Re: CBS350: what is the recommended setup to share internet between VLANs?

aizl · ‎12-09-2020

Hello!

We have two stacked CBS350-48FP-4X switches with an Arris DG1670A modem / router (which we believe has VLAN 802.1Q tagging support). I'm a bit new to networking, so some of my terminology might be off.

We'd like to share internet access between ~5 VLANs: is this the recommended configuration for ease-of-use?

Disable DHCP on the modem.
Create VLANs with separate subnets and enable DHCP for clients. (e.g., VLAN10 = 192.168.10.xxx)
Assign the VLAN an IP interface and set that as the default gateway for clients on that VLAN.
Enable "IPv4 routing" in the switch (what exactly does this toggle do? does this create SVIs?)
Create a static route between each VLAN's IP to the modem's internal IP.
Create a trunk port with all the VLANs as tagged members and connect that trunk port to the modem.
On the modem, enable 802.1Q and then enter all the switch's VLANs + their respective subnets (e.g., "VLAN10 is on the 192.168.10 subnet")
Setup ACLs to block VLAN-to-VLAN traffic (I assume that step #4 has allowed all VLANs to communicate with other VLANs?)

Is this the recommended setup? I ask because we don't really have easy access to Spectrum's modem configuration and we need to request permission from Spectrum each time to edit its configuration, which is workable but not ideal. Is there another way to share internet between VLANs with this hardware?

I've read a bit about RIP, RIPv2, OSPF, and EIGRP as replacing some of the steps above, but I can't confirm if this CBS350 switch has any of those capabilities and/or whether they'd be preferable here.

Baum · ‎12-21-2020

Hello,

We used Cisco CBS350 8 ports Gigabit Switch for our company. You may check this guide: VLAN Configuration via CLI on CBS250 and CBS350 Series Managed Switches:

https://www.cisco.com/c/en/us/support/docs/smb/switches/Cisco-Business-Switching/kmgmt-2237-vlan-configuration-via-cli-on-300-500-series-managed-switche.html

Stanley Baum
Configuring VLANs on 200 and 300 Series Managed Switches support for writemyessayfast.ca

pieterh · ‎12-21-2020

I suggest to configure the CBS350 as any home-router

that is: the CBS350 communicates with the modem using a single IP-address, and performs NAT
this way the modem does not need to know about the addressing within your network

and need not be reconfigured for any vlan you add/remove from your network

yes the CBS350 must be configured as DHCP server for the internal networks

yes enable ipv4 routing will by default allow traffic between the vlan, so you need to filter using ACL's

Joseph W. Doherty · ‎12-21-2020

I'm unfamiliar with the SMB Cisco devices, so I'm going to be general in my responses. One important item, I'm assuming the CBS350 supports NAT/PAT, and its connection to the modem is so configured. If it doesn't, it would probably be best to acquire a "router", that does support NAT/PAT, to place between your switch stack and the modem. Further, doing so will change some of what follows.

#1 Possibly not. You might be able to allow your CBS50 stack to acquire its "outside" IP from the cable modem.

#2 Correct.

#3 Correct.

#4 Correct. What it does is "route" traffic between networks. I.e. both from your VLANs to/from the Internet and between the VLANs. Unknown, on this device, whether creating an SVI for an undefined VLAN will create it.

#5 No, because normally once you enable routing, the router (i.e. your L3 switch stack) will "know" (and route) between all connected networks.

#6 No, the modem should "see" only one "host", the DHCP it gives to the switch stack. However, if you connect other switches to your switch stack, and they, in turn, host multiple VLANs, then you would trunk on the connecting link.

#7 No, again the modem should "see" only one "host".

#8 Correct, if, as you note, you want to block (or control) traffic between VLANs.

Regarding using a dynamic routing protocol, generally useful when you have more than a few routing devices. Also generally only can be used if you have more than one routing device. Many routing devices support at least RIP, other routing protocols usually require a "better" routing device (or license or upgraded feature set).