Comments on: Setting up VLANs Cisco SG300-20 Switch

RSS Channel: Comments on: Setting up VLANs Cisco SG300-20 Switch
Virtualization, Howto's, Tips, Reviews

Generator:	https://wordpress.org/?v=6.2.2
Docs:	http://blogs.law.harvard.edu/tech/rss

By: Brandon Lee
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7601">Nick King</a>. Nick, Yes exactly. I don't see in that scenario that you would need additional static routes. Brandon

By: Nick King
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7600">Brandon Lee</a>. Hi Brandon, Yes, thank you, that makes perfect sense. It's purely for a lab environment, so no requirements for a DMZ. I was thinking (as I also have an unmanaged Netgear Gigabit switch (JG5524) that is currently connected to the ISP modem (i.e. anything connected to that receives a DHCP address via the ISP)), to use that as the Management LAN? Then, use the Cisco SG300-28 for the other LANs (separated in VLANs) - i.e. Storage/ISCSI, vMotion/HA/DRS and vmnic. In that scenario, in theory, I possibly wouldn't need to add static routes? Essentially, just playing around with a "live-like" (or close to) environment in my lab for testing/learning purposes. Anyway, it's all fun - at some point within the next couple of years, I will probably look at getting 10 Gigabit switches/NICs, so it'll only be a "temporary" lab anyway! Cheers, Nick

By: Brandon Lee
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7599">Nick King</a>. Nick, No problem. To answer your question about needing a configurable WAN router, that depends on your VMnet traffic mainly. Do you have VMs that you need to have on separate VLANs that need to be able to route traffic to the Internet? Typcially, with VMware traffic you mention, such as storage, vmotion, etc, these don't need to be routed anywhere and can exist on VLANs that don't need to talk to any other subnets. Also in many smaller environments it is typical to see VMware management traffic simply exist on VLAN 1 or default VLAN without anything special configured. If though for instance, you had a few VMs on the VM host that need to be separated from VLAN 1 traffic such as DMZ servers, you might need another VLAN to separate these VMs from the rest. If they need to route traffic to the Internet which in that case most likely they would, you would need to be able to have an ISP router where you could add routes back to the SG300-28 if you had routing turned on the SG300-28 as is mentioned in this post. Let's say you had the following: VLAN 1 - 192.168.1.0/24 - Management network, etc. SG300-28 switch is assigned the IP 192.168.1.1. Our WAN/ISP router is assigned IP address 192.168.1.254. VLAN 10 - 192.168.10.0/24 - DMZ VLAN 50 - 192.168.50.0/24 - iSCSI VLAN 60 - 192.168.60.0/24 - vMotion The subnet we care to route traffic to the Internet above is VLAN10/192.168.10.0/24 subnet. So on the SG300-28 our default route will point to the WAN/ISP router, so ip default-gateway 192.168.1.254. On the WAN/ISP router, we would need to create a route back to the DMZ subnet so that return traffic would route back to the DMZ VLAN/subnet. So we would create a route like so: ip route 192.168.10.0 255.255.255.0 192.168.1.1 (Note here we use the IP of the SG300-28). The WAN/ISP router would send the DMZ return traffic back to the 192.168.1.1 interface on the SG300-28 and then the SG300-28 would route the traffic back to the 192.168.10.0/24 DMZ subnet. However, if none of the above is true about the VMs, you wouldn't have to have a new router sitting at the WAN as the VLAN 1 subnet traffic would route normally through your WAN/ISP router and the vMotion, iSCSI, etc, traffic is simply contained in the VLANs on the SG300-28. Make sense? Hope this helps. Brandon

By: Nick King
Hi Brandon, I know this is an old post, but this is exactly what I'm going to attempt to undertake within the next couple of days on my Cisco SG300-28. My overall aim is to setup multiple VLANs to separate VMware traffic (i.e. Management, Storage, HA/VMotion/DRS, VMnet). In order to do this, would I also need an additional router, as my only current router is an ISP Cable Modem/Router which isn't that configurable? I've read that it's possible to take an old router and effectively use that as a bridge between the Layer 3 Switch (Cisco) and the ISP Modem/Router by using DD-WRT? Would this suffice, or would the easiest method be to purchase a 2nd-hand Cisco (e.g. rv325 or a 1921) router and configure it that way? Many thanks, Nick

By: er.hardy mann
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7509">Brandon Lee</a>. Hi brendon can u come at skype my id is hmann_15, coz m not able connect asa with sg300 l3

By: Brandon Lee
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7506">er.hardy mann</a>. er.hardy mann, Sure you would just need to create subinterfaces to the g0/2 port on the ASA tagged with the appropriate VLAN for each subinterface and then have those VLANs tagged on the sg300 port 24 in a trunk port.

By: er.hardy mann
Hi brendon, I am using asa 5510 but i wanna use only one port from asa, g0/2 which is configured for 192.168.0.2/24. Can i use this port as vlan 10,20,30 in sg300 24 port.

By: Brandon Lee
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7501">Erlwin de Gans</a>. Erlwin, The switch doesn't have to be in layer 3 (routing turned on) for VLANs to work. If you are using a downstream router to route your traffic, then you don't have to turn on routing on the switch. If you wish to use your switch to route traffic between your VLANs then you will need to turn on routing to do inter VLAN routing. With that point noted, you can have it in layer 2 and have your VLANs tagged accordingly and be able to have network connectivity from your macbook to other devices on the other VLANs as long as your macbook has the VLANs tagged and has appropriate IP addresses assigned and the switch can be in either layer 2 or layer 3. Does that make sense?

By: Erlwin de Gans
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7499">Brandon Lee</a>. Hi Brandon, Thank you for your reply. I have indeed setup all the VLAN's on my Macbook with their own IP's in the range of each VLAN. Would this setup also work when the switch is in layer 2 and I use the management VLAN on the switch to connect to or do I have to be in layer 3?

By: Brandon Lee
In reply to <a href="https://www.virtualizationhowto.com/2015/06/setting-vlans-cisco-sg30020-switch/#comment-7498">Erlwin de Gans</a>. Erlwin, Sure thing. What you are trying to accomplish is fairly easy. You would need a trunk port in this case with all the VLANs tagged as you mentioned. Also, your macbook would need an IP address from each VLAN subnet to communicate at layer 3 once you have all the VLANs setup on your macbook as it sounds like you have already done. Hope this helps!