Hello Tom, thank you for your reply.

Multiple subnet option is enabled and configured on the RV016:

     172.16.1.1/24

     172.16.2.1/24

It is also configured on the sg 300-10 MP globaly and on each vlan interface.

DHCP relay is also configured on the RV016.

Indeed, Vlan 8 internet works but only if I set a static IP manually on the workstation otherwise no ip is received from DHCP server.

Vlan 1 and 2 clients dont receive any IP and of course no Internet connectivity even If I configure the adresses manualy.

Zoubeir.

Zoubeir,

Try adding a couple static routes on the router.

Subnet 172.16.1.0

255.255.255.0

172.16.0.254

hop count 1

172.16.2.0

255.255.255.0

172.16.0.254

hop count 1

Also check to see if the port on the switch is configured with 8u,1t,2t.

-Tom

I did what you asked me but unfortunately with no result.

Is It really true that the RV016 does not support the 802.1q protocol ? That'is why maybe it does'nt work, isn'it ?

Zoubeir

This is correct, it does not support 802.1q.

However, since the SX300 is L3, static route on the router can address the problem.

The issue you're experiencing is the concept, the default vlan, 8 can go to and from the router. The additional vlans 1 and 2, they will leave the switch but once they go to the router, the router has no path back to assign the traffic correctly. Therefore it simply drops.

-Tom

Yesss, I got it ! You are right Tom. Static route on the router can address the problem and indeed it does it. Each host now receives its ip address that correspond to the vlan it belongs to.

This is the change I did :

1. I unchecked the subnet option on the rv016 to remove the subnets and also the DHCP relay.
   
2. I removed the setting 1T 2T on the switch port to let only 8 UP
   

That's all !

However there is a problem : hosts don't have internet connectivity although they receive the dns ip address (the same that DC, DHCP server). I have internet connection on the server.

Maybe, what you have to know is the next hop after the rv016 is not the ISP router but an intermediate router and I can't directly connect the rv016 to the isp router due to the fact that it is located in a datacenter on another floor of the building.

So what do you think prevents internet connection on the hosts ?

Thank you for you advices,

Zoubeir

Zoubeir, the internet connection applies the same concept. Devices connecting on the switch send traffic, but when the router receives, it does not know how to send it back to the different LAN subnets. The static routes should address both issues

-Tom

The router is 192.168.2.254. My computer connects to fa2. My router can connect to any other port. I also tested behind the double nat but it gave me a nasty ping time.

Here is the working config.

On the switch the following config

set system mode router

reload

y

y

config t

vlan database

vlan 4

int vlan 4

ip address 192.168.4.1 /24

int vlan 1

ip address 192.168.2.1 /24

int fa2

switchport mode trunk

switchport trunk native vlan 4

-Tom

I think I have a bit similar configuration but unfortunately I didn't figure out yet the appropriate static route I have to add. Please see the graph below where I included all relevant informations regarding the network configuration. Can you please find out the mistake ?

So the objectif is to get internet connection for all hosts beloging to the vlans. Now I have only internet on the server and device that belong to the range 172.16.0.0/24.

I think we are so close to the goal.

Thanks again,

Zoubeir

Hello Tom,

This seems to be similar to a problem I have.  I have an ASA (192.168.1.1) and two SF300 switches - one switch

is 48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports 1-12 set for vlan20 (untagged and trunk), the remaining ports on on the default vlan 1.

We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the

24p switch) from a computer on the 192.168.1.xx network.  We have a static route set on the 24p switch (0.0.0.0 192.168.1.0).  We can ping from the ASA to either switch on any vlan.  we can ping form 24p vlan20 to the 19..168.1.xx.

We cannot access the internet form the .2 addresses.

There is a server set for DHCP on the network (192.168.1.5). We have a route statement on the ASA, "route inside 192.168.1.0 255.255.255.0 192.168.1.253.  We are missing something here.  Any ideas?

Thanks,

ERic

Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.

A couple things I notice in your description-

48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.

The connection between the switches, is it 1u, 2t?

The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.

We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch

The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.

We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 

Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.

-Tom
Please rate helpful posts

Hello Tom,

We are using GE3 for the port, it is set as 1U, 20T.  I will assume 20 is the vlan tag (??).  the vlan Id is 20.

Also the 24P switch is set as layer 3 mode. BUT the 48P switch is set for layer 2 mode.  Do we need to

set the 48P switch to layer 3??

Thanks for good help,

Eric

Eric, whatever switch is connecting to the ASA directly should be the layer 3 switch, any other downstream can be layer 2 or layer 3. Layer 2 will be better as it would provide faster throughput.

All ports internet connecting to the ASA and between switches should be defined as 1u, 20t.

-Tom
Please rate helpful posts

Hello Tom,

that answers my question.  I will set the switch, 48p is connected directly to the asa.

I will give it a shot.  Thank you and thank Cisco for this support