Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Trying to make a VLAN on SG300-28

Hi, all.

I have SG300-28 switch with firmware updated to the last version The switch is in Layer2 mode.

Its first port (GE1) is connected to upstream IP gateway which requires VLAN tag (for example, 1002) to contact.

Its ports GE2..GE7 are connected to various boxes (Windows servers&storage) which need to access the gateway.
Gateway, boxes and switch management IPs are in the same subnet (e.g.,

I don't have a dedicated management port on the switch, I manage it from one of the server boxes in this subnet.

I mostly access it by HTTP, only for some special functionality - by SSH command line.

If I understand VLAN terms and Cisco docs correctly,

GE1 should be made 'tagged' VLAN member and its 'trunk' interface,

and GE2..GE7 - 'untagged' members and 'access' interfaces.

I have tried various combinations of VLAN setup but so far, without success.

So I have a number of questions to the supportive community.

1. I have SE2800 switch between SG300 and the gateway. Will it pass all VLAN-tagged packets through itself (including broadcasts) ? Will not it do any blocking of these ?

2. From what I see in the saved text config, management IP is assigned to default VLAN1. So it seems that I will lose management access when I put all ports GE1..GE7 to different VLAN (1002). Should I change the default VLAN to 1002 instead ?

3. Will I get any additional finctionality useful in my case from putting the switch into Layer3 mode ? (I am quite far away from the hardware so I have to ask other people to do physical actions on it; so losing management access to the switch is undesirable and I try to understand well all consequences of my actions before actually doing these).

4. How can I diagnose what VLAN-tagged packets actually come to the interface ? Will debug-level logging show their tags ? Will not it make much additional load to the system ? Are there any kind of VLAN tags 'snooping' other than CDP (because I don't find its information very useful, and on the gateway end, the hardware is Checkpoint UTM-1 Edge X, not Cisco) ?

Thank you in advance for your replies.

Everyone's tags (1)
CreatePlease to create content