Hi to All,
I am currently having problems deploying my XG430 in my office network. My topology goal is in the attach image below:
So right now, the following are already done and configured:
1.The core switches and switch .13 have their port 25 & 26 which are SFP Fiber are configure as Trunk 1 and all VLANs are tagged. Native VLAN is excluded. Connecting the two core switches to switch 10.10.50.13
2. On the two core switches, port 23 & 24 are also configure as Trunk 2 connecting both port 23 as an up-link to SG430 while port 24 on both core switch connect them together. All VLANs are tagged as well in this trunk. Native VLAN is excluded.
3. Succeeding ports on the core switches from port 13 to port 22 are also configure as trunk (two ports on each trunk) for access switches. All VLANs are also tagged and Native VLAN is excluded.
4. RSTP is enable on all switches and a single and bridge priority is manually configures making switch 10.10.50.11 are the root bridge and switch 10.10.50.12 as the succeeding switch based on bridge priority. All switches have the same configuration name for the STP bridge configuration. This is enable for loop protection although the said switch have their loop protection cabapibility without enabling STP. I prefer that RSTP is enable for faster convergence.
5. On the SG430, the last two port connecting it to the core switches are configured as Trunk as well using LACP. Then the said trunk is incorporated as LAN. All VLANs are created and incorporated to the trunks.
6. We have 3 ISP connections for failover and redundancy that are already configure on the first 3 ports. DNS is using google DNS. DHCP is also configure and enable for some VLANs that will need DHCP addressing.
7. Management VLAN resides on VLAN50 which is the IP and range the SG430 and switches are using. The VLAN is already configured as a management VLAN across all switches. Port 1 is the management port across all switches.
6. No security, routing policy, blocking policy and other network nor security related policy had been implemented yet. The SG430 is out of the box and we only in the network configuration side initially
Issues:
1. When the SG430 is disconnected to the two core switches, I can ping and access the switches on all sides. VLANs are already configure on the access ports. No problem with the connectivity even is I disconnect one physical cable. RSTP works fine detecting the topology changes.
2. When the SG430 is connected to the two core switches, switch 10.10.50.12 and most of the access switches are RTO on constant ping.
3. Both static and DHCP address doesn't work on the access port of my access switches. Supposedly if I untagged a VLAN on a switch access port, I will be able to get an IP address if the untagged VLAN has a DHCP addressing but I can't receive any IP. If I manually configure the IP address, same thing no connectivity. I can't ping the SG430.
4. I would only have a connection to the firewall if I am directly connected on the management port of the SG430.
Goals:
1. have two ports from the SG430 that will connect to my two core switches. The two core switches are for redundancy for each other.
2. I can enable access to from one VLAN to other VLANs from the SG430. I will have servers in some VLANS that will be on the DMZ.
3. I can have policy route from my LAN going to WAN on our choice. Can I have policy route from VLAN? Select a VLAN which WAN port will it use. Or select a WAN were an outside domain passes through?
Hope someone can enlighten me on what is missing from the configuration and what maybe other way in achieving my network goals for out network. Looking forward for any urgent response and solution for this! Thanks!
This thread was automatically locked due to age.
