We have an existing network with a Catalyst 4510 core switch and departmental 3560 switches connected via fiber. Due to company restructure we can no longer afford to buy new 3560's when anything goes wrong so this week I purchased an SG200-26 which I'm trying to get onto the network.
This is a legacy network which I didn't setup so my Cisco skills are somewhat limited (another reason for the SG200's hopefully), anyway have been looking at the configs on the existing switches and trying to match settings in the SG200 setup however not getting anywhere! I have the config from the dead switch so I can show what needs to be achieved, any experience in downgrading environment in a similar way?
Here is the scenario: A mid-sized IP based camera network (150 cameras, 1 management server, several client workstations, and several recording servers) has been implemented on a stand-alone LAN utilizing a class C configuration and is set up as a windows domain. The user now wants to add the ability for workstations on the existing class B network to connect (with client software) to the management server on camera network, network is controlled by enterprise sized domain (Think county). Access is controlled by camera system client software credentials. Here are my questions:
1) What is the best way to do this and what hardware is required? I thought about just adding a NIC to the management server but am concerned about the 2 different domains playing well together. Would a router be best? What do I need to consider as far as setting up firewall and/or gateway?
2) What considerations do I need to take into account regarding the camera network not taking bogging down existing user network?
3) The workstations on the camera network are not as “locked down” as they are on the user network (again, think county network security). Will I be creating a security hazard and if so, how can I prevent this?
SG200-08 and SG200-08P fail to hold or update Date/Time.(New installation for a UC320 setup.)I've got both an SG200-08 and SG200-08P that are failing to maintain date/time when set with "Use Local Settings". Every restart/powercycle causes them to reset to Dec 31 1969. Other settings save fine.I first tried to set time via SNTP Unicast using a variety of public time server addresses including the 3 hard coded to the SG200-08 firmware:
Sadly though it always just shows "Active Server Server Host Address: 0.0.0.0" and continues having 12/31/1969 as the date. Both after a config save and a reboot.I can ping the NTP servers just fine from the switches either by IP or by hostname.At this point I've decided that I must be missing something simple. At least I hope so... otherwise it's a firmware bug which means waiting for a fix.Other devices behind the same firewall/gateway (RVS4000) are updating NTP
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
On the SG200-side I've set the IP-address and default-gateway accordingly, however:From the SG200 I can't ping any other host on the same IP-subnet as the switchFrom the SG200 can't ping the default-gatewaycan't ping from any other host or the default-gateway *to* the switch But:On the SG200 I've got plenty of MAC-addresses under "Dynamic Address Table" - however only MAC-addresses that belong to the management-VLAN of the SG200 (i.e. VLAN9 in my case)The MAC-address table on the SG200 even includes the MAC-addresses of hosts on the same VLAN I tried to ping without success. For example: I tried a PING from a host having a MAC-address of 00:19:bb:31:91:30. This MAC shows up in the arp table of the SG200. To cross check I connected a dedicated PC to the SG200 and assign it an IP-address out of the management-LAN-range of the SG200 - in this case I can access the switch (i.e. PING, WEB etc.)So to summarize: Connectivity is OK when going from directly connected devices to the SG200. No connectivity from devices that are behind the C2960S towards the SG200 and vice versa. (The problem is definitely not with the C2960S-side since we've got plenty of them hooked together without problems.) I'm enclosing the screenshots of the corresponding definitions on the SG200.
This is also happening on more ports ie 20-printer, 13-Cisco Wireless Access Point, 24 File Server etc., which I don't know what is going on. With my research, it said something about spanning protocol. Is this possible to disabled?
The other cisco switch where desktop are also connected doesn't have this error.
I'm part way through trying to set a Catalyst 4510R to factory defaults, One thing I'm stumped on is how do i remove the Customer Disclaimer eg what commands do i need to remove this and any other customer text within the switch, below is copy of text from the switch with customers details omitted.
Add wireless conection that can't see network. I have an existing working hard wired network. I want to add a wireless connection that has access to the internet, but not to the other devices on the original network.
I am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
!interface GigabitEthernet2/34 switchport mode access ip arp inspection limit rate 30 authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server dot1x pae authenticator dot1x timeout tx-period 5 dot1x max-reauth-req 6 spanning-tree portfast ip verify source vlan dhcp-snoopingend
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
We have a project in which we are using 34 Cisco SG200-18's each with a MGBLX1 (LC Single Mode Fiber) SFP mini-GBIC.All the fiber's come back to one building where we must "bridge" all 34 fiber connections. What hardware should be used to accomplish this? A L2 switch? For example, a 12 port SFP Switch with Fiber SFP's accepting the first 12 fiber connections, then other switch with SFP for the next 12 and so on, until there is a overall capacity of 36 and having patch cables between the 3 switches?
what cisco or non cisco hardware would work with these SF200-18's to accomplish this?
We have an issue where switches are failing weekly in a switch closet. In the past month we have gone through several 3750G switches and a couple 4510s. The power supplies have eventually made a popping noise and had to be replaced. on the 4510s we've tried two chassis and gone through several power supplies.The switches have been behind UPS systems so should be receiving conditioned power.Could load from the PoE devices really be causing this? I wouldn't think it's power since they are behind a UPS.
We are replacing some netgear switches with the Cisco SG200. The situation is relatively straightforward. We have a series of VLAN's coming in on a trunk from a service provider for our Metro Ethernet locations. These trunks then get cross-connect to various location for connectivity. The problem we have is there are two VLAN's that need to go to the same switch which provides access to our public IP block.
I set up the two VLAN's on the SG200 with the trunk port VLAN tagging on the service provider port. Then I set up a separate port for untagging the traffic with the PVID of the respective VLANS's as follows: [code] The public switch has no VLAN's configured (it is an SG200 too). If I connect GE2 to the public switch everything works fine. When I connect GE3 to the public switch, things die. I thought this might be caused by STP although STP should not be detecting issues like this across separate VLAN's. Disabled STP, no change.The same configuration with the Netgear worked without an issue. FYI, the VLAN's cannot be changed...they are defined by the service provider in this particular case. otherwise we'd just make them the same..
I need to purchase a few Gigabit PoE switches for a small business and I am thinking that SG200 or SG300 switches are perfect for this purpose.
Layer 3 functionality in SG300 switches is not great - HSRP or any other next-hop redundancy protocol is not supported, dynamic routing protocols are not supported, policy-based routing is not supported, etc. I may get one SG300 switch for inter-VLAN routing so that I do not have to send traffic to a Layer 3 device for this purpose, especially because my Layer 3 device (ASA5505) has only 10/100 Mbps interfaces. All other switches in the network don't have to be Layer 3 switches, and I am thinking of perhaps getting SG200 instead of SG300 swithces. However, because I am a long-time Cisco engineer, and know ins and outs of the IOS CLI, I would much rather administer the switches with CLI rather than GUI. So, do SG200 switches provide CLI (even if it is not officially supported) or is the only Small Business switch platform that supports CLI SG300? I do realize that the OS running on these switches is not IOS, but after having reviewed the CLI manual for SG300, I would say that 90+% of commands are identical to IOS CLI commands.
We have multiple switches(Cisco 4510, 4507R, 3560's) within our network. I've been looking over the port settings between them and noticed that not all ports that are connected directly from switch to switch are trunked the same. Some are desirable on one switch and forced truck on the other switch.
At our site we have a 4510 core switch and 3750x switches in our IDFs. The 3750 switches are connected to the core via DOT1Q trunks in a server client setup. We are putting in an Informacast/Berbee server witch will send pages and text to the cisco phones. We also have 1 3750 switch connecting to the core via a layer 3 port channel. If we put the Informacast server on the phones vlan would I just need to enable ip pim sparse-dense mode on that vlan only and enable multicast routing, ip multicast routing?
I just picked up a pair of 18-port SG200s, and I'm trying to figure out of there's some secret trick to getting CLI access to them? I've upgraded to the latest version of firmware (22.214.171.124) hoping that may work, but no luck.I can tell the guts to support a CLI are there, because writing the config out to a TFTP server shows identical an identical config style to the SG500 I have here.Is there some way to enable it?
I am trying to set up three vlans across two switches. The switches are Cisco SG200 and SG 300 series. There are 20 devices connected to the two switches including a router for Internet. Among these devices are five wireless access points all hardwired to the LAN. If I understand correctly the first thing I have to do is aggregate the two switches. I ran two cat5 cables to ports 1 and 2 of each switch. As I understand it all I need to do is to create SAG with the two ports on each switch. I think I need to use tagging but I don't really understand how to do this. Once I get the trunking set up correctly I want to create one vlan to which all devices will belong for Internet access. The other two would be for data and VoIP. Do I create vlans with the same name on both switches? When I assign the devices (by port) do I need to enable tagging? Which type of port setting should I use? I am assuming that by including the acess points in the vlans will mean that any wireless device connected to them will have acess to the Internet and the devices in the same vlan.
On first floor, I have two stack switches and each stack has got 4 switches. they all are working fine.Now the client would like to add one more stack on the 2nd floor. But the second floor switches are different when compared to the 1st floor switches.
can you have differnt IOS among different stacks. I knew in a stack we need all the switches should have same IOS version. But in between two stacks to communicate do we need same IOS or they can be on differnet IOS?
1st floor switches have 15.0 version and 2nd floor new switches has 12.2.58. Is this ok ?
1st floor switches are 3500 series ( Note: only one one Vlan 20 we are using on the both stack switches and we would like add same Vlan 20 on to the new stack)
2nd floor switches aew 2 catalyst 2960 switches.
Note: on the second floor switches one is 24 port switch and the other one is 48 port switch. so can i make them as a stack?
We have already done cabling from 1st floor to second floor. So no problem with that at all.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
I am trying to connect an SG200 to a customer's existing network. The customer does not want to receive any bpdu frames from the SG200. The customer's port has bpdu guard configured to err-disable their port upon receipt of a bpdu.
How do I completely disable spanning tree on the SG200 so that it does not send any bpdus?
My SG20-50P Switch Log appears as follows with Random ports going up and down. I am trying to find out if this links to another problem I'm having with a Client Server software locking up on the client end. The hardware, thin clients and desktops, are working and have checked all sleep and power settings. All items in working order, now I'm wondering about the switch
I saw the announcement stating that "200 and 300 Switches now supports Cisco Pre-standard POE" available here:[URL]However, I cannot find the 126.96.36.199 firmware for the SG200-08P in the download center (latest is 188.8.131.52).Does this mean this doesn't apply to the SG200-08P?If it doesn't apply, any other switches with 16 or less all gigabit ports which support legacy PoE?
I just purchased a SG200-50P switch to replace a WS-CE500-24LC, that had a limited amount (4) of PoE ports. I was running Cisco 7940 IP Phone, Cisco AP1231 and AP1100 series access points via PoE off of this switch.
When I attempt to plug in these device types into the SG200-50P they do not power up. What is going on? Why do these devices (7940 IP Phone, 7960 IP Phone, AP1100 series access point, AP1231 series access point) not get PoE from the SG200-50P switch?
I have an SG200 switch and am trying to import a certificate signed by my own CA. I generate the CSR and sign it using Java's key tool with my own root cert. When I attempt to import the resulting cert, the switch blanks out the certificate text box and deletes all of my d name data (CN, etc) from the switch. What am I missing?
When I came back home today I saw that my SG200-08 switch did not look fine.Basically, the system LED of the switch keeps blinking and end devices connected just don't have any network.I tried to reset the switch with the "reset" button (with a paper clip) the system LED was orange during just a second and then continue to blink.What is wrong with the switch?Is there a way to flash a new firmware and/or to delete the configuration file?
I am thinking of buying a SG200-26P switch and have a few questions:Is it possible to disable the PoE function on the 12 PoE ports?I need al the ports but only 6 with PoE.What happens when you connect a non PoE device to a PoE port?