SG300 series duplicate IP on VLAN

Similar Messages

• Re:Can't able to access shared folders from different VLANs in SG300 series switches

  Hi All,
  I supplied 3 numbers of SG300 series switches for the sole reason to have inter-vlan routing. I created 4 VLANs in the switches and made one switch as Layer 3 switch and other 2 as Layer 2 switch. Inter-Vlan routing is working fine. I am able to ping PCs from different VLANs. But I am not to access shared folders. Customer has installed Window 2003 server installed and it is in VLAN 1. There are some folders created in this server and it is very important for users to have access to the folders.Also, I am not able to access shared folders in other VLANs. I have created a case with Cisco small business and I got a reply saying that the switches will not support shared folder feature, which I think is not real. I am getting a very time to implement this solution in the network. I have a Sonicwall firewall after Core switch which is connected to ISP.
  ISP<----->Sonicwall FW<----->Core Switch<------>Layer 2 switch<------>Layer 2 switch
  Kindly help me out to resolve this issue.
  Regards,
  Prashant K

  Hi Prashant,
  I think you're running into a Windows firewall issue. SMB file sharing, by default I believe, is only allowed on your local subnet. Please try disabling windows firewall on the computer hosting the shared folder, then see if you can access the shared file.
  Best,
  David
  PS: It looks like this post got published twice. You can delete the other one using the task bar on the right.
  Please remember to rate helpful resonses and identify correct answers.

• SG300 series and CDP

  Hi,
  I noticed that the SG300 series of switches do not support CDP.  However, will these switches pass CDP packets onto an upstream device?
  Thanks

  Hi canadianicon25,
  As David has pointed out, there should be a firmware release that will enable CDP on the SG300 series in the very near future, however, you can still use the SG300 series switches with a UC320W.  Please follow the setup guide found on the following link to setup your SG300 switch for use in UC320W environment.  Partner login is required to view the document.
  http://tools.cisco.com/s2slv2/ViewDocument?docName=EXT-AS-370390
  Cheers,
  Julio

• HSRP - Duplicate address on Vlan, sourced by mac-address

  Hi ,
  Network structure
  Switch A --- Customer firewall 1
     |                
  Switch B  --- Customer firewall2
  May be some one can help me.
  There was a nagious alert yesterday and on investigation I found the 'Duplicate address x.x.x.x(VIP) on Vlanxxx, sourced by 0006.b19c.c5d9' error
  It a HA feed from our switches which is going to customer firewalls.
  On further investigation I have found on our switch A the ARP table is not learning the VIP address from this mac-address where as on switch B is learning the VIP address through mac 0006.b10c.c8d9 which is customer sonic firewall which is not a normal behaviour.   
  Our switches are Cisco 3560 switch.
  Please if you could let me know what causing this.

  Hi mcgowan,
  Yes, there is duplicate MAC. But, its duplicate between interface vlan address and virtual MAC address on HSRP.
  when I type command :
  show mac address | i 0000.0c07.ac01
  It shows me :
  100    0000.0c07.ac01    STATIC      CPU
  I think this MAC generate by system on HSRP. Currently I shutdown interface vlan 100 on switch A, like as your suggestion. But the impact is my client will get trouble when switch B is down, because HSRP is not running well.
  Regards,
  Rakhmad

• SG300 recommended setup for single vlan

  I have 4 SG300 switches running in their default configuration. 
  I have a single subnet and have been working just fine.
  I tried expanding my subnet from a /24 to a /23 but am having trouble communicating between old and new parts of the subnet.  Pings to the new part of the subnet work once or twice then stop. 
  What kind of setup is recommended for this?  Apparently the default config is blocking traffic to the new addresses, but I don't know why.
  I did verify that putting a single dumb switch in place fixes the problem.  I thought the default config fo these switches basically acts like a dumb switch, but I guess not.
  I also noticed that when pings stop going, if I look at the arp -a on the source PC, the MAC of the destination is a single Cisco brand Mac for ALL the devices on the new part of the subnet.
  I do understand IOS Vlan setups, but I'm consfused by the GUI terminology.  And don't know whether I can just continue using the single default VLAN or if I should create a new one. 

  Hello Chris,
  One thing that stood out to me was you said you are unable to ping from the old part of the subnet to the new, by that do you mean from clients still in the /24 to the /23?  Because they won't be able to communicate with each other unless the switch has a default gateway configured.  The switch doesn't do any routing, so it has to send traffic for a different subnet to some sort of router that knows where that other network is.
  There is a setting under Administration > Management Interface > IPv4 Interface.  After you setup a static IP for the switch and change it's prefix length to 23 you can specify a default gateway for the switch.  At that point (assuming your router is setup correctly) you should be able to ping from the /24 to the /23 addresses.
  I got this info from page 257 of the admin guide, where there is a note about inter-subnet communication. That guide is available here:
  http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
  I'm assuming however you will eventually be transitionin your entire network to /23, in which case just make sure everyone is on the same subnet mask and they will be able to communicate just fine, even without a router.
  Hope that helps, but if I got something wrong somewhere let me know and I will take another look.
  Christopher Ebert
  Network Support Engineer - Cisco Small Business Support Center
  *Please rate helpful posts*

• SG300-20 - Configure DHCP on VLAN interface

  I have been reading the various related discussions on the SG300 and SG500 switches regarding setting up VLAN's and DHCP on those VLAN's.  For whatever reason I have been unable to even get this simple task to work.
  First thing I did was to update my firmware and boot version as follows:
  SW version    1.3.7.18 ( date  12-Jan-2014 time  18:02:59 )
  Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
  HW version    V02
  When I reloaded the SG300 after the SW/Boot updates the startup config was wiped out and I had to setup my switch from scratch.  The intent is to have two VLAN's:
  VLAN 1: all devices, servers, etc.
  VLAN 2: basic subnet that hands out DHCP addresses
  The SG300-20 is connected to an Asus RT-AC66U router on the 192.168.1.x subnet and provides internal network access and WiFi access (router IP address is 192.168.1.1 and is default gateway).  All that works with no issues.  So my task is simply to create VLAN 2 on 192.168.2.x subnet and use DHCP to allocate addresses.  I have spent many hours on this and I still can't get it to work.  When I connect a laptop to the port (GI8) assigned to VLAN 2, I end up getting some wonky 169.254.x.x address.  I certainly thought something this "easy" wouldn't be that hard to setup, but apparently I was wrong.
  The SG300 is running in L3 mode as shown in my running-config below.
  Does anyone happen to see something that might be preventing my laptop client from recieving IP addresses from the VLAN 2 DHCP interface that are not in the 192.168.2.x subnet?
  Any ideas / suggestions would be greatly appreciated!
  Here's my running-config:
  config-file-header
  MYSTICSW1
  v1.3.7.18 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode router
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  vlan database
  vlan 2
  exit
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  bonjour interface range vlan 1
  hostname MYSTICSW1
  logging host 192.168.1.15
  logging origin-id hostname
  username cisco password encrypted b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 privilege 15
  snmp-server location Office
  clock timezone " " -5
  clock summer-time web recurring usa
  clock source sntp
  sntp unicast client enable
  sntp unicast client poll
  sntp server 192.168.1.10 poll
  interface vlan 1
  ip address 192.168.1.254 255.255.255.0
  no ip address dhcp
  interface vlan 2
  name MysticWAN
  ip address 192.168.2.254 255.255.255.0
  interface gigabitethernet8
  switchport mode access
  switchport access vlan 2
  exit
  ip default-gateway 192.168.1.1
  Thanks in advance!
  Clint Lambert

  Tom,
  Thanks ... I followed the steps you outlined and it worked!  The only difference being that I have an Asus RT-AC66U router and the there is no "enable multiple subnet" option.  So, I just followed your instructions on creating the static routes in the RT-AC66U and everything worked.  The DHCP addresses were correct and I had internet connectivity when I plugged a laptop into the gi8 port.
  I did make one tweak to the Network Pools screen as follows:
  My DHCP configuration for gi8 on VLAN 2 now looks like:
  ip dhcp server
  ip dhcp pool network InternalWAN
  address low 192.168.2.1 high 192.168.2.99 255.255.255.0
  lease infinite
  domain-name MYSTIC
  default-router 192.168.2.254
  dns-server 8.8.8.8
  Previously I had followed your advice in the article "Need help configuring SG300-10 switch" and had setup everything using CLI.  However, I didn't think about needing the static routes.  So, I think it was probably setup correctly beforehand but had no chance to work because the routes were not setup.
  Thanks very much for your help!
  Clint

• SG300: MAC authentication with Radius VLAN assignment problems

  Hi,
  I just can't get the dynamic vlans working. I've tried everything, switch in L3 mode, switch in L2, several port configs, several tunnel configs in Radius server (freeradius 2.1.1)
  Here's the final switch config:
  config-file-header
  switchf460dc
  v1.3.7.18 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode switch
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  no spanning-tree
  vlan database
  vlan 12,100,110,666
  exit
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  dot1x system-auth-control
  no bonjour enable
  hostname switchf460dc
  line ssh
  exec-timeout 0
  exit
  encrypted radius-server host 192.168.99.93 key xXx priority 1 usage dot1.x
  logging host 1.2.3.4 severity debugging
  passwords aging 0
  ip ssh server
  snmp-server server
  snmp-server community public ro 192.168.99.93 view Default
  clock timezone " " +1
  clock summer-time web recurring eu
  clock source sntp
  sntp unicast client enable
  sntp server 172.16.1.1
  interface vlan 12
   ip address 192.168.99.170 255.255.255.0
   no ip address dhcp
  interface gigabitethernet5
   dot1x host-mode multi-sessions
   dot1x reauthentication
   dot1x authentication mac
   dot1x radius-attributes vlan static
   dot1x port-control auto
   switchport mode general
   switchport general allowed vlan add 100,110,666 untagged
   no macro auto smartport
  interface gigabitethernet6
   switchport mode access
   switchport access vlan 110
  interface gigabitethernet9
   switchport mode access
   switchport access vlan 12
  interface gigabitethernet10
   switchport trunk allowed vlan add 12,100,110
  exit
  ip default-gateway 192.168.99.1
  On the switch side I would expect VLAN 666 to be set but it's not there:
  switchf460dc#show dot1x users
                            MAC               Auth   Auth   Session        VLAN
  Port     Username         Address           Method Server Time
  gi5      0090dca15880     00:90:dc:a1:58:80 MAC    Remote 01:09:25
  This is the radius users file. It's a simple file for test.
  DEFAULT Auth-Type := Accept
          Tunnel-Type = VLAN,
          Tunnel-Medium-Type = IEEE-802,
          Tunnel-Private-Group-Id = 666
  I am attaching a screenshot of the Radius reply sent by the server.
  I also tried setting "copy_request_to_tunnel = yes" and "use_tunneled_reply = yes" as found in another post, no success.
  It may be that the tag is missing in the Radius reply? If yes, how do I add it?
  Any ideas?
  Thanks.
  Update Dec 11: I tried with FW 1.4.0, and using the same config the switch doesn't perform any Radius requests at all anymore.

  I was wrong when I said that 1.4.0 wouldn't work at all. I simply had a device connected which didn't produce much traffic. My bad.
  So 1.4.0 works as far as the auth is concerned, but no improvement as far as dynamic VLAN is concerned. So there is no improvement over 1.3.7, or there is a config issue.
  I have opened SR 633001533 although the last appointment for WebEx went by without anyone getting back to me. I'll try again on Monday.
  Feel free to get back to me if you need anything to make experiments. I'll keep this thread updated too.

• RV042G and SG200-18 Failed to work

  1) SG200-18 configuration
  - VLAN 10 and 20
  - VLAN 10: Port 1 tagged, Port 14 untagged
  - VLAN 20: Port 1 tagged, Port 13 untagged
  - Port 1: 1UP, 10T, 20T Admit tagged PVID 1
  - Port 14: 10UP Admit untagged PVID 10
  - Port 13: 20UP Admit untagged PVID 20
  Port 1 connected to Fiber ONT (On VLAN 10), Port 14 connected to RV042G WAN.
  Once RV042G LAN connects to SG200-18 (VLAN 1) port, RV042G WAN unable to get public IP and internet connection gone, port 14 showing "Discarding" under "Spanning Tree"
  Can anyone help?

  Thanks Dave for long long explanations!!!
  Here's my answer in RED:
  Hi Lian,
  You said the SG200 is a layer 2 router, it's a layer two switch. But this brings up a point which is,  Tom anf myself may be slightly misinterpreting your post.
  So I am going to ask a couple of questions  to better understand the setup.
  Does the ONT really transmit out  TAGGED VLAN frames  to my switch or does it only transmit to my switch untagged Ethernet frames. 
  1.    A way to test this , is can your PC plug into the ONT and get internet connectivity ?
  [lwloo]Yes, it transmit TAGGED VLAN, 10 for internet, 20 for TV, 30 for Phone. By connecting laptop without setting NIC virtual interface you will not get the internet ip address.
  2.    I'm guessing the ONT is just a Internet connection from SINGTEL for Internet connectivity, am I correct ?
  [lwloo]Yes, ONT is the Optical network terminal for Singtel Fiber internet connection.
  You show in your orginal post the following vlan configuration ;
  1) SG200-18 configuration
  - VLAN 10 and 20
  - VLAN 10: Port 1 tagged, Port 14 untagged
  - VLAN 20: Port 1 tagged, Port 13 untagged
  - Port 1: 1UP, 10T, 20T Admit tagged PVID 1
  3.    Is the diagram further up this post  correct or should VLAN1 be really  VLAN10 ?
  [lwloo]Sorry, my mistake on that diagram. LAN1 refer to port 1. The actual diagram:
  If the ONT presents you with just a copper  ethernet connection of untagged frames, i think the configuration of GE1 on the switch is wildly  incorrect.
  4.    Why do you have unagged vlan 1 on port GE1 ?
  [lwloo]If I remove vlan 1 from GE1, it be become internal vlan with 4095P added automatically.
     5    Why do you have tagged VLAN 20 on the GE1 (connection to ONT)  What is the purpose of VLAN20 ?
  [lwloo]VLAN 10 for internet, VLAN 20 for TV, VLAN 30 for Phone, VLAN 40 for Management.
  VLAN mode on GE1 is real suspect, in fact I cannot understand why you are using general mode on your switch ports. .
  [lwloo]Without choosing general I will not be able to choose “Admit Tagged Frame”; if I choose trunk, all option will be grayed out.
  VLAN interface General mode can be disruptive, as you have seen from your results, have a look at the description from the built in admin guide by pressing the help icon in the top right hand corner of your screen.
  here is a acopy of the help text from my SG300 series switch.
  Interface VLAN Mode—Select the interface mode for the VLAN. The options are:
  •    General—The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
  •    Access—The interface is an untagged member of a single VLAN. A port configured in this mode is known as an access port.
  •    Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port.
  Arghhh  that always raises a warning sign.  General mode allows a untagged switch port to be members of many VLANs..wow... useful if you are using radius to allocate a VLAN to a 802.1x PC client, but it seems dangerous in your application.
  Why is GE1 of the switch in General mode, why not leave all ports  in the default trunk mode    it's safer
  [lwloo]I will try later.
  (note: trunk mode allows for one untagged VLAN by many tagged VLANs )
  If the ONT transits untagged frames to the switch and is just a Internet connection.the try the following steps to get the Internet to the wan port of the RV042G.
  [lwloo]No, if ONT transits untagged frames then life will be much more easier. 
  step 1.  OK leave the ingress port GE1 in trunk mode, in fact all ports to trunk mode.
  step 2.  Add vlan10  as untagged member of  GE1. (you may have to exclude VLAN1)
  Step 3.  Make switch port GE14 a untagged member of VLAN10  ( you may have  to exclude VLAN1 from GE14.)
  If the ONT is transmitting multiple tagged VLANS into your network the above three steps wont work.
  So lets see some answers to my questions above, as i think i can spot a configuration issue if my assumptions are correct.
  Regards Dave

• SG300 - Separating network using vlan?

  I am wondering what the best way to separate a network, both data, on a cisco SG300. I do not want network 1 to able to communicate with network 2 or vice versa.  I have one server for DHCP for network 1, 192.168.1.X. I would like network 2 to have ip of 10.0.0.X, can the cisco SG300 do dhcp for this vlan?
  Thank you for your help,
  Brian

  Hello Brian, the SX300 series do not support any DHCP service, you will need a router or a DHCP box for this. The SX300 can separate traffic with VLAN. However, as the default layer 2, all request will go to your router then route to the destinations. As the switch in layer 3 mode, you may have local connectivity, however, if your router does not support the vlans or dot1q encapsulation, the router would require static routes for those subnets to be able to correctly route to the internet.
  -Tom
  Please rate helpful posts

• SG300 inter-VLAN routing and MAC address changes in incoming packets

  Hello
  I have SG300-20 working in Layer3 mode
  VLAN1 is not used
  Internet gateway is in VLAN211
  Clients are in other VLANs
  Switch is default gateway for clients and itself has internet gateway as default route.
  MAC address of switch is XX:XX:XX:XX:XX:63
  When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
  But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
  Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

  Hi Robert,
  I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
  When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
  Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
  Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
  Thanks,
  Chris

• SG300-28 VLAN`s

  I would like to swich SG300-28 grouped into separate VLAN ports. (firmware ver. 1.3.7.18)   L2 mode
  1 separate vlan - Ports 1-4
     - Connected to port 1 on the router DHCP1 link
     - To ports 2-4 - stations that receive addresses from DHCP1
  2 separate vlan - Ports 5-8
     - 5 connected to the port of the router dhcp2 link
     - To ports 2-4 - stations that receive addresses from dhcp2
  problem: dhcp addresses are collected only for the subnet jedenj either of DHCP1, or from dhcp2
  For srw2016 I had no problems, and SG300-28 have no idea how to do it :)
  Can you suggest how to do it?

  Hi,
  As your configs do not show any GVRP configuration my view is that you have created vlans at both boxes in the static way. If this is the case the vlan configurations at both ends would show discrepancy as for the vlan 10 name (you can check via the "show vlan" command at both boxes).
  Can you please try to add the "name data" under "interface vlan 10" at L3 or delete the same line at L2 and then see if there is any progress.
  Best regards,
  Antonin

• Multiple VLANs over 1300 series bridges

  Hi
  I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
  Many thanks
  Simon

  Hi Simon,
  Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
  Regards,
  Milton Tizoc.

• Cisco 300 series: my PCs cannot reach the 2nd subnet

  Dear Community/Support:
  setting up our new series 300-28 in Layer3 Mode with a very basic network setup:
  LAN: 192.168.0.0/24
  VOIP Switch: 10.128.0.1 -- attached to GE24
  default VLAN1- 192.168.0.254
  added IPv4 Interface: GE24-10.128.0.254
  which added the IPv4 route to the subnet 10.128.0.0
  which added the ARP entry for 10.128.0.1
  so in the admin interface the 300 can ping 10.128.0.1,
  but my PCs in VLAN1 cannot reach it at all.
  300-28 has DHCP enabled, IP Range 192.168.0.9-99/24, Gateway 192.168.0.254
  Help Please,
  i simply fail to understand why :(

  Sorry I don't really know the 300 series range of products. On other devices you would need to enable IP routing.
  Have a look at this link it talks about changing the system mode to layer 3?
  https://supportforums.cisco.com/discussion/11520346/cisco-sg300-10-how-set-inter-vlan-routing

• VLAN on RVS4000

  Hi. I have an RVS4000 with firmware V2.0.0.3 .
  I have set up 2 VLAN on with ip 192.168.1.1 and one with ip 192.168.1.1 .
  The VLAN's is not working properly, i can ping between them. Any idea's?

  Hi Øyvind
  I guess that the DHCP server in VLAN1  is allocating  192.168.100.1 as the gateway address for devices on that vlan.
  I guess that the DHCP server in VLAN2  is allocating  192.168.200.1 as the gateway address for devices on that vlan.
  Well you might as well set port 2 to VLAN access mode,  as by the sound of it, you have a switch connected to port 2.
  Can you confirm  that the  switch connected on RVS4000 switch port 2 only contains IP hosts that will only connect to VLAN2.  Is that correct ?
  Øyvind, you stated in your original post, "i can ping between them"   this sounds like the correct behaviour.
  What are you trying to achieve, what behaviour do you want to occur;
  1.  Not allow traffic in seperate VLANs to communicate ?
  2.  Allow traffic in seperate VLANs to communicate ?
  I prefer to use a managed switch  connected to a router, such as a SG300 series product to provide Access-List functionality, to provide granular access control, before the packet hits the router.
  What are you really  trying to acheive?
  regards Dave

• WAN Vlan optimization between 2 Data Centers - 4451 Router

  Hello Group gurus,
  I have little odd question 
  We have 2 Data Centers, we have dedicated 1Gig link across them. we want to optimize certain Vlan traffic across them. 
  we have 4451 routers installed at each location and OSPF running for end subnets to know each other. but that is routing part completed.
  however how can we utilize UCSE chassis of 4451 to optimize vlan traffic across data center is still a query.
  I tried to find out document on google but specific to my requirement has not seen on.
  if someone already set up this type of scenario, please help.
  Thanks in advance

  Hi John, I think it's best to use the right equipment for the job. If you've already got a router in place and you're not in a campus/metro/ISP environment, it's not really prudent to use another router. A simple layer 2 or layer 3 switch can accomplish this and give you plenty of ports at a much better price per port.
  You may want to look in to the SG300 series switch if you want something that can handle route load and give ample amount of ports.