Cisco Switches :: SG300-10 ACL Entry In Layer3 Mode?
Jul 26, 2011
I'm setting up two vlans and I would like all of vlan 2 to only have access to the WAN router on vlan1 at 192.168.30.1.
VLAN1 192.168.30.x
VLAN2 192.168.31.x
I've setup the VLANS and static routes and I'm able to access the WAN router at 192.168.30.1 from the 192.168.31.x network and everything is fine.
I'm getting an error setting up the IPv4 based ACL that is designed to allow the 192.168.31.x network access to only the 192.168.30.1 WAN router.
The first rule I setup is to permit source 192.168.31.0 / 0.0.0.255 dest 192.168.30.0/0.0.0.255 to allow all traffic to from the 192.168.31. net to access the 192.168.30.x net. Then I was going to deny the dest of 192.168.30.1-255 but I'm not sure of the wildcard to use for that.
I'm not clear on the wildcards but I'm also getting the following error when I setup the first ACE rule:
"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."
I suspect the error is related to how I'm using the wildcards?
View 4 Replies
ADVERTISEMENT
Apr 25, 2011
I'm trying to get the following running.
I have 4 Subnets
VLAN 1 172.20.0.0/16 with the default GW 172.20.200.254
VLAN 10 192.168.10.0/24 with the default GW 192.168.10.2
VLAN 59 192.168.59.0/24 with the default GW 192.168.59.254
VLAN 130 192.168.130.0/24 with the default GW 192.168.130.254
[Code]....
With absolutly the same settings I did this with an HP E4200-12G L3 Switch (which is now doing the job) so there is no routing mistake in the other components.For me it looks like, the SG300 doesn't like to be NOT the default gateway.
View 7 Replies
View Related
Jan 22, 2012
We're replacing our older catalyst switches with new SG300 family switches and have a Microsoft NLB cluster for some services that run in multicast balancer mode.
We currently do L3 routing to the network with the cluster and have the following IOS configuration line in the specific switch to let users on other subnets to access the services.
arp 10.20.1.226 03bf.0a14.01e2 ARPA
How do we replicate this using the SG300 series in L3 mode? Whenever I try to add a manual ARP entry I get an error message that says that the MAC address is not a valid unicast address?
View 4 Replies
View Related
Dec 31, 2012
I am getting very frustrated trying to modify/create ACL's on my SG300-20 switch.I have the switch in L3 mode. I have created several VLAN's and ACL's for each VLAN controlling their access to each other. After the initial setup, I have started trying to create more VLAN ACL rules to allow more access between the VLAN's. The problem I keep running in to is that when I go to modify the ACE's in the ACL, I keep getting the error message "Entry already exists". For example, I go to modify the port ranges to tighten them up, and try to save the ACE after modifying it, and I get that error message.
View 7 Replies
View Related
Dec 18, 2011
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies
View Related
Nov 7, 2011
So it seems like the SG300 series (have here sg300-52) can be run as standalone unit and also in stacking mode. but i can not find any documentation or howto for this.
View 8 Replies
View Related
Aug 30, 2011
Our customer use catalyst switch that spanning tree be PVST+ mode.I take SG300 connect with this catalyst switch.Does it support ?If it support,how to config on SG 300 ?
View 1 Replies
View Related
Jan 24, 2011
Every "once in a while" (about a week with my network load), the SG300 crawls to an almost standstill of all IPv4 activity (haven't got IPv6 enabled here yet, so I can't comment wether this applies to IPv6 as well). It seems pure L2 transmissions is not affected, but L3 definitely is (down to 20mbit as opposed to the 600+ rate I usually get).
Soft-rebooting the switch (via the webgui) useful, and the intervals of the crashes seem related to total bytes transmitted, not time. I have jumbo frames enabled, and disabled flow control on on the switch and all hosts.
Firmware Version is 1.0.0.27, md5 1987292110f5657e74308dde30c03dc4 Boot Version is 1.0.0.4 md5 4c9a0b6a9f1346736646d08ab94ae2ac
View 13 Replies
View Related
Jun 13, 2012
How to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:
Vlan 100 (10.0.1.254 /24)
Vlan 200 (10.0.2.254 /24)
Vlan 300 (10.0.3.254 /24)
...
Vlan 900 (10.0.9.254 /24)
Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. What I need to configure or whether it is possible?
View 3 Replies
View Related
Jul 11, 2012
I have two 3750 layer3 switches and I need to connect them via stack cable.so if I connect them with the stack they will be act as an one switch, but for the configuration if I create a VLANs on the master switch (applied all the configuration on the master one) this configuration will be transfered to the slave one or I have to repeat the configuration that I did on the master.
View 5 Replies
View Related
Aug 29, 2011
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
View 1 Replies
View Related
May 26, 2011
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
View 2 Replies
View Related
Feb 8, 2012
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies
View Related
Jul 25, 2012
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies
View Related
Jul 1, 2012
Thinking of getting one of those 8-port 2960 for a CCNP study. Is the difference between the C2960-8TC-S and the C2960-8TC-L models in Hardware, or in IOS? or both? And if it's in IOS, is the S upgradable to L?
View 7 Replies
View Related
Nov 21, 2011
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Aug 20, 2012
I'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
View 3 Replies
View Related
Jan 19, 2012
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies
View Related
Apr 22, 2012
I have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?
View 2 Replies
View Related
Jan 31, 2012
it says that the cisco sg300-28 managed switch default system mode is Layer 2. but i want to change it to layer 3.
i can't get inside the "Console Interface Main Menu" where the switching from L2 to L3 will be done.
I have done the ff:
1. Upgraded firmware to 1.1.2.0 (latest)
2. Reset the switch to factory defaults.
3. The guide stated that in order to perform telnet to the switch, you need to enable it. So I logged in first in to the web GUI and enable telnet service.
4. I can now start telnet on the switch but I can't see the "Switch main menu".
All I can see are these lines from telnet:
User Name:cisco
Password:******
switchd5928c#
I just want to know how to get into the console interface main menu where these lines should appear so that i can change the system mode:
• System Configuration Menu
• Port Status
• Port Configuration
• System Mode
• Help
• Logout
View 3 Replies
View Related
Dec 26, 2011
I need to retrieve my password for the linksys router wrt54g
View 1 Replies
View Related
Dec 2, 2012
We have a project in which we are using 34 Cisco SG200-18's each with a MGBLX1 (LC Single Mode Fiber) SFP mini-GBIC.All the fiber's come back to one building where we must "bridge" all 34 fiber connections. What hardware should be used to accomplish this? A L2 switch? For example, a 12 port SFP Switch with Fiber SFP's accepting the first 12 fiber connections, then other switch with SFP for the next 12 and so on, until there is a overall capacity of 36 and having patch cables between the 3 switches?
what cisco or non cisco hardware would work with these SF200-18's to accomplish this?
View 9 Replies
View Related
May 9, 2011
I have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.
View 2 Replies
View Related
Jul 19, 2012
On my SG300 I set up LAG for the last two ports.
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
I was thinking maybe doing firmware upgrades to both switches?
View 3 Replies
View Related
Jan 29, 2012
I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?
View 2 Replies
View Related
Jun 20, 2012
In the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?
View 6 Replies
View Related
Jan 27, 2013
We purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems. It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue. I already have a Cisco SGE2010 on my network without problems.
View 7 Replies
View Related
Mar 15, 2011
I have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?
View 1 Replies
View Related
Mar 25, 2012
I want to set up a vlan only for the wifi APs and wifi clients on my network. They can't access to any server, only internet acces. I already implement this configuration and its working, but now I want to allowed a couple of laptops to connect to servers in other vlan. what should I do? Should I do it using Mac address of laptops or IP?
View 9 Replies
View Related
Mar 1, 2013
Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround. My firewall blocks those SYN packets with a SNORT rule.
View 1 Replies
View Related
Feb 14, 2013
Is there an SG300 or SG500 that has all ports as SFP ports?
View 1 Replies
View Related
