How to setup VLANs on a Cisco SG 300-20 Managed Switch

This article will show how to setup a Cisco SG 300-20 switch to work on a home / office network.

First of all you need to change your System Mode to Layer 3.

To get to the Console,  you can either use the provided serial cable and login with the default userid/pw, or by enabling SSH.

Choose System Mode

Choose Edit, then hit your space bar to toggle the Layer 2 over to Layer 3. Save that and reboot. Important – This will erase everything so backup or make notes


Once the system comes back browse over to the Web GUI interface.

Choose “VLAN Management / Create VLAN” and enter as many VLANs as you like.

After you create the VLANs, you need to setup the IPv4 Interfaces.

Choose “IP Configuration / IPv4 Interface” and add VLAN 2

Things should look like this

Now you want to Untag the Ports that will be included in your first VLAN.
Change your VLAN ID to 2 and hit GO.
Then untag the port that your first computer is connect to (GE20 in my case on VLAN 2)

Then under “Interface Settings” you need to change the port to Mode = Access for VLANs to work properly.

Choose GE20 and Edit

Finishing Touches (Routing)

I needed to add a route to my Router using the “IPv4 Static Routes” page.

And also a reverse route on my Router which is a DD-WRT.

And this is my routing table on my DD-WRT


7 comments

Skip to comment form

  1. do you still need to assign ports to vlans?

  2. Hi Dave,

    I’m having a hard time understanding this

    Forbidden
    Excluded
    Tagged
    Untagged

    basically if i’m setting the port as Trunk what shall I enter?.. if i’m setting the port as Access what should it be?

    thank you

    1. From Cisco Admin Guide

      Forbidden
      —The interface is not allowed to join the VLAN even from GVRP
      registration. When a port is not a member of any other VLAN, enabling this
      option on the port makes the port part of internal VLAN 4095 (a reserved
      VID).

      Excluded
      —The interface is currently not a member of the VLAN. This is the
      default for all the ports and LAGs. The port can join the VLAN through GVRP
      registration.

      Tagged
      —The interface is a tagged member of the VLAN.

      Untagged
      —The interface is an untagged member of the VLAN. Frames of
      the VLAN are sent untagged to the interface VLAN.

      Multicast TV VLAN
      —The interface used for Digital TV using Multicast IP. The
      port joins the VLAN with a VLAN tag of Multicast TV VLAN. See
      Access Port
      Multicast TV VLAN
      for more information.

      PVID
      —Select to set the PVID of the interface to the VID of the VLAN. PVID is
      a per-port setting

  3. im having problem with this. i can’t play the intervlan. different vlan cannot ping to each other .huhu any help

  4. Thanks malpass
    Please help
    I can’t able ping my gateway through my pc on vlan
    My topology with SG300 as below

    DSL Linksys router 192.168.1.1
    Vlan 1 192.168.1.2
    Vlan 10.192.168.10.2
    Vlan 20.192.168.20.2

    Static route

    192.168.10.0 sub 255.255.255.0 gateway 192.168.1.2

  5. Probably the reverse route on your Linksys? Check you have both the forward and reverse.

  6. Hi, can you explain why we need to put the switch in to layer 3 to enable vlans? Is the SG300 not capable of supporting vlans in layer 2 mode?

Leave a Reply