Menu
What's new
By:
Filters Better Search

Help with VLANs on Cisco SG300 with Netgear FV336G

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ekhoo

ekhoo

Occasional Visitor
Hi,

I have 4 SG300-28P switches in L3 mode.

They are connected to a Netgear FV336G Dual WAN router which provides 3 networks (VLAN1, VLAN 30 and VLAN 40), it has 3 different DHCP scopes for each VLAN. VLAN1 = 192.168.101.x, VLAN 30 = 192.168.30.x and VLAN 40 = 192.168.40.x.

I have 6 WAP321 with 3 networks (SSID) corresponding to the 3 VLANS. I can access only VLAN 1 so I can get DHCP 101.x but not the other 2 VLANS. All switch ports currently are set to Trunk. The switches are connected via 2x1G LAG Links. Also set to trunk mode. When I directly connect to the Router, I can create a VLAN interface (30 or 40 for example) and that will pickup the IP address as needed.

Anything I'm missing out in the config?

See attached diagram that may help explain better what I'm saying above. Port connected to Router is also configured as Trunk. (yeah, the diagram states 4 VLANs... right now, only 3).
 

Attachments

  • Presentation1.png
    Presentation1.png
    114.7 KB · Views: 898
Make sure your trunk ports and LAGs are all untagged VLAN1 and tagged VLAN30,40.

The AP's need to be on a trunk port and their LAN configured for VLAN1. The AP SSID can then be tagged VLAN30 or 40 as needed.
 
If you followed my example as I replied under my thread you need to change the router's port to be an access port so the L3 switch will do the VLAN routing since each VLAN has a different IP network. This means all DHCP needs to run off the L3 switch not the router. And there needs to be a routing statement on the router for each network (VLAN) other than the base (default)network which the router resides in connecting to the L3 switch.

You also need to strip all VLANs from the router. No where in my example did I setup a VLAN on the router.

http://www.snbforums.com/threads/ho...co-sg300-28-layer-3-switch.26964/#post-203931

PS
This will work at layer 3 we just need to adjust your configs.
 
Last edited:
The beauty of the layer3 switch is it runs and controls the local network. The router is no longer needed except to open and close the front door to the internet. You should be able to unplug the router and the local network runs fine without internet access. ALL sharing and not sharing still works locally without the router.
 
Thanks chadster766 and coxhous. Will try that on Monday and report back my findings. In a previous building, I had a similar config except each VLAN had separate routers (access port 1P for VLAN 1 and accessport 10T for VLAN10) so I didn't get this single router problem...
 
chadster 766 got it. I always thought trunks carried all VLANs and did not require them to be tagged.
Right now (I'm doing this at home and not at the production site) what I have is:
Netgear FV318 (single WAN router vs dual-WAN) - Port 1 carries VLAN1, VLAN10 and VLAN20.
SG300-10PP switch - Port 1, 9 and 10 are configured as Trunk 1UP, 10T and 20T, all other ports are Trunk 1UP.
SG300 Port 10 connects to Netgear Port 1.
SG300 Port 9 connects to Cisco WAP371 (3 SSIDs, VLAN1, VLAN10 and VLAN20).

Laptop to SG300 Port 1,2,3,4 etc get 192.168.1.x DHCP (VLAN1). Configure Virtual Interface with VLAN20 and I get 192.168.20.x.
Using Wireless SSID2 - VLAN10, I get the 192.168.10.x network. For LAN ports that need to be specific VLAN, I change them to access ports and only tag the specific VLAN, i.e. Port 3 for VLAN10 is Access 10T, 1F, 20F.

Looks like on the production site, I need to tag the trunks and the LAG ports used for inter-switch connections, i.e. on the SG300-28 Port 27-28 LAG1 needs to be also 1UP, 30T, 40T. Thanks a million guys.
 
If you are going to use trunks to the router why use a layer3 switch? All you need is a layer 2 switch. You will have a faster network if you let the layer3 switch handle the local VLAN routing rather than the router. A layer 3 switch can always switch faster than a router if for no other reason than their backplane is bigger.

PS
I don't see how people don't understand this.
 
Last edited:
coxhaus said:
If you are going to use trunks to the router why use a layer3 switch? All you need is a layer 2 switch. You will have a faster network if you let the layer3 switch handle the local VLAN routing rather than the router. A layer 3 switch can always switch faster than a router if for no other reason than their backplane is bigger.

PS
I don't see how people don't understand this.
Click to expand...
Yes you are right; but Layer 2 is a good place to start.

I do recommend that Layer 3 be enabled on all switches capable of it when first added to the network. This is a good idea because the configurations are typically deleted when Layer 3 is enabled. I've learned this the hard way :)

Having Layer 3 enabled doesn't hurt anything, it's can just be unused until implemented.

Layer 3 switch routing does add some complexity to the network and really complicates NLB. NLB Multicast Mac Addresses in the Cisco SG series are impossible.
 
I think working at layer 2 is developing bad habits when you are building networks. You build much better infrastructure using layer 3 especially if your are going to grow your network.

Right now with a gig internet pipe the routers cannot keep up. You add routing for the internal network and you incur more lag time on the router. It is now time to start letting the switches handle the local networks and save the router for the internet.

PS
Good to know about multicast. I can't think of a reason I will use it at home so I may be alright. The Cisco SG300 switches are not as good as the pro Cisco switches but they are more affordable for small networks. I think almost any layer 3 switch is better than a layer 2 switch so it is what we have. It sure would be nice to run protocol routing between the router and the switch so you don't have to input all those static route statements. Maybe the next generation will have protocol routing.
 
Last edited:
Well, what I could do is make 3 access ports - VLAN1, VLAN30 and VLAN40 on the production switch and assigned each one to a dedicated router port. That will work too I think. Total users is about 30 on 2 networks. Guests might reach 400-500 (it's a public venue) so I might let the switch do the DHCP/routing for that in the near future.

WAN Links are 20mbps and 10mbps, the router is doing the NLB.

Thanks guys - yeah, one step at a time.
 
If you don't want to use the switch for DHCP, Microsoft makes an excellent DHCP server which will scale very well. You need to turn on DHCP RELAY on the switch pointing to the Microsoft DHCP server. This will allow multiple networks to forward DHCP requests to one IP address. Under Microsoft DHCP server you setup multiple scopes one for each network(VLAN).

What you are going to find out is it becomes very easy to change routers in the future as there is no DHCP on the router. The router just becomes a front door to the internet. You will be able to change routers in a matter minutes because you only have one IP address to worry about which is the router's IP address.
 
Last edited:
Thanks Coxhaus. What you've suggested is quite good and I think it'll be something I'll do in the near future. At the moment, I prefer to have more appliances than servers since they don't have any support staff onsite if anything goes wrong. Switches tend to last kind of forever.

I am however going to set my home network the same way as you did since I do have my switch on L3 mode and will be able to have a the guest network on a separate VLAN.
 
oletuv said:
Should not multicast be enabled on video VLANs, e.g. IPTV ?
Click to expand...

Multicast is used for when broadcasting to multiple people same program same time to like a school class room. For a single video stream to a single point no need to use multicast. Multicast saves bandwidth if you are going to have 30 people watch the same program at the same time so there would be 1 video stream to 30 people.
 
coxhaus said:
Multicast is used for when broadcasting to multiple people same program same time to like a school class room. For a single video stream to a single point no need to use multicast. Multicast saves bandwidth if you are going to have 30 people watch the same program at the same time so there would be 1 video stream to 30 people.
Click to expand...
This excellent example made me understand how multicast works. Thank you very much, coxhaus.

Ole
 
You must log in or register to reply here.

Similar threads

Maverick009
Ienron switches any good for managed switch?
Replies
4
Views
1K
Maverick009
Maverick009
F
VLANs on AIMesh nodes, is this feasible today?
Replies
4
Views
864
fulvion75
F
ToasterPC
OPNSense VLAN tagging with Merlin routers as AiMesh APs
Replies
0
Views
1K
ToasterPC
ToasterPC
drinkingbird
Tutorial How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)
2 3
Replies
57
Views
17K
tiddlywink
T
jetonr
DSL-AC68U with 3 SSID and 3 VLAN as AP slow and unstable!
Replies
5
Views
1K
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
A Help needed with used QNA-T310G1S Switches, NICs and cabling 0
O Cable selecting help for 5 attached townhomes Switches, NICs and cabling 8
A New camera wiring problem - hope someone can help! Switches, NICs and cabling 7
C Cisco NEW Perpetual Licenses for the Catalyst 1200 and 1300 Switches Switches, NICs and cabling 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 689 (members: 30, guests: 659)
Top