cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2713
Views
15
Helpful
15
Replies

Unable to communicate between VLANs on SG300-10

terrywpaugh
Level 1
Level 1

Please take a look at my rough drawing of how I would like my network to work:

                        SG300-10
       __________________________________________
       | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
       |_|___|__________________________________|
         |   |_________________________________
         |_________________                   |
__________________  _______|_________  _______|_________
|-----VLAN 1-----|  |----VLAN 10----|  |----VLAN 20----|
|   Management   |  | 192.168.10.1  |  | 192.168.20.1  |
| 192.168.1.250  |  |               |  |               |
|________________|  |Internet Router|  |   Devices:    |
                    | 192.168.10.2  |  | Physical Box  |
                    |_______________|  | 192.168.20.2  |
                                       | Server 2008R2 |
                                       |DNS,DHCP,AD DC |
                                       |               |
                                       |Physical Boxes |
                                       | 192.168.20.x  |
                                       |W7 Workstations|
                                       |_______________|

I have set static IP addresses on the Server 2008R2 host and Internet Router.  I set up my VLANs, and I set each VLAN IP (as shown above), I set a 0.0.0.0 route to the Internet Router as well as x.x.x.0 routes for each VLAN IP range, and I set the gateway on all hosts on VLAN 20 to be 192.168.20.1. 

I am unable to get Internet access, ping the router or access the switch management web page from any host on VLAN 20 unless I manually set the IP on the host on VLAN 20 to the same IP range as the device I'm trying to access. As such:

If I manually set the host IP to 192.168.1.50, I can access the switch management, but then cannot RDP into or ping any of the hosts on VLAN 20 or ping the Internet Router on VLAN 10.

If I manually set the host IP to 192.168.10.50, I can ping the Internet Router but cannot RDP into or ping any device on VLAN 20, nor can I access the Switch Management page.

If I allow DHCP to set the IP to 192.168.20.5, I can RDP into and ping all devices on VLAN 20, but I cannot ping any devices on VLAN 10 or access the Switch Management on VLAN 1.

I know I'm missing something simple, and I've been working on this for about 30 hours now but cannot seem to get this to work. Could anyone possibly help?  Thanks in advance.

2 Accepted Solutions

Accepted Solutions

ghostinthenet
Level 7
Level 7

Just to be sure, is the SG300 in L3 switching mode or L2 switching mode?

View solution in original post

I'm just glad to hear it's all working for you. Thanks for the endorsement!

View solution in original post

15 Replies 15

ghostinthenet
Level 7
Level 7

Just to be sure, is the SG300 in L3 switching mode or L2 switching mode?

It is in L3 switching mode.

Can you post a copy of the configuration? Your setup sounds good, but I suspect there's something odd in the actual switch. Are you able to ping the switch's VLAN IPv4 address from each VLAN?

No. I can only access devices that are on the same VLAN.

Okay, let's have a look at the configuration and see if that shows anything strange.

I have attached the file. I have several other VLANs created for future use, but they aren't in use and no ports are assigned to them. Right now, I have only enabled the first two ports and assigned them to the VLANs mentioned in my original post as shown in the config file. Thank you so much for checking it out.

Okay, I think we've got it. Your interfaces are configured as trunks and are either (in the case of G1) tagging all packets or (in the case of G2) untagging only VLAN 1. PCs, unless specifically configured to do otherwise, send and received untagged, so they're either talking on the wrong VLAN or not at all.

interface gigabitethernet1
 switchport trunk allowed vlan add 20 
 switchport trunk native vlan 10 
 switchport default-vlan tagged 
!
interface gigabitethernet2
 switchport trunk allowed vlan add 10,20 

Let's try this:

interface gigabitethernet1
 switchport trunk allowed vlan remove all 
 no switchport trunk native vlan 
 no switchport default-vlan tagged
 switchport mode access
 switchport access vlan 10
!
interface gigabitethernet2
 switchport trunk allowed vlan remove all
 switchport mode access
 switchport access vlan 20

This will unconditionally put your interfaces G1 and G2 into VLAN 10 and VLAN 20 respectively.

How will hosts connected to GE2 (on VLAN 20) access the management interface on VLAN 1 (192.168.1.250)?

Ignore that last post, I figured that out and can now ping/RDP/access the management interface and the VLAN 20 hosts all from any host on VLAN 20. However, I cannot ping the Internet Gateway/Router on VLAN 10 (192.168.10.2).

Okay, does the router have a static route back to 192.168.20.0/24 via 192.168.10.1? Also, can you ping 192.168.10.1 from the 192.168.20.0/24 VLAN? Also, can the router ping 192.168.10.1?

Sorry for the delayed response, but I was not aware that additional routing information needed to be set on the router so once I found that setting (Linksys E2000 / Setup / Advanced Routing), I read the help page and, with the information you provided, am now able to access the Internet on my network! I used the following settings, and understand I'll need to do the same for any additional VLANs:

Destination LAN IP:  192.168.20.0
Subnet Mask:  255.255.255.0
Gateway:  192.168.10.1

However, I'm having one small problem; if I manually set a wireless host connected to the Linksys Internet Router to an IP within the router's VLAN (192.168.10.x, VLAN10) or a VLAN20 IP and manually set DNS to my Server 2008R2 host (VLAN20), everything works fine on the wireless host. However, if I set the IP to obtain automatically, it cannot find the DNS/DHCP server on VLAN20 and gets an IP of 169.254.36.125 and has no DNS or Gateway information available. I'm thinking this must be either an issue or setting on the router, and I've been poking around but can't find anything on it. I don't think it has anything to do with the Cisco switch. Any thoughts?

Actually, let me correct myself; I can only get access on a wireless host connected to the Internet router if I set a manual IP on VLAN10 (the same VLAN the router is on). If I do that, then everything works; DNS is done by the Win2K8R2 server on VLAN20, and I can ping everything and have Internet access.

However, if I set it to automatically obtain an IP and DNS/DHCP/Gateway information, it fails and gets a 169.254 address. If I manually set a VLAN20 IP (same as the DNS server) and DNS information, I cannot even access the router's config pages nor can I access the Internet or ping anywhere on the network.

Assuming your wireless is attached to your router, it's only going to work with VLAN 10 because that's the VLAN your router is on. If VLAN 20 is housing your DHCP server and DHCP isn't enabled on your router, that explains why you're getting 169.254.x's/16 (auto-configured address when there is no DHCP response) on your wireless. You can either enable DHCP on your router to handle VLAN 10 or relay it through the switch to your server.

If you decide to forward to the Windows server, you'll need to set up DHCP relay on the SG300. Once this is done, you'll need to add a DHCP scope for the VLAN 10 network on your server in order to handle the requests. That should clear up your DHCP assignments.

I actually figured it out on my own, and then refreshed this page to find your answer was exactly what I did. Everything is working great now. You are awesome.

I am going to click the Correct Answer link for each of your answers, hopefully that will help you out somehow. If there's something else I can do to bolster your reputation on this forum, please let me know and I will do it post haste!

Thanks again!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X