Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
3
Replies

SG300-10P problem getting all vlans to see the internet

network1235
Level 1
Level 1

‎02-13-2014 03:21 PM

Having a config problem that I've been chasing for a few days. 

I have a SG300-10P. 

System Information:

System Operational Mode:          L3 Mode

System Description:          SG300-10P 10-Port Gigabit PoE Managed Switch

Firmware Version (Active Image):          1.3.5.58


I have set up 3 vlans

vlan1 default has port GE1 untaged, all other ports excluded (can see the internet, via a direct connected comcast fiber modem)

vlan2 internal desktops, port GE1 tagged ports GE2-8 Untaged, GE9-10 excluded

vlan3 external facing IP address, GE1-8 excluded, GE9-10 untagged

VLAN 1          Static          50.204.xxx.xx           255.255.255.252          Valid

VLAN 2          Static          10.1.10.1           255.255.255.0          Valid

VLAN 3          Static          50.204.xxx.xx           255.255.255.224          Valid

(the x's are for this forum, they represent real numbers in my config but have been changed to protect the innocent)

Destination IP Prefix       Prefix Length               Route Type               Next Hop Router IP Address               Route Owner               Metric               Administrative Distance

0.0.0.0                                   0                        Default                         50.204.xxx.xx                         Default                         1                    1

10.1.10.0                               24                      Local                                                               Directly Connected

50.204.xxx.xx               30                     Local                                                                   Directly Connected

I have DHCP configured for the 10.1.10.x address on vlan2 and that work.  From vlan2 and 3 I can ping the Switch with the IP address of vlan1. 

I can see the switch externaly on it's IP address, but vlan2 and 3 can not see out. 

Am I missing a route, or can I not configure the switch this way? What did I mess up?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎02-15-2014 02:44 PM

Hello Shawn,

I am assuming 50.204.xxx.xxx subnet is assigned to your organization by the ISP. Have you made sure that your ISP has a static route that points the 50.204.xxx.xxx/27 to your VLAN 1 IP? Also, for 10.1.10.x network, do you have a router/firewall that performs NAT? Withoute NAT, the network cannot cross the border of your ISP.

Nagaraja

0 Helpful

network1235
Level 1
Level 1
In response to Nagaraja Thanthry

‎02-17-2014 10:11 AM

Hi Nagaraja,

Your reply got me thinking in the right direction.

I had my test computer on the 10.1.10.x VLAN2. Once I moved it to the 50.204.xxx.xxx VLAN3 I could see the external WAN/Internet.

I was assuming the SG300 supported NAT, I now see it doesn't support NAT and will order a router/firewall that does.

Thank you

Shawn

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to network1235

‎02-19-2014 09:41 AM

Hello Shawn,

Glad to know that you were able to find a fix. If your query is completely answered, can you please mark the thread as "Answered"?

Thanks,

Nagaraja

0 Helpful
Customers Also Viewed These Support Documents