What's new

Home Network Revamp

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What I tried to do was summarize the various threads all related to this topic and create a step by step summary. I will try and find a thread on the Cisco Small Business but I have had no luck so far - any chance you could provide a link?
 
OK - that was one of the threads I used as a template. the other was titled "How to setup a Guest network on a Cisco SG-300-28 layer 3 switch".
 
OK - that was one of the threads I used as a template. the other was titled "How to setup a Guest network on a Cisco SG-300-28 layer 3 switch".

That was another one. I picked the one I posted because is was a Cisco SG350 L3 switch which is your model. There are a few differences between the SG300 L3 switches and the SG350 L3 switches. I would like to play with the new Cisco CBS L3 switches. Hopefully I will pick one up before long. The little Cisco SG350-10P L3 switch is working real well for me. It is very smooth and fast. I think I found a couple of firmware bugs with POE+ usage and NTP time sync. But it could be me.

At some point you will want to add a router VLAN to where the router is the only device in the VLAN using a 30 bit mask. So I use 192.168.10.1/30 for the router and 192.168.10.2 for the 1 access port in the router VLAN on the L3 switch. Your default route on the L3 switch will need to point to the router IP address 192.168.10.1 and the route statements on the router will need to point to 192.168.10.2 on the L3 switch. The RV340 router will not have any VLANs defined to it as it is just a router and will route traffic to the L3 switch which knows all the VLANs.
 
Last edited:
OK, have updated the firmware and have started looking at my configuration plan. Just to refresh, here are the main components:
  • 1Gpbs ISP service with Modem (Bridged)
  • RV340 Router with Security License - will be the gateway to the internet and run IPS signatures - possibly antivirus signatures if it does not slow down access
  • SG350X-26P Switch - will do all Routing, will connect to the WAP571s with 2 port LAGs
  • SG250X-48 Switch - generally connects to all household wired systems
  • SG200-08 Switch - generally connects Basement AV system
  • WAP-571 (x3) setup in Cluster, one per floor (may add one additional in Garage)
Here are some initial questions:
  1. When I am configuring the DHCP Pool for VLAN 1, do I need to set up the default Router IP address (Option 3)? If so, I am assuming it would be “User Defined” 192.168.1.254 with the “Domain Name Server IP Address" set up as 192.168.1.1? If not, I leave it in "Auto"
  2. When I am configuring ports:
    • Confirm the port from router to SG350X will be an access port?
    • Confirm the ports to the WAPs will be trunk ports?
    • Confirm the ports to downrange managed switches are access or trunk?
  3. Confirm I need to set up the layer 2 SG250X switch the same way (VLANS etc.) as the SG350X layer 3 switch? I assume yes as I may have have ports assigned to different VLANS. Does this change if all ports on the SG250 are assigned to the same VLAN? Same question for the SG-200
  4. I am at a bit of a loss as to how to do the static routing for the various IPV6 settings. Is this required? What happens if I do not set them up?
  5. I have several VLANs planned per previous post. VLAN 1/20/30 need to access to VLAN 10 (server and printer). VLAN 50 needs accesses to the internet and each other’s devices and the Guest VLAN 66 needs accesses only to the Internet. How is this done?
  6. When I am configuring additional VLANs (Say VLAN 10), is the default gateway the same as VLAN 1 (192.168.1.254) or is it on the same subnet (192.168.10.254)?
That should get me going - thanks in advance - Jason
 
All DHCP scopes live on the L3 switch and DHCP IP addresses should point to the L3 switch for gateway IP addresses. You will have 1 gateway IP address per network.

The router port on the SG350X needs to be an access port. There are no VLANs defined on the router. So factory reset the router and turn off DHCP server.

The WAP ports need to be trunk ports where a SSID is assigned a VLAN.

Yes, for home use you can use a trunk port to the other switch. If you are going to run LAGs on your WAPs then you need to run LAGs on your trunk ports. You might use a routing protocol for this but not at home. And your switches do not support it. There may be a reason to run multiple L3 switches but probably not at home.

Setup the needed VLANs on the extra switches in the trunks. You do not need all VLANs. With the SG350X you can define what VLANs you want in your trunk. So different trunks may have different VLANs defined to it. There is no reason to use bandwidth for VLANs not being used in a trunk port.

You need intervlan routing turned on. Then use ACL to limit access.

Skip IPv6. This is a IPv4 setup.

If you want to go slow start with VLAN1. Get it working then add another VLAN. You can do them one at a time until you get the hang of it. By the time you finish you will be a pro at adding VLANs. This is why I set this up without a router VLAN to start with.

PS
You may want to hard code QUAD9 9.9.9.9 for DNS right now in the L3 switch if you are going to add a router VLAN because DNS will break when we change the router IP address. Then after the router VLAN is added you can point to the router for DNS.
 
Last edited:
So very frustrated. Played with this all day and cannot get internet connectivity through the switch. I am clearly doing something very basic incorrectly.

RV340 IP is 192.168.1.1 - do not want to change this if I do not have to
I can log into the SG350X Switch via 192.168.1.254 when I connect directly to a computer

I launch the configuration wizard, IP Settings-> Select VLAN 1 -> Select static -> Enter IP Address (192.168.1.254) -> Enter Network Mask (255.255.255.0) -> There is a selection to enter an Administrative default gateway -> DO I enter anything here? If so what? I thought the the default gateway was to be 192.168.1.254 then there is DNS (9.9.9.9). Is this where I am making a very basic error? Should I not be using the configuration wizard?

From here I enable DHCP on the switch - correct?

Then add DHCP Pool - This I understand though it is unclear if I need to define a "Default Router IP Address (Option 3). If I do, I would use "User Defined" and enter what? The IP of the RV340? Other Options?

Defining Ports I think I am good with.

To Add a Static Route to point the switch to the router is likely also where I am making an error: I need to fill in the following fields:
  • Destination IP Prefix (what do I add here?)
  • Mask (255.255.255.0)
  • Route Type (Remote)
  • Next Hop Router Address (what do I add here?)
  • Metric (Use Default I am assuming)
If someone could weigh in here and fill in the blanks I would be much appreciated. I have reset the switch to factory defaults with the current firmware already applied.

Jason
 
I actually have not used the wizard on the switch. VLAN1 is defined on the switch so you only need to add the network to VLAN1. So go down to the IP address and add the network 192.168.1.0 255.255.255.0 with the IP address for the switch 192.168.1.254 255.255.255.0. I assume the IP on the switch is 192.168.1.254/24. Let me know if it is different.

DID you add an access port to VLAN1? You need to use an access port to connect the RV340 router to. The SG350X may now default to an access port I just can't remember to many switches.

To add the static route
Destination IP prefix is 0.0.0.0 0.0.0.0
remote
Next hop router address 192.168.1.1
Metric 1
Outgoing interface VLAN1

If you need more help I will need screen captures. I can list what I need.

I will need screen captures of the following
IPv4 interface
IPv4 Static routes
IPv4 Forwarding table

If you are having trouble with DHCP I need
under DHCP server I need network pools.
 
Last edited:
OK, well nothing like a little early morning networking to really make you feel like you have no idea of what you are doing .....

Here are the screen captures you reference - what am I doing wrong?
1600009143020.png

1600009174411.png

1600009191717.png

The SG350X does indeed default to an access port currently all the ports and the 2 Port LAG I created all show 1U.

I think the network Pool is created correctly - here is the chart and the settings from the GUI:
1600009367383.png

1600009378973.png

It all seems to go well until I hook up the RV340 - there is no internet connectivity regardless of whether the DHCP server is enabled on the Switch or not and regardless of whether the DHCP is enabled on the RV340 or not .......

Thanks in advance - Jason
 
It looks right to me. So, you have a PC plugged into an access port on the SG350X switch. What can you ping? Ping gateway 192.168.1.254? Ping 192.168.1.1? What is the ipconfig /all on the PC?

What version of firmware are you running?
 
yeah .... I am not sure what is going on. Took a break after my post - had some lunch, figured I would try once again and see what I could ping. uuhhhh it all seems to be working just fine now - typing from the PC connected to the SG-350X, and to the router. I can ping both 92.168.1.254 and 92.168.1.1.

(Edit, I may have rebooted the router before lunch ....not sure if that was a factor)

Anyway - taking the win. Now what's next? Do I need to do anything to the router? I do want to create additional VLANS as well which will be required for my wireless setup. And I will need to configure some ports as trunks for the WAPs and the other switches.
 
Next you add VLANs. Then add IP networks. Then you need to add ports and LAGs. Now you can work on the other equipment. Add the same VLANs to your other switch. Connect a trunk port LAG. Now assign ports to VLANs. The wireless you just create a trunk port for which can be LAG or not.

PS
Make sure you only add the VLANs you need for the trunk ports otherwise your network will run slow.
 
Last edited:
For the WAP 571 I can use a two port LAG. The LAG is defined as a trunk - are the ports as well? I defined the LAG as a Trunk but the ports still show Access. Only one of the WAPs will be on LAG for now but I have planed the ports to allow others to be lagged as I run the wire.

Also, the VLAN Wizard crashed the Switch so I will do this manually. First step will be to add the VLANS - straightforward. Then, I will have 4 VLANs I suppose on the WAP, 20 - Home (wireless laptops and printer share), 50 - I of T (bulk of wireless devices) and 66 - Guest. Guest is wireless only and will be isolated from everything but the internet. But 20 will need access to 10 - Server as might some devices on 50. Is this done via ACL/ACE? Was also planning on connecting the wired printer connection to VLAN 1 but have the Wireless printer connection on VLAN 20. Do you think this will work?

Also, if all devices on a downrange switch (i.e. the SG200-08) will be on the same VLAN, does it need to be a trunk? Can I not just assign the port as an access port to VLAN 50 and then all the devices will be on that VLAN or is it better to keep the switch on VLAN 1 which was the primary plan?
 
Also please confirm I need to add additional IPv4 Interfaces as static 192.168.10.254 255.255.255.0 for VLAN 10 and so on?

Do I need the Static routing or does the 0.0.0.0 0.0.0.0 to 192.168.1.1 catch them all?

And what if anything do I need to be adding to the RV340?
 
Yes the wireless should be a trunk, LAG is fine.

Yes the SG200-8 should also be on a trunk using the same VLANs defined on the L3 switch. But again, only define VLANs on the trunk which are used by the SG200-8 switch

For each VLAN you setup you will need to add a static route on the RV340 router pointing to the L3 switch IP 192.168.1.254. But not 192.168.1.0 because it is directly connected to the router and the router automatically knows directly connected networks. The default route on the L3 switch will catch all the routing.

PS
On the next Cisco L3 switch I setup I will try the wizard and see if I can get it to work. The last SG350-10P I setup I just added all the VLANs including the router VLAN and then added all the IP networks and addresses. I then changed a few port settings. Oh, my RV340 router was already setup for the last L3 switch. Then I plugged it in and it worked. There were a few things I needed to fix but it basically worked.
 
Last edited:
Get to the point you were at and we can do the router VLAN before you finish. Pick a VLAN? like 11 or 20 or what ever.
 
For each VLAN you setup you will need to add a static route on the RV340 router pointing to the L3 switch IP 192.168.1.254. But not 192.168.1.0 because it is directly connected to the router and the router automatically knows directly connected networks. The default route on the L3 switch will catch all the routing.
So on the Static Routing of the RV340 I add
Network: 192.168.10.0
Mask: 255.255.255.0
Next Hop: 192.168.1.254
Metric: What do I add here?
Interface: Leave as WAN1

Correct? Then repeat for all the other VLANs other than VLAN 1 - and nothing in IPv6? Will we set this up at some point?
 
Last edited:
Need to change the Router to a static IP as well and shut down the DHCP. Could use some direction here as well.
 
Yes.

I think you are missing DNS in your DHCP scopes. I point to my router for DNS. My router has QUAD9, 9.9.9.9 defined to it. I have my DHCP scope on the DNS set to other with my router IP. Maybe it works your way also. Does ipconfig /all show DNS?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top