I've just installed an SG300-28 (v01) switch configured in layer 3 mode with 1.0.0.27 firmware. It's working just fine except that when running a traceroute across the switch, it does not respond with an ICMP-11 time exceeded packet. Does this behavior persist in the current 1.2.5 firmware?
View 1 Repliesi had a client request to block ICMP request on their 1841 WAN link. i've got ACL hits for ACE 170 but not for 171.
how to test or simulate for ICMP time-exceeded? is this TTL related and is there a DOS command or any way to produce ping packet with a less TTL count that would hit the ACL log? below is the config.
interface FastEthernet0/0
ip address 202.42.x.y 255.255.255.252
ip access-group IDS_Fastethernet0/0_in_0 in
ip access-list extended IDS_Fastethernet0/0_in_0
[code]....
In order to meet our requirements we had to configure PAT for TCP 80 on 2 external IP addresses to one internal IP in DMZ. TCP port 80 is being translated for both external IP addresses and it works as expected. However, since we have migrated to ASA both external IP addresses don't respond to ICMP echo requests generating following error:
%ASA-3-106014: Deny inbound icmp src outside:<Source IP> dst outside:<Destination IP> (type 8, code 0)
Previously we have been using Cisco router to achieve the same objective and it worked well.I have noticed that when I add "same-security-traffic permit intra-interface" to a configuration the message mentioned above stops appearing in a logs.
As far as I can tell ASA sends packet back through outside interface, despite the fact that appliance advertises its mac address in response to arp request for the same external IP address.Is there any way to make ASA realise that it should respond to ICMP echo requests on external IP addresses that have forwarding setup?
I do realise that ICMP would work in 1-to-1 NAT scenario, but we can't apply 1-to-1 NAT for 2 external IP addresses to point to one internal IP address.
when do we get Desteination host Unreachable and time to live exceeded while trying to ping .
From 10.1.1.1 icmp_seq=2 Destination Host Unreachable
From 10.1.1.1 icmp_seq=4 Destination Host Unreachable
From 10.1.1.1 icmp_seq=7 Destination Host Unreachable
How can I measure a respond time from a switchport to another? What I intend to do is to measure packets transmission from a server. I have a Cisco 3750G in stack, and the server is connecting to it with a 1GE NIC. How do I measure from Cisco prospective? Any tools available from Cisco to measure such respond time? I have a PRTG on bandwidth management on this particular server switchport and it is around 45-70Mbps, which is less than 10% of 1GE interface.
View 3 Replies View RelatedI've been using my 2509 router as an access server for my 3 routers, 1 frame-relay (3640) and 4 switches for the past 2 months and it work great till this morning. As soon as the async lights on when i try to connect, it just hangs. It doesn’t respond to anything. No key hits not even disconnecting the console to where im connecting too. (from router to router) if i reboot the router with out the cord plug in (the async) i can use the router with all functions working great; But as soon as i connect the async cord.
The lights blink and poof router is gone. No response. i just cant figure how from one day to the next it doesn’t work.I haven't tried a different cable yet but i tried disconnecting all console connection and just left the plug in and boot. This works but as soon as i connect to any console port physically it gone. No response?i cleared all my configes and its blank and it still just doesn’t respond as soon as i connect any thing (after configuring all the basic)
ive tried these
line 1 8
no flush-at-activation
no login local
no modem Dialin
no exec
speed 9600
still no good?
I recently bought a Linksys WAG160N v2 model to replace my old setup of a Linksys WRT54GL + ASUS AM604g (ADSL2+ Modem) i had.I've set it up to dial my ISP's PPPoE connection as i had on the previous setup exactly, And it seemed to work at first.But now i've randomly noticed the connection just dies - the router doesn't respond to wireless at all anymore, and connecting from a wired machine shows the PPPoE link died, while the log says something along the lines of "PPPoE connection terminated: transport endpoint not connected" followed by a big number with lots of zeros and :'s. Probably some kind of IPv6 error address? note that i am not using IPv6 myself nor does my ISP provide any such addresses.
I've already upgraded the firmware to latest and installed the newest WiFi drivers on the machine i was connecting from wirelessly (has an Intel Wifi Link AGN5300 module).
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
I just got digital cable, phone and internet and when I try to use the digital phone and internet at the same time, the internet wouldn't work. Its connected through Netgear N300. The wireless connection will not stay connected.
View 1 Replies View RelatedCan I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies View RelatedI have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies View RelatedI am in the process of installing a 3750x (IOS 12.2 (53r) SE2 IP Base) Cisco Catalyst switch in a new network of just 2 PC's (2 hosts, OS windows7 64Bits). I have enabled SVI interfaces with the both hosts installed in 2 different network segments. We then start connectivity test. The response time for the PING command between both hosts remain below 1 millisecond, whereas the response time between the hosts and their correspondent SVI interface is variable, and at all time is higher than 1 millisecond, sometimes it reaches 17 milliseconds. (Note that the switch CPU usage is only 8% at the time of testing) We have performed this same connectivity test changing the 3750x switches and in two different locations obtaining the same results.
View 2 Replies View RelatedU just bought a new E4200 router to enjoy 5ghz band for the first time.I noticed the range at my house of the 5gh is smaller than 2.4 is that right?one of my pc is having trouble keep connected to the 5ghz signal or the router doenst respond to it, is there a way to improve that signal?
View 2 Replies View Relatedwhat´s going on with an asa540 configure in multiple-context mode. I Have a cacti server on my lan and now I´m try to monitoring the interface with snmp. When I try to get this information returns the error message:
CISCOASA/CONTEXTA#
JUN 11 2013 01:52:00: %ASA-1-1-6021: Deny UDP reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
JUN 11 2013 01:52:01: %ASA-1-1-6021: Deny UDP reverve path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
If I try to ping returns the same error:
CISCOASA/CONTEXTA#
JUN 11 2013 01:56:09: %ASA-1-1-6021: Deny icmp reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
Following attached the conf of my asa My question is Why I can´t ping or even use snmp ?
I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies View RelatedAny snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies View RelatedI'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies View RelatedI have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?
View 2 Replies View RelatedI've brought a SG300-10 switch and would like to connect it to an Apple Time Capsule (as the base station of my wireless network), Apple Airport Extreme (to extend my wireless network) and 3 x NAS. What is the best way to connect?
Internet > SG300 > Apple TC + NAS x 4 + Apple Airport Extreme (to extended my wireless network) + Mac Pro/iMac'sInternet > Apple TC > SG300 > NAS x 4 (connect to the SG300) + Apple Airport Extreme (to extended my wireless network) + Mac Pro/iMac'sI need the SG300 because the Apple TC doesn't have enough network ports to cennect all my other devices.
Cannot get the SG200-8 to mirror any traffic other than ping (icmp).
Factory default settings, with port 7 src to port 1 dst on session 1.
Pings mirror just fine. But other traffic. such as web and ssh, is not being mirrored.
FW version 1.0.2.0
I looking to buy SGE 2010 swith, but I have some question:
1. Can I use 4 SFP ports and stack of two switches at the same time.
2. Is it possible to use for stacking ports other than 24, 48?
3. What is maximum possible number of ports to use for stacking (can I get more than 1Gb thruput).
my internet works normally during daytime but starts to disconnect and reconnect every few minutes at around 11pm. I've tried restarting my modem but to no avail. My home telephone line is not working when my internet starts disconnecting and it starts working during daytime. My modem is connected to the telephone.
View 4 Replies View RelatedI have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.
View 2 Replies View RelatedOn my SG300 I set up LAG for the last two ports.
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
I was thinking maybe doing firmware upgrades to both switches?
I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?
View 2 Replies View RelatedIn the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?
View 6 Replies View RelatedWe purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems. It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue. I already have a Cisco SGE2010 on my network without problems.
View 7 Replies View RelatedI have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?
View 1 Replies View Related