Cisco Switches :: SG300-28P - How To Enable NetBIOS Packet Forwarding Between Subnet
Oct 11, 2011
I recently purchased an SG300-28P. I have 2 VLANS/subnets that are successfully routing between them.Machines on both sides can ping each other just fine, but none of the usual Windows/NetBIOS browsing is possible. I've recently learned that NetBIOS is not usually forwarded between subnets. How would I enable NetBIOS packet forwarding between my subnets?
Reading the manual, it seems like enabling UDP Relay might be the answer but I've been unable to get it to work (same with DHCP relay).
View 8 Replies
ADVERTISEMENT
Feb 6, 2013
I'm trying to configure a SG300 to be reachable beyond its own subnet. Its IP address is configured by DHCP to 192.168.2.2/255.255.255.0. It is possible to ping the switch from the same subnet but not from outside. The switch is set to layer 2 mode. All routing should be done by the gateway.
Here's what I have checked so far: The default gateway and netmask are set correctlyThe gateway can ping the switchHosts in the 192.168.2.0/24 subnet have connectivity to other networks through the gateway (i.e. gateway configured correctly)Administrative interface > IPv4 interface shows the correct ip address, netmask, and gateway (greyed out because it is assigned by DHCP)the switch can ping other hosts within the same network
Is there some kind of firewall setting that prohibits the switch to respond to ip packets from outside the subnet?
View 5 Replies
View Related
Mar 6, 2012
I'm trying to setup an ACL on my SG300-20 to enable FTP and a few other protocols to a server, but I'm running data that returns on different ports (ie active FTP).
Below is a sample:
-------------------------------------------
Extended IP access list Protocol_Restriction
permit tcp any ftp any any
-------------------------------------------
Now that works great to allow a connection, but with active ftp when the data tries to come back on a different port (I assume) it is just hung up as all other ports are denied.
I event tried allowing all ports to come back from the server:
-------------------------------------------
Extended IP access list Protocol_Restriction
permit tcp any ftp any any
permit ip any host 192.168.0.100
-------------------------------------------
But that also didn't work seem to work.
I've played around with this in layer2 and layer3 to no avail. I've also seen many tips on applying in and out to the various interfaces, but that doesn't seem to work. Is that something that is only available on higher end switchers/firewalls?
View 1 Replies
View Related
Jan 7, 2013
I have a problem with my SG200-08 Switch the switch not forwarding a special Packet. I try to run a simple Profinet installation for testing on the switch but it didn't work correct. A special packet (Profinet error message) was not forwarded.
I have tried it with different Profinet masters with Siemens Profinet master it works without of problems. With Rexroth master it dosn´t work. But it is the same packet only another Mac Address.
I have added two Wireshark logs, where I have mirrored the slave and the master port. With the Siemens master all packets are forwarding (every packet is double longed) with the Rexroth master the alarm packet was not forwarding (the alarmpacket is lost between the ports).
With a not managed Switch it is no problem too run both Installations correct. I have tried the Factory default Settings of the switch and too deactivate all services of the switch (like Spanning Tree, ..) but it was all the same, the Packet was not forwarded.
View 8 Replies
View Related
Sep 17, 2011
I have a Cisco SG300-20. I have read the documentation and cannot seem to locate the instructions for port forwarding. I need to forward TCP port 8088 to IP address 192.168.14.110 on the switch.
View 5 Replies
View Related
Feb 6, 2013
We have problems with 3 switches in our network.
Users continues receive adresse via DHCP, but no traffic was forwarded. After reboot switch works fine about one week and problem arrives.
I telnet to one problem switch and try to found reason by reaply acl and source guard and saw some strange message:
nov-20(config)#int r gi1-48
nov-20(config-if-range)#no service-acl input
nov-20(config-if-range)#service-acl input 2
Exceeded the maximum ACE allowed in the system. -repeated 48 times
Configuration and log int attachment (show tech-support)
port 52 - uplink, 1-47 - users, 49-51 - downlink switches (SPS224g4) with aprox 200 pc connected. 48-ups
View 11 Replies
View Related
Aug 29, 2011
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
View 1 Replies
View Related
May 26, 2011
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
View 2 Replies
View Related
Feb 8, 2012
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies
View Related
Jul 25, 2012
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies
View Related
May 23, 2013
I was called into look at a customers's site that was upgraded by another vendor. They were complaining about packet loss and performance issues. I discovered they had changed from static routing and turned on EIGRP (100) and the EIGRP neighbors are not on a common subnet, they used secondary IP addressing to connect two 4506 switches to the core router. Correct me if I'm wrong, but won't this cause the neighbors to bounce and cause the degraded network performance? Don't we need to have a single common subnet for this to work? Either that or they have bridged the VLANs somehow? There is also a cable connecting the 4506 switches besides the uplink to the core router.
4506#1
May 17 21:28:55.443: EIGRP-IPv4(100): Neighbor 192.168.120.1 not on common subnet for Vlan1
May 17 21:29:05.848: EIGRP-IPv4(100): Neighbor 10.102.10.10 not on common subnet for Vlan20
May 17 21:29:17.327: EIGRP-IPv4(100): Neighbor 206.78.xxx.xx not on common subnet for Vlan20
May 17 21:29:48.291: EIGRP-IPv4(100): Neighbor 206.78.xxx.x not on common subnet for Vlan30
[code]....
View 10 Replies
View Related
Feb 27, 2013
I've done this in the past for specific host entries with no problem, but I can't figure out how to do this for an entire subnet. I need something along the lines of the following:
access-list OKC2DAL extended permit ip 192.168.1.0 255.255.255.0 192.168.107.0 255.255.255.0
static (inside,outside) 192.168.99.0 access-list OKC2DAL netmask 255.255.255.0
I see netmask as an option, but the ASA states "invalid option netmask." The ASA is running 8.2(2). OKC-PIX(config)# static (inside,outside) 192.168.99.0 access-l OKC2DAL ?
configure mode commands/options:
<0-65535> The maximum number of simultaneous tcp connections the local IP
hosts are to allow, default is 0 which means unlimited
connections. Idle connections are closed after the time
specified by the timeout conn command
[code].....
View 2 Replies
View Related
Feb 20, 2012
I’ve configured a small WLAN for a school that wants to have wireless network access for their staff as well as for guests doing presentations. They want the staff to have access to everything on the 192.168.1.0 /24 network as well as the Internet. They want the guests to only have access to the Internet. I have attached a picture which shows how the network has been configured with 4 Cisco AP1242G AP’s attached to a Cisco SF302-08MP PoE switch and then to a Symantec Security Gateway to the Internet.
I can authenticate wirelessly to the STAFF SSID and ping anything on the 192.168.1.0 /24 network and access the Internet.I can authenticate wirelessly to the GUEST SSID and ping anything on the 172.16.1.0 /24 network, but not anything on the 192.168.1.0 /24 network (which is what we want). However, when on the GUEST network you can’t access the Internet. I added a default route to the Cisco 302-08MP switch to 192.168.1.1 (Symantec firewall) thinking that would forward the traffic from 172.16.1.0 /24 to the Symantec firewall out to the Internet, but that isn’t working.How would I go about getting the traffic from 172.16.1.0 /24 to hit the Symantec firewall and the Internet, without hitting anything else on 192.168.1.0 /24? Do I need to put the Symantec firewall in a different subnet like 192.168.2.0 /24? Am I missing anything else?I’ve worked with Extreme Networks & HP / 3Com CLI in the past, but never with Cisco and never with web based management
View 1 Replies
View Related
May 3, 2012
I’m having issues with enabling Apple’s AirPlay services on a relatively simple network consisting of a Cisco 881 (Advanced IP Services) and an autonomous Cisco 1142 AP. I’ve attached a diagram explaining the connectivity. I believe I have to enable IP Multicast at the router, but I’m not really sure the best/right way to do it. Also I’m not sure what/if any commands would be needed at the AP.All of the wireless clients are confirmed to be in the same subnet, so no real routing is happening etc. Also regular Internet connectivity/routing from the wireless clients is fine.
View 5 Replies
View Related
Mar 3, 2013
I have one server which run some application for wireless user. this server forward multicast packet to wireless user. server and wlc physically connect to cisco 3750 switch.i want the server forward the multicast packet to wireless users.server access vlan 4.wlc controller have 2 vlan: 90 and 110.and wireless user some of vlan 90 and some of vlan 110.i enable igmp snooping on wireless controller. and enable globally command but it is not working.which additional configuration i need on cisco switch.
Switch(config)# ip igmp snooping
View 16 Replies
View Related
Nov 21, 2011
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
Dec 18, 2011
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Aug 20, 2012
I'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
View 3 Replies
View Related
Jan 19, 2012
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies
View Related
Apr 22, 2012
I have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?
View 2 Replies
View Related
Aug 21, 2011
how do i enable port forwarding on the CLI for ASA 5510. outside subnet is 192.168.1.0/27. when i try to ping another IP with that range i can't access.
View 37 Replies
View Related
May 8, 2011
what is subnet mask of 10.2.1.3/22
View 1 Replies
View Related
May 9, 2011
I have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.
View 2 Replies
View Related
Jul 19, 2012
On my SG300 I set up LAG for the last two ports.
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
I was thinking maybe doing firmware upgrades to both switches?
View 3 Replies
View Related
Jan 29, 2012
I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?
View 2 Replies
View Related
Jun 20, 2012
In the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?
View 6 Replies
View Related
Jan 27, 2013
We purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems. It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue. I already have a Cisco SGE2010 on my network without problems.
View 7 Replies
View Related
Mar 15, 2011
I have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?
View 1 Replies
View Related
Mar 25, 2012
I want to set up a vlan only for the wifi APs and wifi clients on my network. They can't access to any server, only internet acces. I already implement this configuration and its working, but now I want to allowed a couple of laptops to connect to servers in other vlan. what should I do? Should I do it using Mac address of laptops or IP?
View 9 Replies
View Related
Mar 1, 2013
Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround. My firewall blocks those SYN packets with a SNORT rule.
View 1 Replies
View Related
Jan 16, 2011
how to subnet a class B IP address?I have a homework, I don't know how to subnet a class B.
View 2 Replies
View Related
