Cisco Switches :: SG300 -10 / 16 - IP Based ACL Assigned To Port?
Aug 9, 2012
I'm administrator of small network. I wish to replace my old switches by new SG300-10 and SG300-16 managed switches. I have big trouble in my network because everyone can assign IP his neighbour (or any IP) to his network card. I have policy that IP is 172.16.1.X with x is home number. Could I do that IP based ACL assigned to port where is cable from home example 29, permit only IP 172.16.1.29 (mas 255.255.254.0) (from specified port only permit packets with specified source IP (LAN user IP) other (if user set not his IP) is denied) ?
I want know that before buying equipment. How to configure that ?
I think IPv4 Based ACE, action: permit, source IP: 172.16.1.x (nr of home), widcard 0.0.0.0, destination: any, protocol: any, source port: any ?
and in ACL Binding, I have to bound this ACL to port where user whose IP is in ALC is connected?
View 2 Replies
ADVERTISEMENT
Apr 28, 2013
I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.
View 1 Replies
View Related
May 3, 2011
I want to configure port mirroring on SG300 swtich, port monitoring status is "Not Ready" , and i can not monitor the source interface!
View 1 Replies
View Related
Nov 8, 2011
I'm troubleshooting a LAN issue I have, and I wanted to hook up wireshark to record traffic over the course of a couple of hours for later diagnostics. I went into the web administration interface, clicked Administration > Diagnostics > Port and VLAN Mirroring, and added a port mirror from the port I wanted to watch to a port to which I had connected a laptop. I picked the Tx and Rx options, and clicked Apply.I did receive lots of traffic in wireshark, but I noticed immediately that the server on the port I had mirrored was suddenly unavailable on the network -- pings timed out. This lasted until I removed the mirror, then the server was suddenly reachable once again.Does this feature not work the way I had thought it does? What I saw looked more like a forward than what I would call a mirror. The documentation leads me to believe mirroring is intended to be used in just the way I was attempting to use it.
View 1 Replies
View Related
Sep 17, 2011
I have a Cisco SG300-20. I have read the documentation and cannot seem to locate the instructions for port forwarding. I need to forward TCP port 8088 to IP address 192.168.14.110 on the switch.
View 5 Replies
View Related
Oct 10, 2012
The switch has been set to Level 3 Routing. Port 27 has been in use as a Fiber Transceiver with no problems for several weeks. This week I tried connecting a second Fiber Transceiver to Port 28, and it would not work.
Swapped the physical GBIC modules in the ports, and the situation remained exactly the same: Port 27 works, Port 28 would not work.
Connected to the copper-part of the combo Port 28, it immediately connected and worked fine.
Connected an external Fiber Transceiver Box in place of the GBIC in Port 28, and it immediately connected and worked fine.
Swapped the new Fiber jumper (Port 28) with the existing Fiber jumper (Port 27), and the new connection came up immediately and worked fine. The existing connection would not work when connected to Port 28.
By "not working", I am not able to ping across the connection. The link light comes on and blinks. The transmit/receive statistics show as if data is processing on this switch, but on the other side of the Port 28 connection, the switch shows Transmit traffic, but no Recieve traffic.
View 13 Replies
View Related
Jun 10, 2012
today i got a sg 300-10mp PoE managed switch.
I plug the network cable and set an IP to GUI to the default IP (192.168.1.254)the problem is the port doesn't show light when connect to notebook. How am i supposed to enter GUI.
why the port is like in shutdown state and not enable? do i need to do anything via console??
View 6 Replies
View Related
Sep 4, 2011
Any snmpset commands to modify port vlan membership on SG300-28 switches? I checked [URL] however this information is apparently only valid for catalysts.
The latest firmware is installed and the provided MIB files are used.
View 5 Replies
View Related
Jan 15, 2013
I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route 0.0.0.0 0.0.0.0 192.168.0.7).
This is my config:
config-file-header
switch5ed948
v1.2.7.76 / R750_NIK_1_2_584_002
[Code].....
View 7 Replies
View Related
Oct 11, 2012
I have configured a Microsoft Server 2008 R2 with Radius Server and connect it with a Cisco SG300 Switch.
If a new device connect to the switch it goes automatically to the guestnet. If a device with the correct certificate and a valid useraccount connect to the switch, the deivce goes in to the local company network.
Now my problem: If I connect a device which is in the domain and which have installed the correct certificate and want to login with a new domain user (which is not cached in windows) I can not login.
The following message appears: "There are Currently no Logon Servers Available"
I think the problem is that the authentication process only starts after a user have succsess logged in in windows.
Now I search for a solution which allows me to conntact the Logon Server for Domain Login before the User has logged in.
View 1 Replies
View Related
Mar 6, 2013
I want to know if the SG300-28P can support 24 ports with 15,4w per port at the same time.
View 3 Replies
View Related
May 24, 2013
I've got an SG300-10 connected back to back (trunked) with a Cisco 3560X switch, across a fibre link and am seeing some big inconsistencies in terms of unicast data transferred across the ports between them.
During a night time window of 4am - 6am I run backups which involves a large copy of files, that almost saturates a GigE link - we can see from the 3560X end that the link is running at a bit over 800MBit/sec of throughput, sustained. The duration of this transfer is consistent with the size of the files being transferred (ie just over an hour, and is what I'd expect for a data transfer of about that amount). Back-of-the-envelope calculations indicate that the 3560X is measuring this data throughput correctly.
However on the SG300 end of the link, which is also being polled by the same application (Cacti), I'm observing spikey counts of only around 20MBit/sec during that window. These counters are very obviously incorrect - there's a huge amount more data moving across the port than that. The incorrect calculations are showing on both the trunk port out of the SG300 (uplink) as well as the interface where the NAS is connected in (which is an access port).
Cacti is polling the OID: .1.3.6.1.2.1.2.2.1.16.57 which translates to IF-MIB::ifOutOctets.57 = Counter32.I'm running version 1.3.0.62 but this problem is not new to this release - previous releases and 1.2 based releases also had this problem.
It looks like multicast traffic may be being counted correctly (that's only a suspicion though), however what I am certain of is that there is a very large discrepancy with the unicast traffic counts.Is this OID the correct one to be using for this switch?
View 2 Replies
View Related
Apr 1, 2012
I have my network with severals SG300 switches.I have one of them like my core switch working in layer 3 mode. With 2 vlans and vlan interfaces to each vlan.Everything is working ok.But now i have to connect one 3com unmanage switch that have host from vlan 1 and 2. How should i connect this switch to my Cisco sg300 switch?
[code]...
View 2 Replies
View Related
Aug 14, 2011
I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone. I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.
View 1 Replies
View Related
Aug 29, 2011
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
View 1 Replies
View Related
May 26, 2011
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
View 2 Replies
View Related
Feb 8, 2012
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies
View Related
Jul 25, 2012
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies
View Related
Apr 22, 2013
how to: port forwarding to 2 different destinations based on incoming WAN port
The default HTTP service works fine: TCP80/80-> 192.168.0.55
I have a couple of IP security camera's I'd like to be able to access remotely that also listen on port 80. I tried TCP & UDP 8009/8009-> 192.168.0.9 without any luck. Not sure how to handle the port redirects on the RV042G? Seems simple and was on the Symantec, could be user training :-)
I was able to do port redirect with the Symantec Firewall I'm replacing.
View 2 Replies
View Related
Nov 21, 2011
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
Dec 18, 2011
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Aug 20, 2012
I'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
View 3 Replies
View Related
Jan 19, 2012
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies
View Related
Apr 22, 2012
I have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?
View 2 Replies
View Related
May 9, 2011
I have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.
View 2 Replies
View Related
Jul 19, 2012
On my SG300 I set up LAG for the last two ports.
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
I was thinking maybe doing firmware upgrades to both switches?
View 3 Replies
View Related
Jan 29, 2012
I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?
View 2 Replies
View Related
Jun 20, 2012
In the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?
View 6 Replies
View Related
Jan 27, 2013
We purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems. It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue. I already have a Cisco SGE2010 on my network without problems.
View 7 Replies
View Related
Mar 15, 2011
I have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?
View 1 Replies
View Related
Mar 25, 2012
I want to set up a vlan only for the wifi APs and wifi clients on my network. They can't access to any server, only internet acces. I already implement this configuration and its working, but now I want to allowed a couple of laptops to connect to servers in other vlan. what should I do? Should I do it using Mac address of laptops or IP?
View 9 Replies
View Related
