I have SG300-28 switch with firmware updated to the last version 188.8.131.52. The switch is in Layer2 mode.
Its first port (GE1) is connected to upstream IP gateway which requires VLAN tag (for example, 1002) to contact.
Its ports GE2..GE7 are connected to various boxes (Windows servers&storage) which need to access the gateway. Gateway, boxes and switch management IPs are in the same subnet (e.g., 10.0.2.0/24).
I don't have a dedicated management port on the switch, I manage it from one of the server boxes in this subnet.
I mostly access it by HTTP, only for some special functionality - by SSH command line.
If I understand VLAN terms and Cisco docs correctly,
GE1 should be made 'tagged' VLAN member and its 'trunk' interface,
and GE2..GE7 - 'untagged' members and 'access' interfaces.
I have tried various combinations of VLAN setup but so far, without success.
So I have a number of questions to the supportive community.
1. I have SE2800 switch between SG300 and the gateway. Will it pass all VLAN-tagged packets through itself (including broadcasts) ? Will not it do any blocking of these ?
2. From what I see in the saved text config, management IP is assigned to default VLAN1. So it seems that I will lose management access when I put all ports GE1..GE7 to different VLAN (1002). Should I change the default VLAN to 1002 instead ?
3. Will I get any additional finctionality useful in my case from putting the switch into Layer3 mode ? (I am quite far away from the hardware so I have to ask other people to do physical actions on it; so losing management access to the switch is undesirable and I try to understand well all consequences of my actions before actually doing these).
4. How can I diagnose what VLAN-tagged packets actually come to the interface ? Will debug-level logging show their tags ? Will not it make much additional load to the system ? Are there any kind of VLAN tags 'snooping' other than CDP (because I don't find its information very useful, and on the gateway end, the hardware is Checkpoint UTM-1 Edge X, not Cisco) ?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...