Aug 09

How to setup VLANs on a Cisco SG 300-20 Managed Switch

This article will show how to setup a Cisco SG 300-20 switch to work on a home / office network.

First of all you need to change your System Mode to Layer 3.

To get to the Console,  you can either use the provided serial cable and login with the default userid/pw, or by enabling SSH.

Choose System Mode

Choose Edit, then hit your space bar to toggle the Layer 2 over to Layer 3. Save that and reboot. Important – This will erase everything so backup or make notes

Once the system comes back browse over to the Web GUI interface.

Choose “VLAN Management / Create VLAN” and enter as many VLANs as you like.

After you create the VLANs, you need to setup the IPv4 Interfaces.

Choose “IP Configuration / IPv4 Interface” and add VLAN 2

Things should look like this

Now you want to Untag the Ports that will be included in your first VLAN.
Change your VLAN ID to 2 and hit GO.
Then untag the port that your first computer is connect to (GE20 in my case on VLAN 2)

Then under “Interface Settings” you need to change the port to Mode = Access for VLANs to work properly.

Choose GE20 and Edit

Finishing Touches (Routing)

I needed to add a route to my Router using the “IPv4 Static Routes” page.

And also a reverse route on my Router which is a DD-WRT.

And this is my routing table on my DD-WRT


1 ping

Skip to comment form

    • Robert Toney on August 20, 2013 at 2:17 pm
    • Reply

    do you still need to assign ports to vlans?

    • Jay on August 30, 2016 at 6:57 am
    • Reply

    Hi Dave,

    I’m having a hard time understanding this


    basically if i’m setting the port as Trunk what shall I enter?.. if i’m setting the port as Access what should it be?

    thank you

    1. From Cisco Admin Guide

      —The interface is not allowed to join the VLAN even from GVRP
      registration. When a port is not a member of any other VLAN, enabling this
      option on the port makes the port part of internal VLAN 4095 (a reserved

      —The interface is currently not a member of the VLAN. This is the
      default for all the ports and LAGs. The port can join the VLAN through GVRP

      —The interface is a tagged member of the VLAN.

      —The interface is an untagged member of the VLAN. Frames of
      the VLAN are sent untagged to the interface VLAN.

      Multicast TV VLAN
      —The interface used for Digital TV using Multicast IP. The
      port joins the VLAN with a VLAN tag of Multicast TV VLAN. See
      Access Port
      Multicast TV VLAN
      for more information.

      —Select to set the PVID of the interface to the VID of the VLAN. PVID is
      a per-port setting

    • glooo on January 25, 2017 at 4:26 am
    • Reply

    im having problem with this. i can’t play the intervlan. different vlan cannot ping to each other .huhu any help

    • Mukhtar on September 17, 2017 at 9:30 pm
    • Reply

    Thanks malpass
    Please help
    I can’t able ping my gateway through my pc on vlan
    My topology with SG300 as below

    DSL Linksys router
    Vlan 1

    Static route sub gateway

  1. Probably the reverse route on your Linksys? Check you have both the forward and reverse.

  1. […] have the Cisco SG300 switch…basically followed the steps here How to setup VLANs on a Cisco SG 300-20 Managed Switch » Malpass' Technology Blog but the problem is after i created the vlan…now when i connected a laptop to the ports tagged […]

Leave a Reply

Your email address will not be published.