Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2382
Views
0
Helpful
1
Replies

sa 540 + sg 200-26 intervlan routing

csalazarv
Level 1
Level 1

‎11-10-2011 04:18 PM

hello guys

I am trying to set up this thing, I managed to configure the intervlan routing and vlan tagging in the router itself (with its built in switch)

the next step was

1) created the same vlans with the same ids in the switch (Since it doesnt have VTP)

2) set up two ports in the switch , one for each vlan in in general mode and then one in trunk mode to a router port which is also in trunk mode(port 6 SW > port 1 of router) , both trunk ports are members of the vlans involved

3) at that point , I cant ping anything, say a host in a different vlan

I made some packet capture in the router and it seems the router sees the requests but not the replies , it seems as if it simply doesnt want to forward the reply for some reason

at a total lost at this point and its not encouraging that I see so many posts about bugs in the firmware

router and switch are both running the latest version

I am sure I am doing something totally basic......in a totally incorrect way

Please help

Thanks in advance

Labels:
Preview file
564 KB
Preview file
396 KB
0 Helpful
1 Reply 1

David Hornstein
Level 7
Level 7

‎11-12-2011 06:53 AM

Thank you for the excellent images.

Firstly make sure the switch is using the most curent firmware 1.1.1.8  and the SA540 is using the most current firmware 2.1.51

May pay you to read the release notes of caveats on upgrading the SA540.

http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/release/sa500_MR4_v2.1.51.pdf

I can see that the router SA540  has untagged VLAN 1 frames going out port 1 and tagged ethernet frames for the other VLANs being propogated out port 1.  SA540 looks like it is correctly setup, but the switch is not the way i would set it up.

If GE6 on the switch is the uplink port  to the SA540, try the following to get those VLANs propogated in and out of the switch.

Leave Switch port GE6 as the uplink ports to the SA540, if that is what you want.

If you do this tthen  connect only one CAT5e or CAT6 cable between GE6 of the switch to Port 1 of the SA540..

On the switch;

1. Set GE6 back to the VLAN Interface mode of trunk mode (default)

2. add the other  extra vlans 4,5,6,7 etc.. as tagged vlans onto GE6

Add other switch ports as untagged members of the vlans as required.

Now check connectivity.

( there is probably no reason to alter the default VLAN interface mode from trunk to any other mode)

let me know how it goes.

regards Dave

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents