cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2322
Views
0
Helpful
8
Replies

SG300 + SG500 = intervlan headache

Matt Sirotzki
Level 1
Level 1

Ok so I am pulling out my hair with this one and now it's time to ask the people with experience.  Basically I have a  sg500 stack running a router-on-a- stick setup.  I have run out of virtual ports on the sonicwall and am now trying to get internet to route between vlans by taking the sonicwall out of the equation.  I have had NO luck and can ner get any vlan other than 50 to see the internet.  So here it goes.

Main SG500

- Vlan 50 contains a direct trunk connection to the sonicwall on gi 13

- Vlan 50 contains a direct trunk connection to sg300 on gi 42

- 14-41 are in vlan 50 as access ports (internet is ok)

- Vlan 50 is set for ip address 192.168.50.1

- Sonicwall ip is 192.168.50.254

Remote SG300

-Vlan 51 is access ports 1-5 ip address 192.168.51.1

-Vlan 52 is access ports 6-9 ip address 192.168.52.1

-Vlan 53 is access ports 10-11 ip address 192.168.53.1

-Vlan 50 is trunk port 20 ip address 192.168.50.2

-dhcp is setup on each interface as well

I am not even sure this is possible but I need to somehow route the 192.168.51.1 to 192.168.50.254 so it can get online.  However no matter what I try in the routing table I constantly get stuck behind the vlan gateway.  So if im on 192.168.52.10 and I trace route out to 192.168.50.1 or 192.168.50.2 or 192.168.50.254 it ALWAYS stops at 192.168.52.1.  Any idea's?  Suggestions?  I'm about ready to give it up and just throw them all together.  I have spent far to long on this already.

Just to give you an idea what this is for, there are 3 rental offices that all three need internet but should not be able to talk to eachother.  Private ports would work but these offices have multiple ethernet ports and if they plug in a printer and PC they won't be able to talk.  Any idea's would be greatly appreciated

1 Accepted Solution

Accepted Solutions

Tom Watts
VIP Alumni
VIP Alumni

Hi Matt, sounds like you're missing a route on the sonicwall to point back to the switch gateway.

If one vlan works and the rest do not, it is because the sonicwall either doesn't support/configure for the vlans or doesnt have a route table for the subnets.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

8 Replies 8

Tom Watts
VIP Alumni
VIP Alumni

Hi Matt, sounds like you're missing a route on the sonicwall to point back to the switch gateway.

If one vlan works and the rest do not, it is because the sonicwall either doesn't support/configure for the vlans or doesnt have a route table for the subnets.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

I was thinking along those lines but I still can't get out of my vlan...stuck at the gateway.  I should at least be able to get over to the main vlan 50.  Right? 

No, because your source ip doesnt change from the host.

Read this post for an illustration

https://supportforums.cisco.com/thread/2123434

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

I will take a look at this tomorrow.  I'll keep you informed.  This has seriously been driving me nuts.  I even contacted...tech support and their answer was that there weren't anymore sub interfaces availiable so it can't be done. 

OK so I checked the router and added ip 192.168.51.0 to the routing table.  I still have no connection to it or the other switch as a whole.  I can ping the sg300 gateway 192.168.50.3 but can't make the jump over to the sg500. (192.168.50.1)  I believe that is the key im looking for.  Routing table wise I have

SG300

0.0.0.0 /0 192.168.50.254

SG500

192.168.51.0 /24 192.168.50.254

Hi Matt, if you're trying to go to a second layer 3 switch you can simply use a trunk and the vlan tags.

Better yet, give me a network diagram with IP addresses and vlan assignments.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

I will try to whip something up for you shortly.  I thought the tagging would work as well but I seem to have hit another brick wall.  I will draw something up later but basically it's

SG500

gi13-42 Vlan 50 ip 192.168.50.1

gi13 trunk 50U 51T 52T 53T to Sonicwall 192.168.50.254

gi42 trunk 50U 51T 52T 53T to SG300

SG500

gi1-5 access Vlan 51 ip 192.168.51.1

gi6-8 access Vlan 52 ip 192.168.52.1

gi9-11 access Vlan 53 ip 192.168.53.1

gi20 Trunk Vlan 50 ip 192.168.50.3  50U 51T 52T 53T

Looking at this I am thinking haveing vlan 50 on two different ip's may cause some confusion.  Either way i'm sure I tried without with no luck

I know this is old, but just in case anyone else runs into this.  I would have gotten rid of your VLAN 50 and setup a port on the swith as a L3 interface and assigned 192.168.50.1 to it.  Then assign 192.168.1.254 as an IP on the SonicWall and just did static routes between the two, I don't think the SMB switches support a dynamic routing protocol, thus the static routes.  The VLAN 50 is what is probably messing it up like you said.  These SMB switches are a headache, its like inventing the lightbulb (finding out 100 ways it won't work, until you get it to work).  Sometimes you wish you had the extra $$ to afford an IOS based box and just did it through CLI.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X