SG300-10 VLAN Questions

My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
Workstation A (Wired)
172.16.1.2/24
Server B (Wired)
172.16.1.3/24
VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
Server C (Wired)
172.16.2.2/24
Server D (Wired)
172.16.2.3/24
Server E (Wired)
172.16.2.4/24
Server F (Wired)
172.16.2.5/24
VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
Laptop G (Wireless)
DHCP via Router
Laptop H (Wireless)
DHCP via Router
Laptop I (Wireless)
DHCP via Router
Wireless Router
192.168.1.254/24
Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
So my questions are:
1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
2) Is VLAN 3 really necessary?
3) What would I need to do, to get the 3 VLANs communicating with each other?
4) What should the gateway be, to get VLAN 1 internet access?
5) What would I need to do, to expose Server B services to the outside?
6) What static routes do I need to add?
Thanks in advance!
   Jer

Hello Jeremy,
Thank you for your interest and patience.
You are on the right track here. However, several important changes must be made. Consider the following concepts:
The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
In this scenario, a SG300-10 is configured with 3 VLANs:
VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
ip route      0.0.0.0      0.0.0.0      192.168.1.1
The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
Subnet IP               Mask                    Gateway                                              Interface
192.168.2.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
192.168.3.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
Do not hesitate to contact us. We are always happy to help.
All the best,
-David Aguilar
Cisco Small Business Support Center
1-866-606-1866

Similar Messages

  • The old native vlan question....

    Topic came up during troubleshooting a 3524XL sw.
    I think my understanding of the native vlan concept is wrong.
    I thought on a trunk port (Cisco device) that any packet transversing a trunk link (dot1q trunk that is) has a vlan tag applied on the egress port.  As an untagged packet arrives on the port (prior to being sent out over the trunk), its is tagged with the native vlan (if its not assocated with any other vlan), then sent out the (egress) the trunked port. 
    But lately I have been reading that
    "A native vlan is the untagged vlan on an 802.1q trunked switchport. The native vlan and management vlan could be the same, but it is better security practice that they aren't. Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan. Frames egressing a switchport on the native vlan are not tagged. This is the definition however more recent switch software often will allow you to tag all of the frames, even those in the native vlan. This gives some added security and allows the CoS bits to be carried between switches even on the native vlan. Let me know if you need further clarification."
    From : https://learningnetwork.cisco.com/thread/8721
    So this tells me that you can have a packet transversing a dot1q link w/o a vlan tag...then when it arrives on the other end its put in the vlan that is on that native vlan question.  Is this correct?
    If so, and a packet can transverse a trunk link w/o a VLAN tag applied, how does a sw detect (ingress) a native vlan mismatch?
    Thanks!

    Hi,
    It's correct, the native vlan is not tagged by default on the trunk link but some platform can make you tag all traffic though even the native vlan.
    The native vlan mismatch is detected through cdp.
    Regards.
    Alain.
    Don't forget to rate helpful posts.

  • SG300-28P L3 vlan Question

    Hi,
    I am struggling for last 20 days to figure out how to change IP on my switch. When the switch came up 1st time, it grabbed a DHCP address from my server. I changed configuration to L3 config instead of default L2. After that point it doesn't give me an option to change the static IP. I changed to static IP but it lets me change the mask only.
    My need is to change the vlan1 interface IP to be the default gateway of .1. So far I am unable to do this. Attached screenshot shows the IP address field is not modifyable.
    Any ideas?

    I will have to buy that USB/Serial cable now. I could never get the telnet or SSH to work on this switch. Even I opened up whole rulebase. See attached screenshot.
    Off topic:
    I am surprised why Cisco didn't choose to implement CDP on these switches. There is a MIB loaded but no option to turn up CDP.

  • SG300-28P QoS Question

    Hello,  I have SG300-28Ps as the PSE's for my IP telephone system.  The phones are tagging their voice packets as DSCP 46 as directed by auto voice vlan. The QoS settings on the switch are at default - Basic Mode, Trust DSCP, strict priority, etc.
    On the PBX itself, DB programming allows me to program the 'Type of Service' for the voice packets. The recommended value in the manual was 184 which makes sense, as this decimal value for ToS corresponds to DSCP 46, CoS 5, etc.
    The question comes though, do I need to change the trust mode on the switch? I'm not real clear on the differences between them.
    Regards,
    -Brayton

    Hi Brayton,the trust mode doesn't need to be changed. 802.1p specifies a 3 bit field called a  PCP within the etherner frame header when using tagged vlan frames. This will contain a class of service priority.
    The CoS is able to map to DSCP values. The DSCP has a 6 bit field called diffserv (differentiated service). CoS values are able to be mapped to DSCP values. Video is generally CoS 4 while voice is generally CoS 5. Within the SX300 you are able to manually set the mapping to any value you'd like. With trust mode, the switch will basically accept and agree with whatever the tagged ethernet frame contains. Without trust mode, the switch will remark the packet based on the PCP and DiffServ value to fit in to the different categories.
    -Tom
    Please mark answered for helpful posts

  • Vlan & Inter Vlan question

    Here is my network layout:
    I have a cable modem connecting to a Linksys WRT54GL (DDWRT) router. Port 1 on the WRT54GL is connect to port 01 on the SG300-10 switch.
    On the SG300-10 I've created two Vlans (Vlan 30 & Vlan 40). I assigned ports 3 & 4 on the SG300-10 to Vlan 30 and ports 5 & 6 to Vlan 40. Vlan 30 has the IP Address 10.10.30.1 and Vlan 40 has an Address of 10.10.40.1. The default Vlan (Vlan1) has an Address of 10.10.20.2. The default gateway (WRT54GL router) has an Address of 10.10.20.1. I have also enable DHCP relay on the switch and enter the command "ip routing". My question is on either vlan if I wanted to setup static addresses for clients would I use the 10.10.20.1 (WRT54GL) address as the default gateway? Also, what additional configurations do I need to make for the Vlans to be able to talk to each other and be able to access the internet?
    Thanks,

    Van,
    Thanks for the reply. The SG300-10 is in layer 3 mode. I have configured the DHCP server accordingly. Here is my setup:
                       cable modem
                              |
                              |
                       linksys wrt54gl (10.10.20.1)
                              |
                              |
                       sg300-10  Vlan1=  10.10.20.2 (manage)
                                      Vlan30= 10.10.30.0 /24 (GW= 10.10.30.1)
                                      Vlan40= 10.10.40.0 /24 (GW= 10.10.40.1)
    You said that for inter-Vlan to work I need to set the clients GW to the switch. Would that be the Vlan's gateway for clients in each vlan? For example if a client was in vlan30 their gw would be 10.10.30.1?
    The clients are not able to access the internet from the vlan. How would I configure the static on the switch for the vlans to be able to access the internet? Would this work:  ip route 0.0.0.0 0.0.0.0 10.10.20.1?

  • SG300 voice vlan problem with UC520

    Hi Forumers'
    My problem statement:
    - refere to attached topology.png, this is how my network structure look like
    - the IP phone after boot cannot get connected, so it can't download the XML config file from UC520. suspicious switching problem.
    - my configuration shown at topology.png and my vlan voice config show as voice vlan setting.png
    - My requirement is SG300 switch single switchport to carry vlan data and vlan voice.
    - what is the trunking mode for voice VLAN siwth a IP phone+data should i configure? is it switchport voice vlan vvid, switchport voice vlan dot1p, switchport voice vlan untagged or switchport voice vlan none to suite above requirement?
    thanks
    Noel

    Hello Noel,
    Sorry for the late reply, things have been quite hectic around here lately
    1. Why use trunk? the UC520 only have vlan voice (vlan 20)
    Do you mean that the data VLAN is handled by another device ? Still I would leave it as a trunk in order to be able manage the UC through the data VLAN. (Unless for security or other reasons you would choose otherwise of course)
    2. The UC520 got CUE (voice messaging), how should i design the service module uplink to the core switch?
    Nothing in particular has to be done for this, CUE is handled and routed inside the UC520, the CUE vlan (default ID =90) is only used if you have another CUE in the network
    1. i guess i did this: swithcport tagged vlan 20, untagged vlan 10. is it ok for this setting?
    If the Voice Vlan on the switch and on the UC520 has been defined as VLAN 20 (default = VLAN 100) this is perfect. Verify if both on the UC and on the switch, the voice VLAN ID is set to 20.
    1. so if i just point the phone to vlan 20 (vlan voice), should i create the LLDP network policy?
    If you are ready to configure the VLAN manually on the phone, you don't need the LLDP policy, that is correct.
    The LLDP policy is being used for having the phones automatically choose the VLAN you defined, so you don't need to set it manually.
    Hope this answers your questions ?
    Best regards,
    Nico Muselle
    Sr. Network Engineer - CCNA

  • SG300 inter-VLAN routing and MAC address changes in incoming packets

    Hello
    I have SG300-20 working in Layer3 mode
    VLAN1 is not used
    Internet gateway is in VLAN211
    Clients are in other VLANs
    Switch is default gateway for clients and itself has internet gateway as default route.
    MAC address of switch is XX:XX:XX:XX:XX:63
    When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
    But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
    Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

    Hi Robert,
    I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
    When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
    Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
    Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
    Thanks,
    Chris

  • SG300-28 VLAN`s

    I would like to swich SG300-28 grouped into separate VLAN ports. (firmware ver. 1.3.7.18)   L2 mode
    1 separate vlan - Ports 1-4
       - Connected to port 1 on the router DHCP1 link
       - To ports 2-4 - stations that receive addresses from DHCP1
    2 separate vlan - Ports 5-8
       - 5 connected to the port of the router dhcp2 link
       - To ports 2-4 - stations that receive addresses from dhcp2
    problem: dhcp addresses are collected only for the subnet jedenj either of DHCP1, or from dhcp2
    For srw2016 I had no problems, and SG300-28 have no idea how to do it :)
    Can you suggest how to do it?

    Hi,
    As your configs do not show any GVRP configuration my view is that you have created vlans at both boxes in the static way. If this is the case the vlan configurations at both ends would show discrepancy as for the vlan 10 name (you can check via the "show vlan" command at both boxes).
    Can you please try to add the "name data" under "interface vlan 10" at L3 or delete the same line at L2 and then see if there is any progress.
    Best regards,
    Antonin

  • A very odd VLAN question -please help

    Hi,
    We have two subnets 10.1.1.0 and 10.1.2.0 and these subnets are phisically separated. we also have two VLANS, VLAN 2 and 3, please think of the VLAN 2 as the default VLAN 1. strenge, it has been like this when I took over. there is no trunking between these two VLANS. 10.1.1.0 is the main network and all the servers and users arfe on it and 10.1.2.0 is a Dev environment and some development severs are on it.
    I have given an IP address from the maon subnet i.e. 10.1.1.0 to a switch which is used for Dev environment on its SC0 and have assigned it to VLAN 2 but the rest of the 10.1.2.0, i.e. the Dev environment is on VLAN 3. from the main network I cannot ping that IP address (naturally) and I don't know how to build on what we currently have without making major changes and build over time as transparant as possible.
    I am sorry for this very long expalanation.
    I guess I need to know if I can make trunking between these two VLANs, i.e. VLAN 2 (main 10.1.1.0) and VLAN 3 (Dev environment 10.1.2.0) with out needing a router? of if I need a router, how? so that I can build upon it over time.
    well, I have given an IP address from main subnet from VLAN 2 to a swotch which is for VLAN 3 or Dev environment!!! I really didn't know how to do this in order to make it as trasnparant possible to others since I am not in charge of the AD and the servers.
    Please forgive me for my somehow vague explanation and I hope I could have made a question.
    Thanks,
    Masood

    Hi and thanks for responding. Almost all my switches are L2/L3 Cisco CAT switches with two 3560 at the edge with knowledge of public network located between my two border routers and my Firewalls. My main switch is a Cisco CAT 4510 R with is a layer 2 and 3 switch with Cisco IOS and a few 3550s and 3512s around. I also have two CAT 4006s with CAT OS but these aren't my current concern as I know that I need to either use one of these swithes or a router to route between my VLANs. I do have a Cisco Router, a 2621 as my main router with its fa 0/1 is used for my two mian subnets (servers, devices, and users are on these two subnets 10.1.1.0 and 10.1.4.0) and the DHCP server is givng out IPs out of these two private subnets. the other interface on this router fa0/0 is used for 10.1.2.0 which is totally isolated subnets with a bounch of servers on it called Dev Environment. The AD guys want it this way.
    Ok, now, when I take over this network I realized that those people who were looking after this network had created two VLANs, VLAN 2 (acting as the default VLAN 1 actually and used for managemnt of devices too) and VLAN 3 (VLAN 3 is for 10.1.2.0, i.e. the DEv Evironment, so bacically all of my devices, servers and users are on VLAN 2!!! and no trunking.....
    I have provided a Diag of my network topology.
    what I need to do is to find the best way to create a few more VLANs on my main network (10.1.1.0 and 10.1.4.0) and put all the servers on one VLAN; say VLAN 2 and few other segments and ten start to route between them by trunking. My problem is that the AD guys do not want to get involve and do not want (one of them my boss) to do IP renumbering so i need to do this at the L2 (by MAC addrss may be) and then use the router or (I can upgrade my main router to provide more interfaces with more mem and processing power) and use t to route between VLANs. this router is also used to connect us to a remote office where we have our Web Servers hosted via a T1 point-to-point as we are an online business so I need to be very carefull with this mission and have all the server and web Servers at this locations and my remote locations (10.5.1.0) on a same VLAN and then user on different VLANs by segmenting departments.
    Now, you see my delema and the challange that I am facing. how this can be done slowly and gradually. first adding one more VLAN put all the servers on it (also, back interfaces and clustering of servers in mind) and users on another, then, start trunking and see how it works. if all goes well then I can start creating more VLANs and that would be the easy part and point them to the trunk Interface / Link.
    Your thoughts will be greataly apreciated.
    Thx,
    Masood

  • SG300's vlan isolation except for shared printers

    Hello,
    We have 2 x SG300-20's and 1 x SG300-10.
    We want to have a few vlans to isolate different departments from each other while still providing access to the broadband uplink as well as shared printers.
    The setup we would like would be something like this:
    1 x SG300-20 for VLAN 2
    1 x SG300-20 for VLAN 3
    1 x SG300-10 for VLAN 4-6
    Shared printer(s) on VLAN 6 which should be accessible from all other vlans
    We also have a RV180 router sitting in front of the switches which should provide broadband uplink access and trunking for the switches.
    We need to forbid vlan 2-5 from communicating with each other.
    In order to simplify and test, we are using the SG300-10 switch only in L3 mode at the moment with 3 computers to simulate 3 vlans but it seems to turn on inter-vlan routing on every port and vlan automatically when you set the switch in L3 mode and in L2 mode, vlan isolation works but we need to use the router to serve up dhcp and inter-vlan routing on a single vlan, which after over 6 hours of having the cisco tech logged into our system to try to set it up he gave up and said he didn't understand why it was not working...
    Is there a way to use this setup, or something simillar?
    We have contacted cisco support a second time and have had a tech test our switch config file for a week now and still no progress on this and we need to have this working asap.
    We were told that this was possible with our equipment but it seems there are serious limitations with this gear that even the cisco techs don't know about...
    We can provide the switch config upon request.
    Thanks!

    Hi Tom,
    I replaced the cisco RV180 with a netgear FVS318N and so far, in the lab anyways, I've gotten the setup the following setup to work:
    SG300-10 in layer 3 mode:
    Port 1 - Admin Port - Vlan 1 pvid
    Port 2 - general - VLAN 2 pvid - tagged vlan 4 - forbid vlan 3 - dhcp 192.168.2.0/24 (iface 192.168.2.203)
    Port 3 - general - VLAN 3 pvid - tagged vlan 4 - forbid vlan 2 - dhcp 192.168.3.0/24 (iface 192.168.3.203)
    Port 4 - general - VLAN 4 - Tagged vlan 2 - Tagged vlan 3 - dhcp 192.168.4.0/24 (iface 192.168.4.203)
    Port 10 - Trunk - pvid vlan 1 - Tagged 2-3-4 - (iface 192.168.254.203)
    Routes:
    Added default gateway to vlan 1 iface on router
    Added 192.168.1.0/24 gateway vlan 1 iface router ip (lab's upstream router is on that block which doesn't have an iface on the switch)
    IPV4 ACL:
    Port 2 - priority 500 - Deny any to vlan 3 subnet
                priority 1000 - permit any to any
    Port 3 - priority 500 - Deny any to vlan 2 subnet
                priority 1000 - permit any to any
    On the netgear router, vanilla config with the 4 vlans added to it and inter-vlan routing enabled with switch port 10 plugged into router port 7 for uplink.
    So far it seems to be working correctly, still need to test vlan hopping and static ip's and routing to simulate mis-configured or malicious computers plugged into the two main vlans but replacing the router seems to have done the job.
    Perhaps further testing would of resulted in a working setup with the RV180 but after so many hours wasted on this setup by us and by the cisco tech, it was time to make a move.
    What's your opinion on this setup Tom?
    I'm so tired I'm getting cross-eyed and might be forgetting something important.
    Thanks!

  • Private vlan question

    I am replacing a standard set of switches out with ones that can support PVLAN's. All our switches currently have their ip address on vlan 1 and that is the subnet which the default gateway resides. The second switch acts as a redundant switch and will need the same vlans as the primary. Currently they are etherchanneled together. I want to setup a single private vlan with one isolated vlan and several community vlans. My question is where do I put the IP address? Do I still setup a vlan 1 interface as I have done all along? Or do I put the addrss on the primary private vlan? And I assume I will need to setup a trunk between the two switches, vs. etherchannel?

    Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three types of private VLAN ports:
    •Promiscuous—A promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN.
    •Isolated—An isolated port has complete Layer 2 separation from other ports within the same private VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
    •Community—Community ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated ports within their private VLAN.
    PVLANS are also knows as secondary vlans, they are always associated to primary vlans so they can communicate to other devices outside their subnet through the default gateway. The management ip address or sc0 if it's CAtOS will always be in primary vlan or if native IOS and it's interface vlan it will always be the primary vlan. so, to answer your question, the management ip address will be in primary vlan.
    –You cannot use the inband port, sc0, in a private VLAN.
    Note: With software release 6.3(1) and later releases, you can configure the sc0 port as a private VLAN port; however, you cannot configure the sc0 port as a promiscuous port.

  • IPS VLAN question

    I am configuring an IPS 4260 in promiscious mode, and have a question about VLAN assignment.  Does the sensing interface need to be in the same VLAN as the switchport you are spanning?  Also does this port need to be a trunk?
    Also If you want to log traffic only and not issue resets, do you just leave the default or do I need to switch anything off?
    Thanks in advance!

    Hi Networker99,
        As long as you aren't using the "encapsulate replicate" command on the SPAN session sending the traffic to the sensor, the traffic will be copied without VLAN tagging information and no additional configuration on the IDS side should be necessary.
    If you want to prevent TCP resets you should either designate an unused port as an alternate TCP reset interface for the promiscuous sensing interface or, alternatively, create a simple Event Action Filter to remove the "TCP Reset" action from all signatures on the sensor.
    Best Regards,
    Justin

  • SG300-24P VLANs

    I'm moving from a WS-C2960-24PC-L to a SG300-24P.  Most things are working ok.  I'm seeing one thing that isn't coming over as expected, but it might be a syntax problem.  I have two ports that are setup on two VLANs.  Here is the port config from the 2960:
    interface FastEthernet0/1
    switchport trunk native vlan 4
    switchport trunk allowed vlan 4,40
     switchport mode trunk
    interface FastEthernet0/2
     switchport trunk native vlan 4
     switchport trunk allowed vlan 4,40
     switchport mode trunk
    Here is the port config from the SG300
    interface gigabitethernet1
     switchport trunk allowed vlan add 40
     switchport trunk native vlan 4
    interface gigabitethernet2
     switchport trunk allowed vlan add 40
     switchport trunk native vlan 4
    The SG300 doesn't accept the same commands so this was as close as I could get.  Should this work as expected?  What I'm seeing is that VLAN 40 works ok, but not VLAN 4.

    I figured it out with the following:
    interface gigabitethernet1
     switchport trunk allowed vlan add 4,40
     switchport trunk native vlan 999
    interface gigabitethernet2
      switchport trunk allowed vlan add 4,40
     switchport trunk native vlan 999
    I created a fake VLAN 999 and set it to native. 

  • VTP Vlan question

    Dear,
    This question has been bugging my mind lately, say you configure a switch to put it inside a VTP domain. Let's say the access vlan has to be 8 and voice 10.
    If you preconfigure the ports the switch will auto create the vlan locally to the switch, but when you put in a VTP domain as a client, will it overrride the VLAN's you created.
    Since if you already made the ports a member of vlan 8, and vlan 8 also exists in the VTP domain you will insert the switch in, will it just override your switch settings?
    Kr,

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    I believe VTP won't override the actual port VLAN setting, but it should override the switch's previously defined VLANs.
    In your example, the ports in VLAN 8 would still be in VLAN 8 as it's also defined to the VTP domain, but suppose VLAN 8 wasn't.  In that case, your VLAN 8 ports wouldn't extend across any trunks, and they might no longer function as a VLAN within the switch itself.

  • RV180 VLAN Question

    My plan is to use VLAN1 for the internal private network and VLAN2 for free public wifi. My question is can I use a PC on VLAN1 to configure/manage my access points? There are no dedicated PCs on VLAN2.
    Sent from Cisco Technical Support iPad App

    Hi Terp,
    I just finished setting up my RV180 with 2 VLANs: VLAN1 and VLAN5. VLAN1 is the management or default VLAN; while VLAN5 is my wireless guest VLAN.
    My VLAN1 is 192.168.1.1. I have set all of the gateway settings according to our companies outside provider (phone and internet). The DNS settings are completed for both primary and secondary servers.
    VLAN1 is where all our data files and office specific stuff is located. VLAN1 can access servers, users, and internet.
    Under Networking>Multiple VLAN Subnets>
    The DHCP Server for VLAN1 is set to NONE.
    My VLAN5 is on ip address range 10.0.0.100-254/255.0.0.0. I have the DHCP Server set for this VLAN.
    I did this so I did not get confused when checking Ipconfigs and now my free wifi users are clearly identified.
    I am using a Cisco WAP321 as my access point. I have this hard wired to port 4 of my router. I do have a managed switch, but it is only on VLAN1 and therefore does not enter the equation.
    I use a static ip address for my WAP in the 192.168.1.xx range. IPv4 Network Settings
    I made sure under Wireless>Networks I made sure I have both VLANs with the same names and for VLAN1 I use the same security key as on the router.
    Also I have Enabled Untagged VLAN on VLAN1 and Management on VLAN1.
    I have DNS proxy enabled, BUT because this unit has a static ip address, I have to set my DNS server settings! This kept my guests from getting internet access for a few days. DON'T FORGET THIS
    Anyway, everything works perfectly now.
    Hope this helps.
    Kaigh Taylor

Maybe you are looking for

  • Syncing iPhone and voice memos?

    Hi. If I sync my iPhone with a new computer for the first time iTunes says it must "erase and sync". Will this erase my current voice memos on my iPhone?

  • Invoking LC webservices from VB6 where "invoke" is reserved word

    Hi everyone: I'm making some poceses tests on one customer (We are running a proof of concept and  positioning LC technology ) who wants to invoke LC PDF-G orchestrated services using the WS endpoint from an VB6 app. When the VB6 app creates the prox

  • SPNego - Login Screen Appears for IE Browser in Some machines.

    Hi, We've done the SPNEGO Implementation for Portal SSO. All the settings related to KDC in AD server, Portal WAS and IE browser client settings have been done. In most of the machines with WINDOWS XP SP2, portal login screen is not getting appeared

  • Oracle Webcenter license

    Hi, Would like to know if I create system that is using one of the component in WebCenter. Do I need to purchase the whole Webcenter or I can use it for free? if need to purchase, what kind of license I need to purchase? Please advice. Thanks.

  • ASA 5520

    i have ASA5520.its new installation.plz suggests. my network have a two Mail Servers and one ISA Server.i have planned put my mail server to DMZ network and ISA server into my inside network.inside users connect internet via my ISA Server.the above p