SG300-24P VLANs

I'm moving from a WS-C2960-24PC-L to a SG300-24P.  Most things are working ok.  I'm seeing one thing that isn't coming over as expected, but it might be a syntax problem.  I have two ports that are setup on two VLANs.  Here is the port config from the 2960:
interface FastEthernet0/1
switchport trunk native vlan 4
switchport trunk allowed vlan 4,40
 switchport mode trunk
interface FastEthernet0/2
 switchport trunk native vlan 4
 switchport trunk allowed vlan 4,40
 switchport mode trunk
Here is the port config from the SG300
interface gigabitethernet1
 switchport trunk allowed vlan add 40
 switchport trunk native vlan 4
interface gigabitethernet2
 switchport trunk allowed vlan add 40
 switchport trunk native vlan 4
The SG300 doesn't accept the same commands so this was as close as I could get.  Should this work as expected?  What I'm seeing is that VLAN 40 works ok, but not VLAN 4.

I figured it out with the following:
interface gigabitethernet1
 switchport trunk allowed vlan add 4,40
 switchport trunk native vlan 999
interface gigabitethernet2
  switchport trunk allowed vlan add 4,40
 switchport trunk native vlan 999
I created a fake VLAN 999 and set it to native. 

Similar Messages

  • SG300-24P (SRW2024P-K9) System LED's will not light but switch works fine

    I have two SG300-24P (SRW2024P-K9) switches installed and working fine but the system LED on lower left front corner does not come on. Any suggestions for us to get these lights to properly indicate the system is powered up and working?

    These switches come with limited lifetime warranty.  I think your best bet is to contact support: http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

  • SF300-24P VLAN CONFIG QUESTION

    Hi please excuse my ignorance and lack of knowledge in this field as I am a complete newbie when it comes to Cisco switches and VLANS etc. but trying to learn.
    I have a Cisco 300-24P and need to create two separate networks (private and public) ports 1 - 10 for Private and ports 11 - 20 for Public. I then to need ports 21 - 24 for access points and that can access both private and public.
    I am assuming that would need to create two vlans (e.g. VLAN100 for private and VLAN200 for public). After reading a little I think I need to set ports 1- 20 to "access" and ports 21- G4 to "trunk".
    I have attempted this but don't think I have things quite right. Would it be possible for someone to either point me in the right direction or even send me a saved config that I could load and examine.
    Many thanks in advance for your help.

    Hello, 
    I think I can clarify a few things for you:
    1- The ports that are going to connect directly to end stations will need to be configured as access ports with the respective VLAN as untagged.
    2- The ports that are going to be connected to the AP's will need to be configured as trunks with VLAN 100 un-tagged and 200 tagged. The AP should be able to understand VLAN's, they should be configured with and IP address on VLAN 100.
    3- By default, the un-tagged VLAN is the same PVID.
    Notes:
    A few things to keep in mind:
    1- I see you already have a router on the network, this is the one that will determine if the VLAN's can talk to each other based on the Inter VLAN configuration. In general terms, if inter VLAN is enabled on the router then Public and Private will be able to share traffic, otherwise they wont.
    2- When creating VLAN's on the SG300 make sure that you are not assigning IP addresses to any other VLAN than your management VLAN, otherwise you could have issues with the routing.
    3- To make sure the connectivity between the VLANs is working as you expect, make sure to do all the testing from the hardwired PC's first, that way you will know if the issue is on the router or the switch.
    I hope this was helpful.

  • SG300-10 VLAN Questions

    My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
    VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
    Workstation A (Wired)
    172.16.1.2/24
    Server B (Wired)
    172.16.1.3/24
    VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
    Server C (Wired)
    172.16.2.2/24
    Server D (Wired)
    172.16.2.3/24
    Server E (Wired)
    172.16.2.4/24
    Server F (Wired)
    172.16.2.5/24
    VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
    Laptop G (Wireless)
    DHCP via Router
    Laptop H (Wireless)
    DHCP via Router
    Laptop I (Wireless)
    DHCP via Router
    Wireless Router
    192.168.1.254/24
    Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
    So my questions are:
    1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
    2) Is VLAN 3 really necessary?
    3) What would I need to do, to get the 3 VLANs communicating with each other?
    4) What should the gateway be, to get VLAN 1 internet access?
    5) What would I need to do, to expose Server B services to the outside?
    6) What static routes do I need to add?
    Thanks in advance!
       Jer

    Hello Jeremy,
    Thank you for your interest and patience.
    You are on the right track here. However, several important changes must be made. Consider the following concepts:
    The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
    The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
    However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
    Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
    The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
    In this scenario, a SG300-10 is configured with 3 VLANs:
    VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
    VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
    VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
    VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
    ip route      0.0.0.0      0.0.0.0      192.168.1.1
    The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
    However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
    Subnet IP               Mask                    Gateway                                              Interface
    192.168.2.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
    192.168.3.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
    As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
    Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
    Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
    Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
    Do not hesitate to contact us. We are always happy to help.
    All the best,
    -David Aguilar
    Cisco Small Business Support Center
    1-866-606-1866

  • SG300 inter-VLAN routing and MAC address changes in incoming packets

    Hello
    I have SG300-20 working in Layer3 mode
    VLAN1 is not used
    Internet gateway is in VLAN211
    Clients are in other VLANs
    Switch is default gateway for clients and itself has internet gateway as default route.
    MAC address of switch is XX:XX:XX:XX:XX:63
    When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
    But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
    Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

    Hi Robert,
    I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
    When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
    Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
    Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
    Thanks,
    Chris

  • SG300-28 VLAN`s

    I would like to swich SG300-28 grouped into separate VLAN ports. (firmware ver. 1.3.7.18)   L2 mode
    1 separate vlan - Ports 1-4
       - Connected to port 1 on the router DHCP1 link
       - To ports 2-4 - stations that receive addresses from DHCP1
    2 separate vlan - Ports 5-8
       - 5 connected to the port of the router dhcp2 link
       - To ports 2-4 - stations that receive addresses from dhcp2
    problem: dhcp addresses are collected only for the subnet jedenj either of DHCP1, or from dhcp2
    For srw2016 I had no problems, and SG300-28 have no idea how to do it :)
    Can you suggest how to do it?

    Hi,
    As your configs do not show any GVRP configuration my view is that you have created vlans at both boxes in the static way. If this is the case the vlan configurations at both ends would show discrepancy as for the vlan 10 name (you can check via the "show vlan" command at both boxes).
    Can you please try to add the "name data" under "interface vlan 10" at L3 or delete the same line at L2 and then see if there is any progress.
    Best regards,
    Antonin

  • SG300's vlan isolation except for shared printers

    Hello,
    We have 2 x SG300-20's and 1 x SG300-10.
    We want to have a few vlans to isolate different departments from each other while still providing access to the broadband uplink as well as shared printers.
    The setup we would like would be something like this:
    1 x SG300-20 for VLAN 2
    1 x SG300-20 for VLAN 3
    1 x SG300-10 for VLAN 4-6
    Shared printer(s) on VLAN 6 which should be accessible from all other vlans
    We also have a RV180 router sitting in front of the switches which should provide broadband uplink access and trunking for the switches.
    We need to forbid vlan 2-5 from communicating with each other.
    In order to simplify and test, we are using the SG300-10 switch only in L3 mode at the moment with 3 computers to simulate 3 vlans but it seems to turn on inter-vlan routing on every port and vlan automatically when you set the switch in L3 mode and in L2 mode, vlan isolation works but we need to use the router to serve up dhcp and inter-vlan routing on a single vlan, which after over 6 hours of having the cisco tech logged into our system to try to set it up he gave up and said he didn't understand why it was not working...
    Is there a way to use this setup, or something simillar?
    We have contacted cisco support a second time and have had a tech test our switch config file for a week now and still no progress on this and we need to have this working asap.
    We were told that this was possible with our equipment but it seems there are serious limitations with this gear that even the cisco techs don't know about...
    We can provide the switch config upon request.
    Thanks!

    Hi Tom,
    I replaced the cisco RV180 with a netgear FVS318N and so far, in the lab anyways, I've gotten the setup the following setup to work:
    SG300-10 in layer 3 mode:
    Port 1 - Admin Port - Vlan 1 pvid
    Port 2 - general - VLAN 2 pvid - tagged vlan 4 - forbid vlan 3 - dhcp 192.168.2.0/24 (iface 192.168.2.203)
    Port 3 - general - VLAN 3 pvid - tagged vlan 4 - forbid vlan 2 - dhcp 192.168.3.0/24 (iface 192.168.3.203)
    Port 4 - general - VLAN 4 - Tagged vlan 2 - Tagged vlan 3 - dhcp 192.168.4.0/24 (iface 192.168.4.203)
    Port 10 - Trunk - pvid vlan 1 - Tagged 2-3-4 - (iface 192.168.254.203)
    Routes:
    Added default gateway to vlan 1 iface on router
    Added 192.168.1.0/24 gateway vlan 1 iface router ip (lab's upstream router is on that block which doesn't have an iface on the switch)
    IPV4 ACL:
    Port 2 - priority 500 - Deny any to vlan 3 subnet
                priority 1000 - permit any to any
    Port 3 - priority 500 - Deny any to vlan 2 subnet
                priority 1000 - permit any to any
    On the netgear router, vanilla config with the 4 vlans added to it and inter-vlan routing enabled with switch port 10 plugged into router port 7 for uplink.
    So far it seems to be working correctly, still need to test vlan hopping and static ip's and routing to simulate mis-configured or malicious computers plugged into the two main vlans but replacing the router seems to have done the job.
    Perhaps further testing would of resulted in a working setup with the RV180 but after so many hours wasted on this setup by us and by the cisco tech, it was time to make a move.
    What's your opinion on this setup Tom?
    I'm so tired I'm getting cross-eyed and might be forgetting something important.
    Thanks!

  • SF300-24P VLAN Confusion - autosmartport not being too smart?

    Hi Everyone, first question i've posted, i'll try and give as much information as possible, i'm an extremely quick learner as well and have been around networking for nearly 20 years but this is my first outing into the medium sized VoIP deployment with prioritised LAN traffic and a client that is itching to say "told you so" about using IP phones.
    I have 4 x SF300-24P switches in a network i'm deploying, 1 will be adjacent to the router (a draytek Vigor 3200 - 4xWAN Gigabit) and the other 3 will be trunked using the GE/01-GE/03 ports to the main switch and will then distribute through a patch panel to give me 96 network ports with PoE capability where required.  There will be 30+ IP Phones on the network, all of which are Yealink T38G SIP handsets.
    I want to have two VLAN's - one for regular workstations, and one for IP Phones with the IP Phone VLAN getting high prority for its traffic on the LAN - all documentation makes it sound simple but it doesn't seem to be working the way I think I expect it to.  I don't mind the two VLAN's sharing the same IP address space at this time and currently all occupy 10.0.0.0/24 internally.
    So, I have 2 questions and a problem.
    First, from the factory, the switches are configured that VLAN1 is the default VLAN and that auto-voice VLAN is also VLAN1?  Is this right?
    Second, i'm having trouble determining the difference in terminology for port types between general, access, trunk etc - obviously trunk is between switches and carries VLAN information through to the next segment of the network.
    My main problem seems to be with auto-voice VLAN and smartport.  If I enable smartport, the switch figures out through LLDP that the port is used by an IP Phone + Desktop (excellent, this is what I want it to do) so then puts the handsets in VLAN1 but then the handsets start to become invisible on the network after 2-3 minutes, the handsets then reboot because they've detected a network drop out and then reconnect, re-register at the voice server and are visible and contactable for 2-3 minutes then the loop begins again.
    If I disable smartport, the problem goes away.
    Am I unreasonably expecting that any user can unpack an IP phone and (subject to provisioning on the server), plug it into any port on the network and it will figure out that it's a phone, not a PC and then prioritise its traffic?
    What I want to avoid is the possibility of internal bandwidth lag if someone copies a large file over the network and people are using the phones that the phone users don't get packet loss or audio instability because of the file copy.  The internet side will be fine, the Vigor3200 has QoS facilities built in and i've had good success on smaller networks with these routers.
    Ideally I need a semi-planned network setup where people with WiFi SIP clients will also get some priority.
    I have set QoS on the handsets to match DSCP46 from the switches - can the traffic be manipulated this way or does it already do that in the DSCP to Queue setup which automatically puts anything above 40 in Queue 4 (high priority).
    All help very greatfully received.
    James

    Hello James,
    Welcome to the forums!
    About the default settings. The switch comes with vlan1 as the default vlan for all traffic.
    Here is a quick overview of the port settings
    access - one vlan
    trunk - multiple vlans
    general - multiple vlans (had additional options)
    When using the auto voice-vlan, you can have your port set as access for vlan 1 and when the switch see a phone connected, it will join the voice vlan also. This allow the ports to be dynamic. It is not necessary to do this. You can create all ports as trunk ports that are part of both your default vlan and your voice vlan.
    The benifits of auto-voice vlan
    -phones are discovered and joined to the vlan dynamically
    -predetermined QoS settings
    -security in that you can have your port set to access
    This is a relatively basic overview.
    As for the problem you are seeing. I would recommend that you check the firmware of the switch and upgrade if needed. While it may not have anything to do with the problem at hand, it will help prevent any future issues.
    I would suggest disabling the Green Ethernet, which can be found under the port management section. If you continue to see the problem after that, I would recommend giving us a call at the support center. We will be able to look a little closer to what is happening.
    http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

  • Cisco SG300-28 VLAN issues

    I'm throwing this out in hopes of finding a solution.  I just purchased the Cisco SG300-28 to replace an old Catalyst 3548 switch.  I have three VLAN's and I use a separate routing appliance.  My VLANS I use are 1 (management/Trunk), 100 (Regular Access), and 101 (Restricted Access).  On the Catalyst 3548 I statically assigned the ports for the Vlans.  My servers use trunk ports to communicate between the VLANs for various services.
    My problem is that when I setup the SG300-28 for trunk ports for the servers, I can communicate with them so long as I'm on another port that's not setup for the other two VLANS.  Vlan 100 and 101 don't route or get DHCP anymore.  I am also not able to ping back into the Vlans from the trunk ports.
    I believe my issue is that I don't understand the difference between the old way of statically assigning Vlans to the ports from the new way.  I was using V3 of the Cisco Networking Assistant which is different from the Web Interface of the Cisco SG300.  It also could be that I wasn't using the trunk ports properly.
    Either way, any assistance would certainly be appreciated.  Thank you.
    DJ Smith

    I did get this switch figured out finally and I apologize for not getting back to this sooner.  I had crafted a response only to have this board dump it so I am using notepad to
    save everything before posting.
    Here is a basic diagram
          /--------------{CISCO SG300-28}------------------------------------\
          |                                    |                         |                                  |           | 
          |                                    |                         |                                  |           |
      [Cisco 3548]    [VMWare ESXi 3.5]  [Windows SVR 2003]        |           |
        [Port 13]                 [Port 28]           [Port 27]                   [Ports 1-6] [Ports 7-12]
                                            /   \                       |                                  |           |
                                           /     \                      |                                  |           |
                                          /       \                     |                                  |           |
                                         /         \        [VLAN1, 100]            [WrkStns]   [WrkStns]
                                        /           \                                       [VLAN100]   [VLAN101]  
                   [Astaro GTWY  ] [MS Svr 2008]     
                   [VLAN1,100,101] [VLAN1      ]
    VLAN1   - Management
    VLAN100 - Main Network
    VLAN101 - Restricted Network
    I just put the main players on this setup.  The problem I was having is that the workstations wouldn't communicate with any of these devices.
    My problem was understanding how to use the web interface of the SG300 to get the devices to talk to the other devices.
    In the Cisco 3548 setup using the Cisco Networking Assistant you setup the ports to the VLANS was very staight forward.  Set 802.q and VLAN ID to the VLAN you wanted or ALL in
    the case of the Servers.
    With the Web interface, this is what I discovered:
    Under Create VLAN, I had to create VLAN 100 and 101
    Under Interface Settings, Set Ports g1-g6 to General.  Administrative PVID to 100.
    Then Set Ports g7 - g14 to General.  Administrative PVID to 101
    Then set Port g27 to General.  Administrative PVID left to 1
    Also set Port g28 to General.  Again, left PVID to 1
    Go to Port to VLAN settings;
    Change VLAN ID = to 100 press GO
    Select g1-g6 to untagged. Checked PVID box.  Also checked g13, g27, g28 to tagged.
    Changed VLAN ID = 101 Press GO
    Select g7-g14 to untagged.  Checked PVID box. Also checked g13, g28 to tagged.  Verified g27 to untagged.
    After that it was setup up like my old setup.  Everything communicating as it should.

  • SG300 voice vlan problem with UC520

    Hi Forumers'
    My problem statement:
    - refere to attached topology.png, this is how my network structure look like
    - the IP phone after boot cannot get connected, so it can't download the XML config file from UC520. suspicious switching problem.
    - my configuration shown at topology.png and my vlan voice config show as voice vlan setting.png
    - My requirement is SG300 switch single switchport to carry vlan data and vlan voice.
    - what is the trunking mode for voice VLAN siwth a IP phone+data should i configure? is it switchport voice vlan vvid, switchport voice vlan dot1p, switchport voice vlan untagged or switchport voice vlan none to suite above requirement?
    thanks
    Noel

    Hello Noel,
    Sorry for the late reply, things have been quite hectic around here lately
    1. Why use trunk? the UC520 only have vlan voice (vlan 20)
    Do you mean that the data VLAN is handled by another device ? Still I would leave it as a trunk in order to be able manage the UC through the data VLAN. (Unless for security or other reasons you would choose otherwise of course)
    2. The UC520 got CUE (voice messaging), how should i design the service module uplink to the core switch?
    Nothing in particular has to be done for this, CUE is handled and routed inside the UC520, the CUE vlan (default ID =90) is only used if you have another CUE in the network
    1. i guess i did this: swithcport tagged vlan 20, untagged vlan 10. is it ok for this setting?
    If the Voice Vlan on the switch and on the UC520 has been defined as VLAN 20 (default = VLAN 100) this is perfect. Verify if both on the UC and on the switch, the voice VLAN ID is set to 20.
    1. so if i just point the phone to vlan 20 (vlan voice), should i create the LLDP network policy?
    If you are ready to configure the VLAN manually on the phone, you don't need the LLDP policy, that is correct.
    The LLDP policy is being used for having the phones automatically choose the VLAN you defined, so you don't need to set it manually.
    Hope this answers your questions ?
    Best regards,
    Nico Muselle
    Sr. Network Engineer - CCNA

  • Need basic Help - SG300 with vlan and routing

    Hi,
    i need some basic help with configuring vlan/routing.
    Situation:
    DSL Router - Cisco 300 - XenServer
    192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
    goal is, to reach from inside xenserver vms the internet.
    vms = 192.168.2.x
    gateway ip = 192.168.2.1
    what i did:
    - configured vlan 102, tagged, with the xenserver port
    - configured on xenserver a network with vlan id 102, attached to the vm
    - this network is conntected to an external bond
    - configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
    - automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
    So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
    any ideas what i misconfigured or whats wrong?
    cheers,
    -Marco

    Hi Tom,
    ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
    But i cant ping external adresses, error: Destination net unreachable.
    My other problem i have, i cant reach any server from outside over router portforwarding.
    How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
    port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
    IPv4 Interface Table
    Interface
    IP Address Type
    IP Address
    Mask
    Status
    VLAN 1
    Static
    192.168.1.19
    255.255.255.0
    Valid
    Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
    the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
    when switching to layer 3 mode), but ive to look for the ios commands first.
    What else do i missing ?
    Thanks a lot,
    Marcus

  • SG300 DHCP VLAN requirements

    Hello,
    I was told I need either multiple DHCP server or DHCP server with multiple NIC or the DHCP server is capable to handle 802.1q to make the switch works with DHCP relay.
    Is that right?
    Thanks,

    Hi Matt, the SX300 cannot utilize the public IP addresses from the ISP for your clients to connect because it does not support NAT.
    I have the sense that is what you're attempting to do? Have a computer receive a private DHCP address then use the internet like normal like your current set up?
    -Tom
    Please mark answered for helpful posts
    http://blogs.cisco.com/smallbusiness/

  • No internet access on VLANs with RV042G and SG300

    I'm trying to set up a network for a small business which will have different offices, and so I want to separate them all by VLAN so that they cann't access each other's files. The problem is that I can't access the internet from any of the VLANs, including the default.
    The RV042G router is connected to the internet through the WAN1 port and has a static IP address of 10.4.1.1. I enables multiple subnets and added one for each of the VLANs (1 - admin, 10, 20, 30, 100 - guest). I also created static routes to the SG300 switch, which has an IP address of 10.4.1.2, 10.4.10.2, etc. The switch is in Layer 3 mode and is functioning as the DHCP server. I also have a wireless access point set up that broadcasts an SSID for each VLAN, however this is not the issue since no internet connection can be established wirelessly or with a wired connection.
    I am fairly certain it has something to do with the data not being correctly routed through from the internet to the client, however I can't seem to find what is configured incorrectly. If anyone could offer some suggestions it would be appreciated. Please let me know if you need more info, I have attached some of the configuration screens for reference.

    Hi Paul,
    Thanks for the suggestion, but I changed it from Gateway to Router and this didn't fix the problem, still no internet access.
    I have a cabel modem box that connects to the RV042G through WAN1, and then the RV042G connects to the SG300 through port 1 on the RV042G. On the RV042G, this port is set to VLAN1, while the port on the SG300 is set as a trunk port. The SG300 is then assigning IP addresses to the clients. It has 4 different VLANs created that go to different offices. Does this help you understand the setup any better?

  • SG300-28 Firmware 1.1.2.0 and 1.2.7.76 - Dynamic VLAN+freeRADIUS - Client get rejected

    Hello ladies and gentlemen,
    I am using several SG300-28 Switches with firmware version 1.1.2.0.
    I have dynamic VLAN enabled. As RADIUS server I am using freeradius 2.1.12.
    Authentication is only based on the MAC address. (I configured that on the switches)
    On the switches I created three VLANs. VLAN100 for the authenticated clients, VLAN200 for Management interface and VLAN300 as Guest VLAN. After a wrong authentication the clients should be put into this Guest VLAN immediately (I configured this on the switches).
    I am using Windows XP and Windows 7 clients in my network. I did not configure any EAP settings because I just wnat to use the MAC address.
    In most cases the dynamic VLAN assignment and authentication is working fine. The switch log says that the client is authenticated and the same I can see on freeradius log. But in some (rare) cases the client is rejected. The CISCO log says "MAC aa:bb:cc:dd:ee:ff was rejected on port ge17" but when I look at the freeradius log then this MAC address was successfully authorized.
    The problem is that the client gets an IP address based on the Guest VLAN300 but after that the switch seems to "switch" the VLAN on the port and then the client is authenticated correctly on the right VLAN but the client does not request a new IP on the new VLAN.
    If I unplug and re-plug the LAN cable in most cases the client get the correct VLAN and the correct IP.
    This is happening randomly on nearly all my PCs.
    I would really appreciate your help. Do I have to set some timers higher ? I don't think it is a problem between switch and RADIUS but a problem between communication of the host and the switch.
    Thank you very much for your help!
    Regrads
    Alexander Wilke

    This is from my CISCO log. The computer is always online but there are repeatingly rejects and then with a delay of some minutes an accept.
    2147483395
    2012-Aug-09 21:40:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483396
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483397
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483398
    2012-Aug-09 21:16:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483399
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483400
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483401
    2012-Aug-09 21:04:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483402
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483403
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483404
    2012-Aug-09 20:52:02
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483405
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483406
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483407
    2012-Aug-09 20:40:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483408
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483409
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483410
    2012-Aug-09 20:16:06
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483411
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483412
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483413
    2012-Aug-09 19:28:01
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483414
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483415
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483416
    2012-Aug-09 19:15:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483417
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483418
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483419
    2012-Aug-09 19:04:00
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483420
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483421
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483422
    2012-Aug-09 18:27:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483423
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483424
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized    
    Any ideas ?

  • SG300: How to set up routing between VLANs?

    I have recently purchased a Cisco SG300-10.  I need it to perform routing between two VLANs on the switch. Seems like this should be quick and easy to do from the built in GUI. When I configure it according to the documentation, it does not ropute between the VLANs.
    I have set the system mode to L3 (for level 3 switching).
    I have followed the instructions on pages 26 through 33 of the attached PDF (which I obtained from the Cisco site). I used the same ports on the switch and the same IP addresses as shown in the document.
    Everything works until I attempt the step "ping 10.1.1.10" on page 33. This is the step to verify the level 3 switching between the 2 PCs (on separate VLANs).
    The switch Firmware Version (Active Image): 1.3.5.58
    I have attached the running configuration from the switch. It is the file named "running-config.txt".   
    The 2 PCs that I am using are running Windows 7 and Windows 8.

    Hi jkst,
    There is a very minimum requirement to obtain layer 3 intervlan routing
    1- 2 VLAN in layer 3 mode assigned an IP address
    config t
    vlan database
    vlan 2
    int vlan 1
    ip address 192.168.1.1 /24
    int vlan 2
    ip address 192.168.2.1 /24
    2 - Active link state on each VLAN - Define a port for the second vlan then connect an IP device to that port and another device to another port since the rest of the ports will default to vlan 1
    config t
    int gi2
    switchport mode access
    switchport access vlan 2
    3 - Assign your device #1 that connects to any port an ip address on the same subnet as vlan 1
    Computer in vlan 1 IP info=
    192.168.1.100
    255.255.255.0
    192.168.1.1
    Computer in vlan 2 IP info-
    192.168.2.100
    255.255.255.0
    192.168.2.1
    Assuming these devices respond to ping and do not have external wireless communication, this will provide basic IP connectivity through the switch across vlans.
    -Tom
    Please mark answered for helpful posts

Maybe you are looking for

  • (SOLVED) Closing a terminal window

    When I am through using the terminal window, I hit the X at the top right corner but get this message: There is still a process running in this terminal. Closing the terminal will kill it. Why do I get this? I think I have nothing running. is there a

  • How to use bapi /external service directly in application service

    Hi I have to use BAPI_ALM--RDER_MAINTAIN in my caf application i have imported it as external service.As there are problems mapping its input fields to entity service , it has to be consumed directly vai application service. But i ahve never done so

  • Why is no download showing up with Creative Suite 6 Design & Web Premium

    I ordered and paid for my product by phone 13 days ago. When I go to my recent orders page, there's a download link. When I click the link it opens to a page that says "no downloads available." The product has been paid for in full and I've spent ove

  • Programmat​ically setting report options.

    Is there a way, either through the TestStand engine interfaces or through writing property variables, to set the TestStand Report options? Specifically I'd like to affect the 'Disable Report Generation' option, and the 'Report Format' option. Thanks,

  • 1.1.4 no sync on 8 gig touch

    I finally had the chance to update my ipod firmware to 1.1.4 and it destroyed my ipod. After downloading the update, the ipod would hang on the "verifying ipod software" until itunes crashed (7 or 8 times). after finally getting the ipod to update co