Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No inter-VLAN routing on SG300-52

Hello,

I have a basic configuration on this SG300-52 :

  • L3 is enabled
  • Latest Firmware is installed (1.4.0.88)
  • VLAN1 IP is 10.0.0.1 /24
  • A PC is connected to switch port 1 (with IP 10.0.0.3)
  • VLAN99 IP is 192.168.0.2 /29
  • A router is connected to switch port 49 (with IP 192.168.0.1, and Internet access from the router is OK)
  • Default gateway on SG300-52 is 192.168.0.1

 

From the SG-300 :

  • I can ping default gateway (192.168.0.1) and any Internet address, using 192.168.0.2 as Source IP
  • I cannot ping default gateway (192.168.0.1) or any Internet address, using 10.0.0.1 as Source IP
  • I can ping my PC (10.0.0.3), using 10.0.0.1 as Source IP
  • I cannot ping my PC (10.0.0.3), using 192.168.0.2 as Source IP

 

There is no inter-VLAN routing, but I cannot find how to enable it...

 

The complete configuration is the following :

SG300-52#show run
config-file-header
SG300-52
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 99
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SG300-52
username cisco password encrypted c464af817287343305cbd6493c593885695df531 privilege 15
ip ssh server
snmp-server server
ip telnet server
!
interface vlan 1
 ip address 10.0.0.1 255.255.255.0
 no ip address dhcp
!
interface vlan 99
 name WAN
 ip address 192.168.0.2 255.255.255.248
!
interface gigabitethernet49
 switchport mode general
 switchport general allowed vlan add 99 untagged
 switchport general pvid 99
!
exit
ip default-gateway 192.168.0.1

 

Do you have any idea about the issue ?

Thanks in advance for your help.

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi Anthena1390 My email will

Hi Anthena1390

 

My email will be iarroyo@cisco.com. When you respond back to the email can you let me know what devices will be communicating on VLAN 99. Is there a major reason for SG300 to pass DHCP as suppose your router? Well i would like to attach some screenshots, they will show you how to properly configure a P2p link, assign DHCP pools, how to properly add default routes. Send an email and lets get your issue resolved.

16 REPLIES
New Member

Athena1390 My name is Ismael.

 

Let me know if you have further questions

New Member

Hello Ismael,Thanks for your

Hello Ismael,

Thanks for your answer.

VLAN 1 already has an IP ( ip address 10.0.0.1 255.255.255.0).
However, how can I create a default gateway for VLAN 1, as its interface (10.0.0.1) configured inside the SG300, and used as default gateway for network 10.0.0.0 ?

How could I define another gateway for this network ?

When trying to add 10.0.0.1 as gateway for it, I receive an error message "Gateway cannot be one of the addresses configured on this device".

New Member

 Hi Athena1390 If you have

 

Hi Athena1390

 

If you have assigned ip address for VLan 1 under Ip Configuration>>>Ipv4 Interface. Then its all set for an SVI and DG. Instead of using the SG300 ping tool. Can you ping from vlan1 and vlan 99 on 2 different PC'? 

 

New Member

Hi Ismael,Yes, 10.0.0.1 has

Hi Ismael,

Yes, 10.0.0.1 has been assigned to IPv4 Interface of VLAN1.

No, I cannot ping from one VLAN to the other.  Even the SG300 interface cannot be reached from the other VLAN (I cannot ping 10.0.0.1 from NW 192.168.0.0 and vice-versa).

New Member

I set the "Interface VLAN

I set the "Interface VLAN mode" of port 1 to "General"; and I'm now able to ping a switch port of a VLAN from another VLAN (I can ping 192.168.0.2 from PC 10.0.0.3).

But I'm still unable to ping default gateway 192.168.0.1 from PC 10.0.0.3

 

Any idea about the issue and a potential solution ?
 

New Member

Hi Anthena1390 Is the router

Hi Anthena1390

 

Is the router's gateway and SG300 on 192.168.0.1? If this is the case you will most definitely not be able to get those pings to communicate. Router would have to be on a P2P link with a /30 on its own DG. If you provide me an email i can send you several screenshots of how to get this to work. On interface 1 i believe if you have a pc on it, you would only need to set it as an access port. General port will not do any good as the pc will only understand untagged traffic.

New Member

Hi Ismael,Router's gateway is

Hi Ismael,

Router's gateway is on 192.168.0.1; and SG300 interface is on 192.168.0.2.

From the 192.168.0.2 inbterface of SG300, I can ping 192.168.0.1.   But from any other device on other VLAN, no (but they can ping 192.168.0.2).

Network 192.168.0.0 (between router and SG300) has a /27 mask.

OK, I will try to set port 1 as "Access".

Currently, the ports configuration are :

  • Port 1 : 1UP - general
  • Port 49 : 99UP - general

How can I send you a PM ?

New Member

Hi Anthena1390 My email will

Hi Anthena1390

 

My email will be iarroyo@cisco.com. When you respond back to the email can you let me know what devices will be communicating on VLAN 99. Is there a major reason for SG300 to pass DHCP as suppose your router? Well i would like to attach some screenshots, they will show you how to properly configure a P2p link, assign DHCP pools, how to properly add default routes. Send an email and lets get your issue resolved.

New Member

Hi Ismael,Thanks a lot four

Hi Ismael,

Thanks a lot four your help, it work much better now.
From every VLAN, I can now reachthe Internet.

However, I cannot ping from one VLAN to another.
I can ping every SG300 interface from every VLAN, but I cannot reach the PC installed in the VLAN itself (except for the WAN (default gateway) VLAN).

Therefore, routing via the default gateway works fine, but routing from 1 VLAN to another not.

How can this issue be solved ?

Thanks in advance for your help.

New Member

Ping from other VLAN were

Ping from other VLAN were blocked by local (PC) Firewall.

I allowed the PC to answer ICMPv4, and it works !!!

New Member

Hi,I have the same problem,

Hi,

I have the same problem, you can help me pubblishing the solution,  please.

thank you in advance.

 

New Member

Hi auhcec001, I followed the

Hi auhcec001,

 

I followed the step-by-step configuration example.

http://networklessons.com/switching/cisco-small-business-switch-vlan-configuration/

And, it works to provide Internet access for each VLAN.

However, the VLAN to VLAN routing remain a problem...

New Member

Hi Athena1390,thank you for

Hi Athena1390,

thank you for your reply.

I have no internet access in one vlan.

where can I find how to assign ip route ?

 

New Member

Try this :1) Connect 1 device

Try this :

1) Connect 1 device in this VLAN and check its IP and gateway (his VLAN interface IP)

2) Add a default-gateway in the IPv4 configuration menu of the SG300 :

  • Destination : 0.0.0.0
  • Mask : 0.0.0.0
  • Next hop : your router internal IP

 

Hope this help

New Member

I figured out the problem,

I figured out the problem, the unmanaged router.

SG300 doesn't have nat and so I can managed only one vlan with this router.

Thank for your support.

Hi Athena1390,Another

Hi Athena1390,

Another approach to such a design is, when the firewall does not support multiple VLANs or you would not like to forward all broadcast up to the firewall is simply to add:

1. static route on the firewall pointing out that 10.0.0.1 /24 is accessible via 192.168.0.2

2. ensure that your firewall would do NAT on the subnets which are not directly connected interfaces.

That should be the easiest solution.

Aleksandra

3569
Views
10
Helpful
16
Replies
CreatePlease login to create content