Cisco Switches :: SG300-10P SYN Protection

Mar 1, 2013

Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
 
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
 
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
 
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
 
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround. My firewall blocks those SYN packets with a SNORT rule.

View 1 Replies


ADVERTISEMENT

Cisco Switching/Routing :: SG300/500 - Similar Feature To HP Loop Protection?

Apr 17, 2012

Do Cisco Catalyst (IOS) and specially Cisco SG300/500 support a similar feature to HP's Loop Protection or DLINK's Loopback Detection? This is an interesting feature to avoid loops caused by unmanaged switches.

View 6 Replies View Related

Cisco Switches :: SG300-28 GUI Different Than Online SG300-48 Simulator

Aug 29, 2011

These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
 
Below is the blog I started for InterVlan issue [URL]
 
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
 
This is what I see on our switch.
 
Our switch version
switchd64684#show version                                                                                                                                              
SW version    1.1.0.73 ( date  19-Jun-2011 time  18:10:49 )
Boot version    1.0.0.4 ( date  08-Apr-2010 time  16:37:57 )
HW version    V01

View 1 Replies View Related

Cisco Switches :: SG300-28P And SG300-52 Web Managing - Fans

May 26, 2011

1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?

2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?

View 2 Replies View Related

Cisco Switches :: SG300-28 Uplink To Another SG300-28?

Feb 8, 2012

Can I connect a single Cat5e cable between two SG300-28 and link them?  If so what must I configure?

View 1 Replies View Related

Cisco Switches :: Difference Between SG300-28P And SG300-52

Jul 25, 2012

I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?

View 2 Replies View Related

Cisco Switches :: Replacing 3COM 4500 Switches With SG300-52?

Nov 21, 2011

I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
 
3COM Setup
#
interface GigabitEthernet1/0/1

[Code].....

View 2 Replies View Related

Cisco Switches :: SG300 Switches Have Poor Performance In Layer 3?

Jan 1, 2013

We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
 
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each.  Switch was connected to HQ Network as untagged VLAN 101.  I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great.  Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then  Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
 
I then  Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.

View 10 Replies View Related

Cisco Switches :: SG300 Switches Can Be Used With Microsoft NLB In Multicast Mode

Dec 18, 2011

does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?

View 2 Replies View Related

Cisco Switches :: VLAN Management Via SNMP On SG300-10 Switches

Aug 7, 2011

Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.

View 8 Replies View Related

Cisco Switches :: Multiple VLANS And SG300-28P Switches Setup?

Aug 20, 2012

I'm going to have several SG300-28P switches to setup.  I'll need to create multiple vlans for data, voice, and wireless traffic.  I have the following questions in setting up this configuration:
 
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice 
 
1) For managing the switches via IP, will LAN1 be the default management network?  Should I create a seperate VLAN for managing the switches?
 
2) For uplinking the switches together, I plan to trunk a port to connect the switches together.  What's the configuration on the trunk port to forward all vlans from one switch to another?
 
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC.  The phone supports tagging for the PC and the VoIP traffic.  For example on port 10, would VLAN 100 and 300 be set to tagged?

View 3 Replies View Related

Cisco Switches :: SG300-52 Multiple Lags Between Switches?

Jan 19, 2012

I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?

View 1 Replies View Related

Cisco Switches :: How To Configure Two Links Between Switches SG300

Apr 22, 2012

I have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?

View 2 Replies View Related

Cisco Switches :: VTP And STP On SG300-28 Switch

May 9, 2011

I have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.

View 2 Replies View Related

Cisco Switches :: Set Up LAG Between SG300-20 And SRW224G4P

Jul 19, 2012

On my SG300 I set up LAG for the last two ports.
 
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
 
I was thinking maybe doing firmware upgrades to both switches?

View 3 Replies View Related

Cisco Switches :: How To Assign SG300-10 To VTP

Jan 29, 2012

I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?

View 2 Replies View Related

Cisco Switches :: Does SG300-10 Support RIP

Jun 20, 2012

In the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?

View 6 Replies View Related

Cisco Switches :: SG300-10MP Keeps Going Down?

Jan 27, 2013

We purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems.  It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue.  I already have a Cisco SGE2010 on my network without problems.

View 7 Replies View Related

Cisco Switches :: ACL Binding On SG300 28P

Mar 15, 2011

I have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P  is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?

View 1 Replies View Related

Cisco Switches :: SG300 - Set Up VLan Only For Wi-Fi APs?

Mar 25, 2012

I want to set up a vlan only for the wifi APs and wifi clients on my network. They can't access to any server, only internet acces. I already implement this configuration and its working, but now I want to allowed a couple of laptops to connect to servers in other vlan. what should I do? Should I do it using Mac address of laptops or IP?

View 9 Replies View Related

CIsco Switches :: SG300 Or SG500 That Has All Ports As SFP?

Feb 14, 2013

Is there an SG300 or SG500 that has all ports as SFP ports?

View 1 Replies View Related

Cisco Switches :: VLAN Config On Sg300?

Jan 26, 2012

I am using a couple cisco sg300 28P switches along with a sonciwall firewall/router. The sonicwall was already in place and working so they didnt want to replace it. I understand how to configure the vlan on the sonicwall, but could use some info on the cisco. I would basically like to create 3 vlans, 1 default for management, 2 for pc's on lan, and 3 for the cisco spa504g phones/'voip. Would i just go into the vlan managment, configure the 2 new vlans and give them two id's? These offices have one network drop, so the phones and pc's will be sharing the switch ports, however the phones have a setting to configure the vlan id so they know which one theyre on. Is there anything i need to do after that? I want to make sure that vlan 3 has the highest priority becuase its voice, is there some qos configurations i need to make on that switch as well? Also, the port that links the two cisco swtiches together, does that need to be set as "trunk" port? I understand what vlans are, but its just the first time ive run into these cisco models. .

View 0 Replies View Related

Cisco Switches :: SG300-10 IPv4 Routes Bug?

May 10, 2013

I bought the SG300-10 Switch a few days ago and updated it to firmware 1.3.0.59, but i think there's a bug in this firmware. If I go to "IP Configuration" IPv4 Routes" in L3 Mode nothing is displayed. In the log file i see that:
 
21474773112013-Mar-16 09:51:34Error%HTTP_HTTPS-E-DIAGNOSTICS: ERROR - in <RL_vtLeadTableGet> tag, can not find the table rlInetRoutingDistanceTable in the MIB.       21474775182013-Mar-14 22:39:22Error%HTTP_HTTPS-E-DIAGNOSTICS: ERROR - in <RL_vtLeadTableGet> tag, can not find the table rlInetRoutingDistanceTable in the MIB., aggregated (1)               
 
Reset of the Switch doesn't work.

View 4 Replies View Related

Cisco Switches :: SG300-10MP Keeps Crashing?

Sep 4, 2012

We are in an organization of 80 users with 5 Sx300 series switches with the latest firmware (1.2.7.76). The network is mostly flat with all switches feeding into a Cisco ASA5505 acing as the primary gateway for Internet Access. Only our two 48 port POE switches have an additional vlan configured for the VoIP phones. We have one SG300-10MP that is powering 5 Cisco Aironet 1024N's that keeps crashing. A couple weeks ago it went down twice in one day. I updated the firmware and it did not have any hiccups unitl today. This issue has been consistent since we installed the switch in April. Originally the issue seemed to be caused by too much bonjour traffic causing a buffer overflow (we have over 100 Apple products). Since I updated the switch I have not seen any bonjour buffer overflow errors. Instead I get the following error when it crashes:

2147424534 2012-Sep-05 15:12:28 Emergency %SYSLOG-F-OSFATAL: FATAL ERROR: tExcTask: ABORT DATA exception ***** FATAL ERROR ***** SW Version : 1.2.7.76 Version Date: 19-Jul-2012 Version Time: 17:54:43 Instruction 0x18 Exception vector 0x10 Program state register 0x80000092 %SNMP-I-CDBITEMSNUM: Number of startup configur ation items loaded: 133 %LINK-W-Down: gi1 %LINK-W-Down: gi2 %LINK-W-Down: gi3 %LINK-W-Down: gi4 %LINK-W-Down: gi5 %LINK-W-Down: gi6 %LINK-W-Down: gi7 %LINK-W-Down: gi8 %LINK-W-Down: gi9 %LINK-W-Down: gi10 %LINK-I-Up: gi9 %LINK-I-Up: Vlan 1 %LINK-I-Up: gi1 %STP-W-PORTSTATUS: gi9: STP status Fo

The CPU and PoE supply are far from being overloaded.

View 15 Replies View Related

Cisco Switches :: SG300 And Multiple WAN Connections?

Apr 8, 2013

Currently I have my SG300 connected to a Wireless Router which is, in turn, connected to a Cable Modem.
 
I'm considering adding a second cable modem. Can the SG300 handle that?

View 3 Replies View Related

Cisco Switches :: LAG Configuration On SG300 52 Switch?

Sep 10, 2011

I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine.However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports?

View 2 Replies View Related

Cisco Switches :: SG300-10 VLAN Configuration

Apr 22, 2012

Before I launch into this can I say that I am very much a novice with regards to Managed Switches and their configuration. I have the following equipment which I have connected to the switch: [code] All of the above are on subnet 255.255.255.0.All of the above communicate with each other during normal operation.Our client is connecting to the switch but his requirement is for his system to "see" the PLC Comms Card as follows:IP: 10.0.3.61 on Subnet 255.255.252.0 .
 
Using the Internet Explorer interface connection I have created an additional VLAN (ID 2) on Port 10 with the intention of using this as the connection to the client ( I assume there will be further settings required to route the PLC connection to this port) but every time I try to assign the IP and Subnet values and click "APPLY" the changes are not made and the connection appears to hang leading me to reboot the switch.I have connected to the switch via console and changed the mode to Layer 3.  I also assume that it is OK for the three pieces of equipment to remain on the default VLAN. How I should setup this VLAN and ultimately achieve my goal.

View 5 Replies View Related

Cisco Switches :: SG300 Not Reachable Beyond Subnet?

Feb 6, 2013

I'm trying to configure a SG300 to be reachable beyond its own subnet. Its IP address is configured by DHCP to 192.168.2.2/255.255.255.0. It is possible to ping the switch from the same subnet but not from outside. The switch is set to layer 2 mode. All routing should be done by the gateway.
 
Here's what I have checked so far: The default gateway and netmask are set correctlyThe gateway can ping the switchHosts in the 192.168.2.0/24 subnet have connectivity to other networks through the gateway (i.e. gateway configured correctly)Administrative interface > IPv4 interface shows the correct ip address, netmask, and gateway (greyed out because it is assigned by DHCP)the switch can ping other hosts within the same network  
 
Is there some kind of firewall setting that prohibits the switch to respond to ip packets from outside the subnet?

View 5 Replies View Related

Cisco Switches :: Get Vlan Communicate On SG300-20

Mar 28, 2013

I am facing an issue to setup what I initially called simple network but still unable to put it together.On SG300-20 I want to setup 4.3 of the vlan are to separate users in to different groups and to secure data confidentiality.1 is for the NAS. All users on the 3 vlans must access the NAS vlan.All user should have access to internet via SG300 through the ISP provided router. How to configure this, I have every little knowledge of switching and routing? And the routing seems to be the issue I am encountering because I am able to create the VLANs and assign static IP address to them but not able to get them talk to each other. I use each vlan ip as gateway on each port assigned. [code]

View 13 Replies View Related

Cisco Switches :: DHCP Over LAG Between SG200 And SG300

Apr 17, 2013

I have an SG300-10 and an SG200-26. I also have an OpenWRT flashed router that can tag VLANs.My problem right now is that my default VLAN is 1, my router is doing DHCP in VLAN 1, and I want all my network equipment to be on VLAN 1, but my SG200, when LAGed to the SG300, will not get an IP.My SG300 is pulling an IP just fine from my router DHCP pool. When I connect the SG200 directly using either 1UP port settings or 1TP port settings, I get an IP just fine. When I LAG my connection (ports 1-3 on both) I get no DHCP information sent through the LAG to either the SG200, nor to any client devices that are set for DHCP.

View 7 Replies View Related

Cisco Switches :: Getting SG300-28 Port Mirroring?

Apr 28, 2013

I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.

View 1 Replies View Related

Cisco Switches :: How To Block SG300 10 Ports

Sep 30, 2012

I just recently purchased an SG300 10 port switch. After reading through many of the threads here, I was finally able to get the different VLANs to route properly. However, I'm having a unique issue that I'm not sure if it's related to the switch or not. I currently have 2 VLANs configured on the switch.ports 1-4 are native vlan 1 (192.168.1.X) ports 5-7 are VLAN 10 192.168.10.X (Trunk Port with VLAN 1 tagged and VLAN 10 untagged)I have a Hyper-V server connected to both of these networks. The VMs are running on both VLANs on port 5. I have the following problem:When I have a domain controller VM on VLAN 10, I notice that many of the DC communications failed. I took a network trace and noticed that many of the RPC port ranges were failing. I am able to ping all of the hosts on VLAN1 and vice versa. My question is as follows:Does this switch have some type of security option that blocks high range ports? I can't seem to find the menu option indicating that this is the case. I have already set-up a NETBIOS UDP proxy, but this hasn't worked much. I still have problems connecting to machines on this VLAN range.

View 5 Replies View Related

Cisco Switches :: SG300-10 Crash After 1.2.5.70 Upgrade

Jun 16, 2012

Just updated the fw to 1.2.5.70 and after a while, the device crashed wth the following message in the flash log.
 
21474836472012-Jun-17 11:46:21Emergency %SYSLOG-F-OSFATAL:    FATAL ERROR: GOAH: ABORT DATA exception   ***** FATAL ERROR *****   SW Version  :  1.2.5.70 Version Date:  11-Jun-2012 Version Tim e:  17:35:31  Instruction            0x150348 Exception vector       0x10 Program state register 0x60000013 0x0015014c  ***** END OF FATAL ERROR *****    Haven't seen the switch crashing before.

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved