SG-300-28P VLANs and Routing

I want to have multiple VLANs share an internet connection. Can this be done with an SG-300-28P in Layer 3 mode, directly connected to a cable modem, with no additional router?
Does anyone have a simple example of this? CLI or web interface is fine.
Thanks,
-Phil

Just out of curiousity, is this possible?
I have currently set my SG300 up in L2 mode with a pfsense firewall as "router on a stick". I have also tried using SG300 in L3 where all inter-vlan routing was done on Switch, but I found the ACLs rather limited compared to real firewall.

Similar Messages

How to setup vlans and routing between them

Hey guys
I am onboard a vessel where I have a Cisco 1921 router with intergrated 8-port dwitch. I have no experince what so ever with Cisco, onlye knowledge about netwrok in general.
What I need to do is to create 3 VLANs wit different networks and thier own gateways internally( no external routers, no external switches), and I want client in all networks to be able to communicate qith each other:
Vlan 2:
192.168.0.0
Default Gateway: 192.168.0.1
Network Mask: 255.255.255.0
Vlan 3:
192.168.1.0
Default Gateway: 192.168.1.1
Network Mask: 255.255.255.0
Vlan 4:
192.168.2.0
Default Gateway: 192.168.2.1
Network Mask: 255.255.255.0
As mentioned abode, I need clients from each VLAN to be able to communicate with each other. Se drawing

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
It might be as simple as defining VLAN interfaces for your 3 VLANs, and they assigning the ports to one of the 3 VLANs.

Cisco switch 300 configure vlan and ports

Hi i need help
i cant see the vlan on port vlan membership
i did create the vlan and i did configure the port the access
but when i try to port vlan membership to tell which port to wich vlan i cant see the vlan i have created in the list
thanks to help

Hi,
This forum is focusing on the issues related Windows Server.
To get better help, please post your question on the forum of cisco.
Here is the address,
https://supportforums.cisco.com/
Best Regards.
Steven Lee
TechNet Community Support

802.1x Guest Vlan and Routed access layer design

Hi!
For many reasons, I have to re-design my campus network in a more ISP like way. The plan is to move to a routed access layer in the next two years. I have 802.1x with guest vlan on my access ports(3750). I was reading on the subject and I found that the guest vlan feature was not availeble with internal vlan(routed port).
Is this limitation realy there, is there a way I can get around it without complicating my design even more. Do cisco have plan to lift this???

You cannot use/configure 802.1X on a routed port today. Typically, 802.1X is to be used for LAN edge ports.
The Guest-VLAN should work with a routed access design though. If your Guest-VLAN is chosen to be separate from say otherwise statically configured access VLANs, you would need to configure it via separate SVI with corresponding IP info (in a routed access model).
Hope this helps,

SG 300-28p vlan configuration

Hello,
I have been trying to setup vlans on a SG300-28p but they are not working.
This is my setup:
I want Switch1 to have ports 1-10 to access the DMZ, and 11-24 the LAN.
Then i wan to add switch2-4 to extend the access to LAN.
Is this possible?
i tested with cisco 2960 switches by just telling what ports whould have access to
DMZ and LAN but the small business switches are different..
I really appreciate the help!

Hi Francisco, assuming the 2960 worked and there was no configuration difference then the problem would be that you did not add the vlans to the trunk. On a Catalyst you do not configure the vlans on a trunk since all vlans pass. On the SB switches you have to configure the vlans on the trunk otherwise only the native/default vlan works.
-Tom
Please mark answered for helpful posts

Need basic Help - SG300 with vlan and routing

Hi,
i need some basic help with configuring vlan/routing.
Situation:
DSL Router - Cisco 300 - XenServer
192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
goal is, to reach from inside xenserver vms the internet.
vms = 192.168.2.x
gateway ip = 192.168.2.1
what i did:
- configured vlan 102, tagged, with the xenserver port
- configured on xenserver a network with vlan id 102, attached to the vm
- this network is conntected to an external bond
- configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
- automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
any ideas what i misconfigured or whats wrong?
cheers,
-Marco

Hi Tom,
ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
But i cant ping external adresses, error: Destination net unreachable.
My other problem i have, i cant reach any server from outside over router portforwarding.
How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
IPv4 Interface Table
Interface
IP Address Type
IP Address
Mask
Status
VLAN 1
Static
192.168.1.19
255.255.255.0
Valid
Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
when switching to layer 3 mode), but ive to look for the ios commands first.
What else do i missing ?
Thanks a lot,
Marcus

Cisco SG 300-10 VLAN and IP Interface Question

Hello,
Please forgive me if you find my question too basic. But, I would really appreciate an answer as I am having a heck of a time getting the VLANs to work. I have several VLANs configured as follows, but, my question is related only two VLANS: VLAN 104 and VLAN 2000. Followings are the screenshots. I have connected cable from Port 6 of the switch to the NIC2 of Windows 8.1 PC. When I use GE6 as access port for VLAN 104, I am able to ping to the NIC2 configured with static IP 10.10.30.30. However, when use GE as Trunk Port for VLAN 104 and 2000, I am not able to ping the NIC2 configured with static IP 10.10.30.30 or static IP 10.10.110.30. I am using the ping utility from the GUI.
If there is a better way to test the trunk port, please let me know.
At this point, I am assuming that something is wrong with my configuration as the NIC2 is unable to receive IP address.
The other assumption is that NICs with Windows 8.1 OS does not accept Traffic from Tagged VLANS.
VLAN TableShowing 1-11 of 1110203050per page
VLAN ID
VLAN Name
Originators
VLAN Interface State
Link Status
SNMP Traps
1
Default
Enabled
Enabled
100
Management A
Static
Disabled
Enabled
101
Management B
Static
Disabled
Enabled
102
VXLAN A
Static
Disabled
Enabled
103
VXLAN B
Static
Disabled
Enabled
104
vMotion
Static
Enabled
Enabled
105
IP Storage
Static
Disabled
Enabled
106
HQ Uplink
Static
Disabled
Enabled
107
HQ Access
Static
Disabled
Enabled
1000
Test VLAN
Static
Disabled
Enabled
2000
Test2 VLAN
Static
Enabled
Enabled
Port VLAN Membership Table
Filter:
Interface Type
equals to
PortLAG
Go
Interface
Mode
Administrative VLANs
Operational VLANs
LAG
GE1
Trunk
1UP
1UP
GE2
Trunk
1UP
1UP
GE3
Trunk
1UP
1UP
GE4
Trunk
1UP
1UP
GE5
Trunk
1UP
1UP
GE6
Trunk
1UP, 104T, 2000T
1UP, 104T, 2000T
GE7
Trunk
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
GE8
Trunk
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
GE9
Trunk
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
GE10
Trunk
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
IPv4 Interface TableShowing 1-11 of 1110203050per page
Interface
IP Address Type
IP Address
Mask
Status
VLAN 105
Static
10.10.20.1
255.255.255.0
Valid
VLAN 104
Static
10.10.30.1
255.255.255.0
Valid
VLAN 2000
Static
10.10.110.1
255.255.255.0
Valid
VLAN 1
Static
192.168.0.39
255.255.255.0
Valid
VLAN 1000
Static
192.168.1.1
255.255.255.0
Valid
VLAN 106
Static
192.168.100.1
255.255.255.0
Valid
VLAN 100
Static
192.168.110.1
255.255.255.0
Valid
VLAN 107
Static
192.168.130.1
255.255.255.0
Valid
VLAN 102
Static
192.168.150.1
255.255.255.0
Valid
VLAN 101
Static
192.168.210.1
255.255.255.0
Valid
VLAN 103
Static
192.168.250.1
255.255.255.0
Valid
Ping
Host Definition:
By IP address
By name
IP Version:
Version 6
Version 4
<tr id="trSourceIP" display:none"="">
Source IP:
Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)Autofe80::5267:aeff:fe3d:83b3(VLAN1)Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)fe80::5267:aeff:fe3d:83b3(VLAN1)
Destination IPv6 Address Type:
Link Local
Global
Link Local Interface:
VLAN 1
Destination IP Address/Name:
Ping Interval:
Use Default
User Defined
ms (Range: 0 - 65535, Default: 2000)
Number of Pings:
Use Default
User Defined
(Range: 1 - 65535, Default: 4)
Status:

Tom and Michal, your response is much appreciated. You are 100% right. The issue was with the Windows recognizing the VLAN tags. I have tested trunking by using the vmxnet3 driver from VMware and it works.
I had another question where I can use your help too. I am not sure how to connect two Cisco SG300 switches - one with L3 mode and the second one with L2 mode. I have configured GVRP for Port 5 of both switches and run a cable connecting to Port 5 of each switch. I have made port 5 of both switches trunk mode ( 1U, 1000T). I have created VLAN 1000 on both switches. With L3 switch, I have added IP Interface (192.168.100.1) to VLAN 1000. My issues is that, I am not able to access the management port (192.168.1.238) of the L2 switch. Note that the L2 switch has only on uplink, which is to the L3 switch. Since the Port 5 also receives untagged traffic from VLAN1 (192.168.1.1), I am assuming that it would receive the management network from VLAN1.

Setting Up VLAN and QoS for VOIP on SG200-18

We recently purchased the SG200-18 smart switch to replace a Netgear unmanaged switch. We're moving our phone service to VOIP through our local ISP as well.
I've currently got the VOIP phone plugged into Port 17 on the SG200-18 (it's a Grandstream cordless VOIP phone).
I want to put the VOIP phone on a separate VLAN from the rest of the network and optimize the QoS settings so that the VOIP phone has exceptional audio quality even during intense network traffic.
Here's my questions:
1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
A couple of additional questions about the GS200-18 in general:
1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
Also, a couple of "getting started" side questions to Cisco:
1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
Here's my "specs":
Switch: SG200-18
VOIP phone: Grandstream DP715 and 710 expandable handsets
Plugged into: Port 17 on the SG200-18
ISP: Local ISP (Direclynx)
Connection type: 3M down/500k up DSL, moving to a wireless connection coming up which will give us faster speeds
VOIP backend provider: VOIP Innovations
Router: Apple Airport Extreme AC model (I run all Macs and iOS devices and OS X Server on the network, so using the Apple router makes setup easier, since it doesn't QoS, trying to QoS and VLAN at the switch level)
Thanks everyone!

Hello,
Lots of different questions here so I'll try to make sure I don't miss anything.
1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
The way the combo ports work is you can either use the SFP slot for a fiber connection or the copper ethernet port, but not both at the same time. Other then that they just function as normal network ports.
2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
It sounds like you created the VLAN correctly and assigned the phone, however there wasn't anything doing any routing for that VLAN. You would need to have a VLAN capable router or a layer 3 switch so that something would act as the default gateway for the voice VLAN and route the traffic for you. Since there was nothing like this your phone lost it's connectivity to the internet when you placed it in the new VLAN. I don't think the Airport is VLAN capable, but we will come back to that.
3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
Once you have a seperate VLAN setup for the phone properly you only have to tell the switch what your Auto Voice VLAN is going to be and it will automatically apply recommended QoS settings for the Voice VLAN and prioritize the voice traffic. There are ways to do this manually and even with the phone in the same VLAN however the are considerably more complicated.
1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
The system time isn't always very important. You can set the correct time zone, however you should know the switch does not have a battery in it to keep track of time, so if/when it reboots or loses power the clock will reset. If you would like the switch to maintain accurate time you should setup an NTP server so the time is automatically updated from the internet. The switch will keep your timezone settings once you save them. Time is mostly important for logging and things like that, so you can configure it if you like but it is not necessary.
2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
Green ethernet simply reduces the power usage of the switch slightly, so unless you are having odd issues where ports are disconnecting, I would just leave them at the defaults.
1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
There isn't really a way to associate your Small Business devices with your Cisco account. If you ever call in for technical support we will use your Cisco account and your serial number to create a support case, but even then they aren't linked together. If you decide to buy a support contract, that will be linked to your switch's S/N and your Cisco ID, so in a way that would associate them together. Devices being associated with Cisco accounts is something more common with Enterprise equipment, and mainly has to do with technical support cases.
2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
There are a few advantages to a Support Contact. Your switch comes with a Limited Lifetime warranty that includes 1 year of technical support and return to factory hardware. With a service contract you get 3 years of technical support and next business day Advanced Replacement of the switch if it need to be replaced. I just did a quick google search, and it looks like a contract (part #CON-SBS-SVC2) costs about $50.
So there are a few other things to consider however.
As a frame of reference the average VOIP call uses about 64 - 128 kbps max.
Since you don't have a VLAN capable router or a layer 3 switch, a separate voice VLAN may not be an option. You also mention that the Apple Airport does not do QoS, meaning we will only be prioritizing the voice traffic while it is on the switch. When it is passed off to the Airport to be routed out to the internet all of the QoS settings will be lost, and normal network traffic will get the same priority as voice, since that is all up to the Airport.
With one phone the hassle of getting more equipment and setting up advanced QoS isn't really worth it, especially if the link to the internet isn't going to be participating in QoS.
One last thing I wanted to mention is you are switching to a wireless internet connection. I would ask them how their latency and jitter is, as these two network statistics greatly effect voice quality, and usually wireless performs worse when it comes to voice traffic.
I hope this information helps, if you have any more questions just let me know.
Thank you for choosing Cisco,
Christopher Ebert - Network Support Engineer
Cisco Small Business Support Center

Dot1Q tunneling and routing

I am in the process of designing a dot1q-tunnel-based service backbone. Basically client switches will uplink with tunnelled ports on the provider backbone.
Cl-SW1 |----|P-SW1|----|P-SW2|-----|Cl-SW2|
Assume that the CL-SW1 is at the headquarters of the client and some traffic from the client should be sent off-premisess (Internet for example) using the same link (Gig Ethernet).
What are my options?
P-SW1 and P-SW2 will not be able to see layer 3 information from the client switches since traffic is layer2-tunnelled. How can I route traffic off the backbone?
I thought about trunking a single port on P-SW1 and connecting it to a router. On the router sub-interfaces will do the job. But the problem is that trunked traffic will reach the router encapsulated with dot1q tunneling? Does a 7600 series router do the job, since it understands tunneling?
Any ideas will be appreciated.

It depends upon which switch you are using , If you are using a L3 capable switch , routing can be done on the switch it self , or if its a pure L2 switch you may have to create VLANs and route using sub-interfaces in the routers.Use these links for more details.
http://cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf50.html#1008908
http://cisco.com/en/US/products/hw/routers/ps368/products_configuration_guide_chapter09186a0080161137.html

RVS4000 Multiple VLANs Not Routing

I have a couple RVS4000's and I use one of them as a router on a stick with two VLANs in it.
Two VLANs works fine.
However, when I add another VLAN, it will not route it.
I looked in the routing table and it doesn't show any routes for the new VLAN.
I can see the routes for the other two VLANs but my third VLAN is nonexistent.
The most I can get it to do is ping the routers VLAN IP interface.
I can't access the switches' interface on that VLAN or anything else on the new VLAN.
Is this a known problem?
Does this thing only route two VLANs?

Thanks for the quick reply...
Here is what I'm working with now (currently works):
Cable Modem 1 ---> RVS4000 (Master) ---> Swtich (L3)
Cable Modem 2 ---> RVS4000 (No VLANs) ----> Switch (L3)
The Master RVS4000 routes all the VLANs (Trunk) and NAT/PAT Internet for the servers.
The Other RVS4000 is just running the default VLAN and routes NAT/PAT Internet for the clients.
The L3 switch is an SGE2010P and I distrubte the VLANs through this switch.
I also have a WAP4410N that is trunked to the Client VLAN right now.
IP Addressing:
RVS4000 (Master): 10.1.0.1/24 (VLAN 1)
10.100.0.2/24 (VLAN 100)
RVS4000 (Clients): 10.100.0.1/24 (VLAN 1 - Router is not aware of the VLANs)
Switch: 10.1.0.254 (VLAN 1)
10.100.0.254 (VLAN 100)
The problem is when I make another VLAN:
RVS4000 (Master): 10.110.0.2 (VLAN 110)
Switch: 10.110.0.254 (VLAN 110)
I am unable to communicate with the new network.
Nothing shows up in the RVS40000 (Master)'s routing table for the new network.

SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
-          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
-          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
-          I created two vlans, in switch, Data and Voice.
-          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
-          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
-          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
-          Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
-          Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
-          Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
            - enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server

Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper

Hope that somebody can help me with the setup in the screenshot.
Planning to use Auto-Voice VLAN and Smartports to configure VOIP
LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right?
Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
Normal data should pass the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
Still confused on how to set it up, hope that someone can point me in the right direction

If you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS.

Help config vlan and inter routing vlan on 2 switches SF300-24 ???

Dear Cisco!
now we have 2 switches: SF300-24
on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
VLAN ID 2 (ports: 2 -6) have ip interface 192.168.2.254/24
VLAN ID 3 (ports: 7 - 10) have ip interface 192.168.3.254/24
VLAN ID 4 (ports 11- 15 ) have ip interface 192.168.4.254/24
and VLAN 1 default have IP address: 192.168.1.200
DHCP relay - DHCP server 192.168.3.1
- DHCP relay: VLAN2; VLAN3; VLAN4
ip route: 0.0.0.0 0.0.0.0 192.168.3.1
all ports of VLAN2, VLAN3, VLAN4 set access mode.
and another SF300-24
was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports 2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
Could you please help me check this situation?
How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
Thanks!
See you soon!

Son Nquyen,
First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
Thanks,
Jasbryan.

Firmware upgrade 1.3.0.62 -- 1.3.5.58 (SG 300-28P)

Should i be concerned doing the firmware upgrade remotely? I.e. remote to a local workstation and connecting to SG 300-28P from that workstation over LAN and doing firmware upgrade using WebGUI (Google Chrome)?
I've done the multiple upgrades on these switches this way and never had an issue.
However, Release Notes for 1.3.5.58 have some notice regarding boot image and I am concerned that configuration can be lost after the upgrade and if this is the case I'd be screwed since I won't be able to get on the switch to load the custom config after the fact.
Anyone who's done this upgrade please report if your configuration settings were left in place after the upgrade to 1.3.5.58.

Cameron hi,
Interesting input about loss of VLAN configuration while upgrading version. Is this the 1st time you see this issue, or does it happen also during regular reload of the switch?
Also - some question which can may provide additonal informaiton on issue (if you can provide these):
1) Did the issue happen on a port connected to another switch (an uplink port)? - If so what is the neigbor switch type?
2) would it be possible for you to to provide running and startup config before and after reload (of course without security sensative details).
3) Can you provide outputs of show CDP neighbors (detail) before and after reboot?
Thanks
Naftali

Waas without subinterfaces vlans on router

Hi my name is Ivan:
I have a wave 274, wae 674 and wave 574, and i would like to deploy the WAAS in this way:
Cisco wae central manager and wae core attached in the switch core 3750 in stack ( WS-C3750G-24TS-S1U and WS-C3750G-12S-S) with IOS
c3750-ipbase-mz.122-35.SE5.bin. But i want to configuring like it:
Switch Core Stack
int gig 0/x
description Link SwitchCore>>WAECentralManager
switchport mode access
switchport access vlan 100
int gig 0/y
description Link SwitchCore>>WAECore
switchport mode access
switchport access vlan 200
int gig 0/z
description Link SwitchCore>>RouterWAN
switchport mode access
switchport access vlan 300
int vlan 100
description VlanWAECentralManager
ip wccp 61 redirect in
ip add 10.0.41.1 255.255.255.0
int vlan 200
description VlanWAECore
ip wccp redirect excluded inn
ip add 10.0.42.1 255.255.255.0
int vlan 300
descripton VlanRouterWAN
ip add 10.0.43.1 255.255.255.0
int vlan 400
description VLan ServerFarm
ip wccp 61 redirect in
ip add 10.0.44.1 255.255.255.0
Config Router WAN
Int gig 0/a
description Link WAN
ip add 190.41.227.26 255.255.255.248.0
ip wccp 62 redirect out
int gig 0/b
description Link LAN
ip add 10.0.44.2 255.255.255.0
My question is: Is OK this configuration or there is something wrong?
Please could you help me
Regards
Ivan

hi,
as i wrote in my previous post, i'm using pfsense as software appliance on an intel-based server with one internal nic and extended by a 4-port nic. internal nic is WAN, 2 ports of the extended nic are LAN and DMZ.
in my opinion my problem has nothing to do with inter-vlan connectivity. i've forgotten to say, that servers have 2 nics inside, one belonging to DMZ, the other to LAN. but if a request from WAN belongs to a public ip (DMZ), the router forwards to DMZ vlan on the switch, and the switch to the DMZ nic of the server. in my opinion the response should go the other way round, but obviously it's not.
if i do a traceroute from an internal server's public ip nic to an other's LAN nic, it goes over the router. so vlan's are seeming to be ok. so what way a request to a public ip can be responded over the LAN uplink of the switch?!

SG-300-28P VLANs and Routing

Similar Messages

Maybe you are looking for