Blog Just another tech site

1Aug/1214

Cisco SG 200-08 Trunking

I've had a little struggle getting a Cisco SG 200-08 trunking with several vlans to a Cisco 3560G switch.

I'll quickly explain what was throwing me off for speed readers, but I will go in depth later on. On the proper Cisco switch the standard dot1q encapsulation and trunk mode needs to be used, this is similar to the SG 200-08 where the default 'trunk' port setting needs to be used. The only changes that need to be changed on the smart switch is to create the vlans before hand and put them as a member of the trunk port in the "Port VLAN Membership". This gave me strife because I am used to in 3560s' where all ports are allowed on a trunk from default where as they specifically need to be applied on the smart switches trunk ports.

How to setup a Cisco SG 200-08 with trunking and a non default management vlan:

  • First off I would start with providing the SG 200-08 a access port on a vlan that has DHCP access so the web interface can be access for configuration.

  • The device should now be access through the DHCP address, find this by looking up the server or doing an nmap scan and look for Cisco equipment.
  • Now create the VLANs you need and name them under the "Create VLAN tab".

  • The created VLAN/s now need to be added to the desired trunk port on the smart switch, this is done through "Port VLAN Membership". Simply select the trunk port, edit the details and select the VLAN that is to be allowed on the trunk, tick Membership and then click the arrow to move it in to the selected column.

  • The VLANs that are needed on the trunk should now be showing on the Port VLAN Membership page.

  • Access ports can now be configured, which is straight forward by changing the required ports to access ports and defining which VLAN is required, which is done through "Interface Settings". This won't actually work until we configure a trunk port on the other switch.

  • Depending on your native vlan settings, you may have to change the management vlan setting before changing the port on the other switch to a trunk. Just a reminder make sure the management vlan is a member of the trunk port. This can be done through the "IPv4 Interface".

  • The smart switch might be unconnectable if the management VLAN has been changed, therefore we need to enable a trunk port on the other switch to gain access again.

The switch should now be accessed through the IP entered in the management settings and trunking should be working correctly.

Just a note: A port setting called "General" can be used, which I believe will give you more options for Ingress Filtering and allowing tagging on that port, which would give you more options for VLAN compatible devices.

14 responses to “Cisco SG 200-08 Trunking”

  1. Chris says:

    Nice, Many Thanks

  2. Mike Pilkington says:

    Wow!! Your post was a savior. I spent literally hours on what should have been a 20 minute process. I finally gave up on my trial & error process (including setting up SPANs and watching traffic in & out of the switches) and found your write up. You explained it perfectly! I just wish Cisco would have given us a standard ssh interface on these things. Nevertheless, it’s finally working. Thanks for taking the time to document it!!

    Best, Mike

  3. Szabolcs says:

    great post, maybe i misunderstood something but you have to sacrifice a port on the sg200 just to have management on a seperate vlan?

    • Roelof Sondaar says:

      No you don’t. At first you will need this (probably, I did not check, it took me some time).
      In “VLAN Management -> Port To VLAN” select Filter VLAN ID and select the management VLAN-id. On the trunk port set it to untagged. Don’t forget to change the trunk native VLAN on the neighboring switch to the selected VLAN id.

  4. andrewdmorton says:

    I have recently bought one of these- so thanks for your writeup. Just a question though based on your post.

    You created a port with membership of both vlans (default and 400). Does this mean that both vlans can access that port? Im setting up something similar with port one hosting our dhcp and gateway, and want both vlans to be able to access it, but not access each other.
    Did you require another router?

  5. Lisa Coody says:

    THANK YOU! Your post was extremely helpful to me – I was having trouble figuring out how to get the vlans / trunk ports set up without the benefit of CLI access.

  6. Eromosele Christian says:

    Hey guys, I have a catalyst 3650 and a SG300 switch, i have my vlans created on the catalyst switch. From practice, i think i have to create the vlans too on the SG300 switch and trunk the ports connecting them. Am i right this way?

    I need to configure the switch for 802.1x authentication. I think i need to enter the commands of the 802.1x on the SG300 switch since its the switch that wiil be used for testing.

    I am just curious as it is my first time on life devices.

  7. Gillie Priest says:

    I tell you man, you deserve to get payed for this tutorial,trust me. you save a lot of lives!!

  8. Hoang says:

    thank you verry much !

  9. Hoang says:

    Thanks for post !

  10. Brainslug says:

    Thanks mate!

    Struggled quite a bit trying to figure out this stupid web interface and couldn’t get trunking to work all morning.

  11. AndyM says:

    THANK GOODNESS

    This whole time it was the trunk.
    Talk about the elephant in the room!

  12. Roelof Sondaar says:

    Thank you for the fine instruction.

  13. Stephen Liberty says:

    Thank you so much. I’ve been working on this for a long time. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *