08:41
User Badges:
  • Gold, 750 points or more

Hi Minh,


Does host 192.168.10.2 have internet access?


Can it ping another host that is directly connected to the router?


- Marty

minh06_pham05_60 Mon, 02/24/2014 - 12:16
User Badges:

Hi Marty




192.168.10.2 

Does not have internet access, cannot ping yahoo,com

And Cannot not ping 192.168.2.1  (the 2nd Interface of my Pfsense Firewall router)



192.168.10.2 Can ping any host in VLAN1 including the IP interface


192.168.2.254

192.168.2.8


192.168.2.29



Anyhost in VLAN1 can ping 192.168.10.2



Best Regards

Minh

mpyhala Mon, 02/24/2014 - 13:51
User Badges:
  • Gold, 750 points or more

Minh,


Do you still have the route:


S   0.0.0.0/0 [1/1] via 192.168.2.1, 36:24:22, vlan 1


- Marty

Correct Answer
Tom Watts Mon, 02/24/2014 - 14:30
User Badges:
  • Green, 3000 points or more

Need to set default gateway on the switch at 192.168.2.1



-Tom
Please mark answered for helpful posts

minh06_pham05_60 Mon, 02/24/2014 - 18:21
User Badges:

Thanks Tom


Yes I did


I can ping 192.168.2.1 from a host in VLAN1.  And all hosts in VLAN1 can access internet as well



minh06_pham05_60 Sat, 03/01/2014 - 01:57
User Badges:

Hi Marty, Hi Tom


I run into the following situation:

1- When I add VLAN10 interface, the switch add automatically IPV4 Route and make it uneditable, with no next IP, and does not allow Internet access to VLAN10


2- When I delete VLAN Interface, the switch automatically change IPV4 toute to remotely connected to next hope IP 192.168.2.1, This would allow internet access to VLAN10


3- How can we add IP Route manually and able to set next hop IP to 192.168.1.1 which would allowed internet access to VLAN10


Please see screen shot below


Thanks Tom & Marty



snap001138.jpg

minh06_pham05_60 Mon, 02/24/2014 - 18:16
User Badges:

Marty


Yes. I still have it



SG300#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: > - best, C - connected, S - static



S   0.0.0.0/0 [1/1] via 192.168.2.1, 31:50:40, vlan 1

C   192.168.2.0/24 is directly connected, vlan 1

C   192.168.10.0/24 is directly connected, vlan 10



minh06_pham05_60 Sat, 03/01/2014 - 05:39
User Badges:

Hi Tom, Marty


I follow closely the guidance and still stuck at the single issue My VLAN10 still stuck inside and cannot see the internet


Here is the summray:


Port GE25 connects directly to 192.168.2.1. Trunk, untagged

VLAN1: Port 1-22   Access Mode, untagged

VLAN10 Port 23, 24  Acccess Mode, untagged


1- VLAN1 Can see VLAN10, vice versa (can ping each other).

2- VLAN1 Can see the internet.

3- VLAN10 Cannot see the internet.


It seems packet originates from VLAN10 destinated to 192.168.2.1 via VLAN1, cannot be forwarded. 


I wonder why?


Best Regards

Minh

minh06_pham05_60 Sat, 03/01/2014 - 06:21
User Badges:

Hi Marty


I have another question

How can this step be done on the router whaout creating a VLAN interface?


He already have 192.168.2.1 in the previous step. He is now creating 192.168.3.1. So there must be an Interface for this network. But this is his VLAN network 192.168.3.0 on the switch?


snap001150.jpg.

minh06_pham05_60 Sat, 03/01/2014 - 13:23
User Badges:

Hi Marty, Toms


Thanks! Thanks! Thanks! It works so I am happy.


Thank you for sending the link to the Guidance Document.


I finally makes it work with Pfsense firewall router. My VLAN10 can see the internet


The find out The term Multiple Subnet on One Pbysical Iterface on Pfsense means create a a Virtual IP alias


For those who has similar problem like mine, I attach here my entire LAB and a reference


Best Regards

Minh