SG300 Layer3 routing

johnc1882 · ‎07-11-2012

Hi

i am trying to get a SG300 work as a router between VLAN's

So fare without any lock :-(

Test setup one SG300 switch and 2 PC's

Ping works from host to VLAN IP's, but not from host A to host B

Anyone got a idear on where i got it wrong

Best

Johnc1882

Here is the host configuration

Host A (VLAN 2)

Host B (VLAN 3)

IP 192.168.2.22

IP 192.168.3.23

GW 192.168.2.1

GW 192.168.3.1

Here is the switch configuration

SG300 with FW 1.1.2.0 configuration i L3 mode

set system mode router

conf
ip routing (needed on SG300??? - ti is on a 3560 i PacketTracer)

vlan database
vlan 5
vlan 6
vlan 7

int vlan 2
ip add 192.168.2.1 255.255.255.0
int vlan 3
ip add 192.168.3.1 255.255.255.0
int vlan 4
ip add 192.168.4.1 255.255.255.0
int vlan 5
ip add 192.168.5.1 255.255.255.0

int gi2
sw mode acc
sw acc vlan 2
int gi3
sw mode acc
sw acc vlan 3
int gi4
sw mode acc
sw acc vlan 4
int gi5
sw mode acc
sw acc vlan 5

show run config

sw1(config-if)#do show run
vlan database
vlan 2-5
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 2
ip address 192.168.2.1 255.255.255.0
exit
interface vlan 3
ip address 192.168.3.1 255.255.255.0
exit
interface vlan 4
ip address 192.168.4.1 255.255.255.0
exit
interface vlan 5
ip address 192.168.5.1 255.255.255.0
exit
bonjour interface range vlan 1
hostname sw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
no passwords complexity enable
username cisco password encrypted 8dfacb74fce42073f4ac06735d4493f0f928bfd0 privilege 15
no snmp-server server
ip http timeout-policy 1800
interface gigabitethernet2
switchport mode access
switchport access vlan 2
exit
interface gigabitethernet3
switchport mode access
switchport access vlan 3
exit
interface gigabitethernet4
switchport mode access
switchport access vlan 4
exit
interface gigabitethernet5
switchport mode access
switchport access vlan 5
exit
sw1(config-if)#

sw1#show vlan

Vlan Name Ports Type Authorization

---- -

-

1           1              gi1,gi8-28,Po1-8         Default      Required
2           2                     gi2              permanent     Required
3           3                     gi3              permanent     Required
4           4                     gi4              permanent     Required
5           5                     gi5              permanent     Required

Anyone got a idear on where i got it wrong

Johnc1882

Tom Watts · ‎07-11-2012

Hi Johnc1882,

Your configuration looks pretty basic. The first test I ask, are you able to ping the work stations from the switch via CLI?

If you do a show ip route, are the routes dynamically populated?

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

johnc1882 · ‎07-12-2012

Hi Thomas

Thanks for your respond

Both GUI and CLI are able to ping the PC's and the NAS connected.

Here is show vlan, route and pings.

Just added an extra port to vlan 2,3 and 4. not that it made any changes.

Best

Johnc

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.12 21:27:06 =~=~=~=~=~=~=~=~=~=~=~=

sw1#show vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
1           1          gi1,gi5-11,gi15-28,Po1-8     Default      Required
2           2                  gi2,gi12            permanent     Required
3           3                  gi3,gi13            permanent     Required
4           4                  gi4,gi14            permanent     Required

sw1# ip route

Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled

Codes: C - connected, S - static, D - DHCP

C 192.168.2.0/24     is directly connected                        vlan 2
C 192.168.3.0/24     is directly connected                        vlan 3
C 192.168.4.0/24     is directly connected                        vlan 4

sw1#ping 192.168.3.23

Pinging 192.168.3.23 with 18 bytes of data:

18 bytes from 192.168.3.23: icmp_seq=1. time=0 ms
18 bytes from 192.168.3.23: icmp_seq=2. time=0 ms
18 bytes from 192.168.3.23: icmp_seq=3. time=0 ms
18 bytes from 192.168.3.23: icmp_seq=4. time=0 ms

----192.168.3.23 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

sw1# ping 192.168.4.24

Pinging 192.168.4.24 with 18 bytes of data:

18 bytes from 192.168.4.24: icmp_seq=1. time=0 ms
18 bytes from 192.168.4.24: icmp_seq=2. time=0 ms
18 bytes from 192.168.4.24: icmp_seq=3. time=120 ms
18 bytes from 192.168.4.24: icmp_seq=4. time=0 ms

----192.168.4.24 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/30/120

sw1#exit

Tom Watts · ‎07-12-2012

Hello John,

Everything looks fine. I would venture to say a gateway setting or something to this effect is incorrect.

If you set up a very basic switch lab:

config t

vlan database

vlan 2

int vlan 2

ip address 192.168.2.1 /24

int vlan 1

ip address 192.168.1.254 / 24

int gi2

switchport mode access

switchport access vlan 2

Host A connect to gi1 : 192.168.1.100 / 24, GW 192.168.1.254

Host B connect to gi2 : 192.168.2.100 / 24, GW 192.168.2.1

This will work without any issue. Note, I did not change my vlan 1 port to access, however I don't think this makes any difference so on this example the gi2 was access and gi1 is a trunk.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

David Hornstein · ‎07-12-2012

Hi JohnC1882

Just to add to Thomas Watts question;

Here is my configuration , with some extraneous config taken from the show run;

SG300-10P#sh run

vlan database

vlan 2-3,100

exit

hostname SG300-10P

no passwords complexity enable

ip domain name nc.rr.com

ip name-server 209.18.47.61 209.18.47.62

ip telnet server

!

interface vlan 1

ip address 192.168.10.30 255.255.255.0

no ip address dhcp

!

interface vlan 2

ip address 1.1.1.1 255.255.255.0

!

interface vlan 3

ip address 2.2.2.1 255.255.255.0

!

interface gigabitethernet7

switchport trunk native vlan 2

!

interface gigabitethernet8

switchport trunk native vlan 3

ip route 0.0.0.0 0.0.0.0 192.168.10.1

SG300-10P#

Your configuration looks absolutely good, the differences between your config and mine is, that I left the switch ports in trunk mode rarther than change, as you did the switch ports to access mode.

That absolutely fine.

What I drew from Thomas' question was, that when I were to plug a PC into your switches port 2 or 3 in the case of your configuration, an interface route is created than then allows Layer 3 switching to occur between that VLAN.

In your configuration, when nothing is plugged into switchports 2 for example, you will not be able to ping 192.168.2.22 from a device connected onto VLAN3. When you plug a PC into switch port 2, within a few seconds you will able to ping 192.168.2.22 from a PC plugged into VLAN3.

The reason being, when you make VLAN2 active, by plugging a host into one of it's switch ports, a interface route is created that then allows that network to be reached.

regards Dave

johnc1882 · ‎07-13-2012

Hi David & Thomas

Problem solved.

I used David configuration, with some small adjustments. Again it did not work.

Then it was time to bring in a new PC and check my settings on the NAS.

I was sure that the error was in the switch configuration because ping worked from the switch CLI.

But the gateway setting on the NAS was missing and the firewall on the PC had some issues, here an other PC helped.

So thankes for your help

Best

Johnc

vlan database
vlan 2-5
exit

conf
hostname sw1

interface vlan 1
ip address 192.168.1.254 255.255.255.0
no ip address dhcp

interface vlan 2
ip address 192.168.2.1 255.255.255.0

interface vlan 3
ip address 192.168.3.1 255.255.255.0

interface vlan 4
ip address 192.168.4.1 255.255.255.0

interface vlan 5
ip address 192.168.5.1 255.255.255.0

interface gigabitethernet2
switchport trunk native vlan 2

interface gigabitethernet3
switchport trunk native vlan 3

interface gigabitethernet4
switchport trunk native vlan 4

interface gigabitethernet5
switchport trunk native vlan 5

ip route 0.0.0.0 0.0.0.0 192.168.1.1

SG300 Layer3 routing

Cisco Business Product Family

Cisco Switching Product Family