SG200-26P to 3560...

sammycbmi · ‎10-04-2013

OK I'll explain my setup

I've got a 3560 connected to an 1841 (router on a stick) but the trunk allows only VLANs 2-5. I didn't set it that way so I assume the previous owner did that for security reasons. Well some time ago we got an SG200-26P and we have PCs connected to it via the standard trunk ports. Additionally we have a dumb unmanaged switch connected to it via the standard trunk port. This dumb switch has Cisco IP phones running on VLAN 3, with PCs plugged into the phone. Therefore the SG200 sees the unmanaged switch in it's Smartport as "IP Phone and desktop" I have Auto Voice VLAN on the SG200-26P and it works good and tags VLAN 3 on the needed ports. I have the default VLAN for the SG200-26P at 1 still (same as 3560).

In this setup data will not pass to the router. Obviously because of the allowance of only VLANs 2-5 on the router on a stick trunk. Right now I got it working by connecting the SG200 to an Access port on the 3560 that has VLAN 2 with a Voice VLAN of 3 set up on it. However I don't think I should have to do this. It kills also I think any other VLAN I want to set up on the 3560 such as a management VLAN that is not on VLAN 2. To make this happen I want the SG200 to connect to a trunk not an access port.

Therefore is my solution to change the default VLAN on the SG200 to VLAN 2? Then all I would need to make sure is on the SG200 trunk port to have VLAN 2 and 3 tagged (they already are actually.)

Tom Watts · ‎10-04-2013

Sam, here's the best example I can provide to you-

https://supportforums.cisco.com/thread/2221832

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

sammycbmi · ‎10-04-2013

By the way. On the SG200 if you set a port to be an Access port is it like the 3560 in that you can also define a Voice Vlan?

sammycbmi · ‎10-04-2013

SG200 doesnt have Cisco talk like the SG300 I don't think.

Strange it appears to hint that the SG300 needs the native VLAN tagged since it doesn't get it untagged if it's the native one.

So therefore for me:

1. On the SG200. Set up a General without Ingress. I assume I need to explicitly tag these in the setup.

2. On the 3560 I possibly have to explicity include the native VLAN on the trunk in the allowed VLANs.

As far as the port on the SG200 that my unmanaged switch connects to do I need to set this up as a general port as well with a PVID of 2 since I need data to get to my 1841? Wouldn't I then have to do the same for every port on the SG200 that I want to get VLAN 2 traffic? The goal here is for the 3560 to see traffic as VLAN2.

Tom Watts · ‎10-06-2013

Hi Sam, if you set the port as an access port only 1 vlan will be an untagged member there. However, if you're using the auto voice vlan then the port should dynamically change because of the phone connection (if the macro isn't working correctly, you may need to modify that as well).

Explicitly tagging all the VLANs would be the "conventional" way. I say this loosely as I do feel a general port without ingress filtering (in my opinion) should behave the same as a Catalyst but the difference here is the ingress filter discards unspecified VLANs therefore a general port must be used to remove the ingress filtering.

On the 3560 you will likely need to include the native VLAN on the VLAN list as indicated on that post.

The unmanaged switch should be connect to a port such as VLAN 2 untagged if that is the traffic you'd like the unamange switch to ride with.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

sammycbmi · ‎10-09-2013

Go goal is to get to the router. Since the trunk from the 3560 to the router only carries VLAN 2-5 I need to either do what I'm doing now (connect to an VLAN 2 access port on the 3560) or have tagged VLAN 2 traffic coming into the 3560 on a trunk. I want to connect to the 3560 via a trunk. However that's not working. I've done some testing and so far nothing clean on what I'll need to do.

Changing the PVID on all ports or the default on the SG200 to be 2 instead of the default of 1 I would think should work. What my understanding is of a PVID is that it should get tagged. And that's my goal. To get all packets except Voice Vlan tagged with a VLAN 2.