Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to set simple vLAN on SFE2000 - I get illegale port

Hi Everyone,

I have a Cisco SFE2000 that has a web admin interface which I use to configure. This is the structure of my current network:


------------------------------------------------------                                                         ---------------------------------------------|------------------                    |

|           pfSense                              |____Lan-1_192.168.5.0/24__________|1  |2 |3  |4  |5 |6  |7  |8  |9  |10|11|12|G1|G2 |                      |

|   Multi-WAN and Multi-LAN Router  |                                                         |    Cisco SFE2000 - 24 port switch           |                     |   

|     Multiple DHCP Sever                  |____Lan-2_192.168.2.0/24__________|13|14|15|16|17|18|19|20|21|22|23|24|G3|G4 |                      |

------------------------------------------------------                                                        --------------------------------------------------------------                       |

                                                                                                                              |                                                                    |

                                                                                                                              |                                                                    |

                                                                                                                     ______NIC-1-eth0_________                                    |

                                                                                                                    |            Server                    |                                    |

                                                                                                                    |    Endpoint with two NICs    |__NIC-2-eth1__________|


So, as you can see above, I have two subnets coming from the same router which supports multiple DHCP server (I am not doing vLAN on the router). I want to divide ports 1-12 in vLAN ID 100 with subnet to feed all the 12 ports and ports 13-24 in vLAN ID 200 with subnet to all those ports.

Despite the trouble of making above diagram, I don't want you to think I am looking for something complex. Just basic simple vLAN and dividing the switch into two switches basically; Port 1-12 and 13-24.

I would also be happy if someone can suggest how I can include the G1, G2, G3, and G4 as part of the vLAN as well so that the whole top row of the ports on the Cisco switch can be dedicated to vLAN 100 and the bottom to vLAN 200.

Since I am not very verse with Cisco I use the Web Interface. I took the switch out of the box and set it to Standalone mode (from the previous stack mode) and connected my router to one of the G(x) ports but it did not work until I connected the router to one of the 1-24 ports. That is another issue I am facing.

My question:

What are the exact steps through the Web Admin Interface to make this division to work (the creation of vLAN)? I created vLAN in Properties > vLAN management but when I tried to add ports to it I got "illegale port mode...."

Unfortunately, the guides do not have a streamlined guide for this. Can someone please post how this is done?

I definitly prefer the Web Interface over the Console as this switch is co-located and it's hard to have physical access to it everytime a change is required. But web access is easily available.

***Bonus question: Currently I have setup the switch to pickup a static IP through one of the subnets. That is how I access the managed switch. Once vLAN is setup, how would I be able to get to the router Admin Interface?    



Re: How to set simple vLAN on SFE2000 - I get illegale port

Sounds to me that you would need to create the vlans/ go to vlan port mode and set the port your wanting to be setup for vlan 100 and go to vlan to port and make it an untagged member of vlan 100 and repeat the process for vlan 200.  This will segment the ports with vlans.  The gig ports are able to be used by default.  You might have to telnet into the switch and go to system mode and put it in standalone mode and not stacking mode.  This will enable all ports.

Re: How to set simple vLAN on SFE2000 - I get illegale port

Hi Bruce,

Just want to add a short  video i made for you,  that demonstrates what I believe you wanted.

I reset my SGE2000  to factory defaults to perform, the configuration.  Make sure you have at least version 3 of the firmware on your SFE2000.

At any time the recording can be paused so you can keep up with me .

I used a UC520 as my WAN router with a VLAN1 IP address=

I setup my SGE2000 so that it's VLAN1 was at IP address=

The link below is a recording lasting 11 minutes showing me configuring the SGE2000 almost from scratch.

It should be pretty much  identical to the configuration of the SFE2000.

There is no VLAN taggging involved in my configuration, all ports are in 'access' mode.  If you wish to understand those modes press the help key on the switch  when to get to the VLAN > interface tab.

Click on the link below to see the video. There is a little lag at the start of the recording , where my voice jumps ahead of my actions ..sorry

SFE/SGE VLAN   Friday, November 19, 2010 4:54 pm New York Time 11 Minutes

regards Dave

CreatePlease login to create content