I'm facing a peculiar problem while accessing the switch (regardless of the mode - L2 / L3) once I connect a WiFi router provided by the ISP (Local make). The Switch stops responding on the web based console as well as ping. The network remains up but hosts' stop responding to ping packets to each other too. Only way I get control of the switch again is by rebooting it.
Switch is operating at its default IP: 192.168.1.254 and the plugged in router has a hard coded IP of - 192.168.1.1. I've taken a cable from the router (from its Ethernet port) and I've plugged it in to the router.
Just for the sake of it I've plugged the router cable in the link ports too but the switch stop's responding.
I have a very strange problem on 2 (independent) Cisco 861 routers in different places.They are both configured as easyVPN servers. One uses UDP, the other TCP. VPN clients connect by using Cisco VPN client software. This cannot be changed because the customer expects it this way. Both routers have the same problem:
* the first VPN connection after a reset works fine. Traffic passes through and it is perfectly usable. I can ping the internal network interface on the router side from the client without problems.
* the second connection (and all subsequent ones from different client machines etc.) connects fine, no errors on the client whatsoever (not sure I evaluated all possible debug output on the "server" side). However, no traffic passes through. Pings do not come back from the 861 anymore through the VPN tunnel.I already enabled ICMP debugging and saw that pings are actually answered by the 861, but do not reach the client.The same seems to happen to any and all other packets as well.
* If I restart the 861 the very same thing happens: first VPN connection works fine. You disconnect, try another connection from the very same client computer, and it does not work anymore until the next router reset.I append the configuration for sake of completeness. confidential parts are represented by XXX. Some ACLs are not in use right now; I used them for testing. [code]
Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.
I recently purchased an SG300-28P. I have 2 VLANS/subnets that are successfully routing between them.Machines on both sides can ping each other just fine, but none of the usual Windows/NetBIOS browsing is possible. I've recently learned that NetBIOS is not usually forwarded between subnets. How would I enable NetBIOS packet forwarding between my subnets?
Reading the manual, it seems like enabling UDP Relay might be the answer but I've been unable to get it to work (same with DHCP relay).
I have a SG300-10 in layer 3 mode attached to a Fortinet firewall (FG). The Fortinet syslog is reporting repeated traffic violations with the following info:
src: << IP of the interface that the SG is attached to >> dst: << IP of system connected to another interface within the same VLAN on the FG >> src port: 0 dst port: 1281 service: 5/1/icmp
The traffic is dropped as it is not authorized traffic but I'm wondering what this is....Googling the dst port came up with "healthd" but not sure how that plays into this connection - does the SG use healthd? I have not found any system behind the SG that can be pinned as the source and the ACL/ACEs on the SG are very strict (only allows tcp port 443 from systems behind the SG)
i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
We have a problem with NLB on a SG500-28P which is a major issue for us.
I am investigating a problem together with Microsoft Support about a download/upload performance issue with a Microsoft Forefront TMG array which is connected to a single SG300-28P. Àpparently this issue exist on every NLB array we implement. I am now at the point we asume the SG500-28P does not handle NLB in unicast mode very well.
We have a network topology as shown below:Please note the actual public IP Addresses are hidden and the internal IP Addresses are diffrent, for security reasons.
Our SG500-28P is configure in L3 mode. It hosts three subnets you see above. The two TMG servers are configured with NLB (in unicast mode) on the Internal Network and External Network interface. It is connected to the internet and our internal network. These TMG Servers are in fact Edge Servers. Our other servers and client are in a different VLAN. The default gateway flows through this NLB Cluster [10.250.0.254].
Problem: When a client uses its default to connect to the internet the performance is very and very slow. With an internet connection of 10/10 we get 10/2. With an internet connection 100/100 we only get 7/1!.
Now we have tried everyting we can imagine. I can't write down all, because that would be a lot. One thing is worth notice; When we move the client to the same VLAN as the NLB Cluster and the client uses 10.250.0.1 as its default gateway, the problem still exists. But... when the client uses 10.250.0.254 as its default gateway the performance is outstanding 95/95! Apparently if traffic for the NLB Cluster is routed through the SG300-28P the performance drops like a rock.
I have never seen this before with SG300 series switches, although this environment is different. Normally I would configure NLB in multicast mode. But the switch does not allow to add static ARP entries for multicast MAC Addresses.I know NLB in unicast mode introduces switch flooding and such. But why does the SG500 not handle this right? Is there anything I can do about it?
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version switchd64684#show version SW version 188.8.131.52 ( date 19-Jun-2011 time 18:10:49 ) Boot version 184.108.40.206 ( date 08-Apr-2010 time 16:37:57 ) HW version V01
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
I am using a RV110W with the latest firmware 220.127.116.11 I have some port forwarding configured, which normally work. But sometimes, all port forwarding stop working. Everything else continues working normally, just all port forwarding don't work any more. I tried disabling the port forwarding and enabling them again, this doesn't work. Also disabling the firewall completely does not work. You have to reboot the router, then everything works fine again. When I make a portscan from outside with a "fresh" started router, the forwarded ports are open. When the error occurs and I make a portscan from outside, all ports that should be open (and have been open before) are closed.
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows: HTTP[TCP/80~80]->10.0.0.6HTTPS[TCP/443~443]->10.0.0.6IMAP[TCP/143~143]->10.0.0.5IMAP SSL[TCP/993~993]->10.0.0.5SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out. Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v18.104.22.168. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v22.214.171.124 or FW v126.96.36.199. They have Similar speed issues. All Configured for Layer 3.
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
Having a problem with port forwarding on their WRT400N? I'm forwarding one service (https) and this stops working if it's not accessed after a 10 days or so. The only way to get it to work again is to reboot the router. I’m running the “latest" firmware, which is an oxymoron considering it's been over 12 MONTHS since Linksys updated the code... Which is appalling considering this appears to be their flagship wireless N router.
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
The Port 80 port fowarding stops functioning after a few hours and requires the router to be rebooted to start forwarding again. The firmeware is the latest 1.0.04 Build 7. I require it to operate reliably for many days without intervention. I assume that it is a port forwarding problem because I can access the IP on my network from within my network even when I can't access it from outside my network. I am using the correct IP addresses as it sometimes works OK. A characteristic is that when I can't access the page it loads as completely blank white with no error message.
We have a managed service provider voip network that requires us to use our own router for the data network. We wanted to use the RV042 for it's easy vpn setup. After installing it worked great for about 10 min. then the WAN port stopped passing traffic. 3 min. later it started working again. We tested the RV042 on a different network and it works fine. We tested an older Pix on the managed network and that works fine. But the RV042 will not work on the managed service provider voip network. The service provider says that on their end it shows our WAN port going up and down.
Cisco ASA 5510. Between 5 to 10 minutes of reseting the asa traffic stop accessing outside ip addresses. Ping from console fails to ISP router IP. Ping to google name server failes. I have reset to factory default only setting up nic and natting and it still happens.
I have configured multicast (ip pim dense-mode) on two 2911 routers that are connected by a Multilink (3Mbps) Wan connection.The configuration work fine for awhile and sometimes all day but at some point one of the Multilink interfaces stop passing multicast traffic.I perform a sh multilink 1 on the interfaces and one interfaces show the multicast packets incrementing and the other does not, it just stops.The only fix for this is to hard reboot both routers and the multicast traffic begins to flow once again.
I have created an L2L tunnel between my self and a 3rd party. I am using a Cisco ASA 5520 and the other end is using a Cisco 3005 VPN concentrator. The tunnel will get established and pass traffic both ways for a little while, it varies, sometimes 1 hour or last time we built it it was working for 17 hours, but at some point my ASA will stop transmitting but it will still be receiving packets. These errors start to show up when I look at the traffic going through my ASA interfaces:
713042 IKE Initiator unable to find policy: Intf Outside, Src: 192.168.xx.16, Dst: 10.1.xx.30
Then when I try to ping their hosts .30 and .27 I get:
713041 Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.30, Crypto map (Outside_map) 713041 Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.27, Crypto map (Outside_map) 713050 Group = 68.23.xx.xx, IP = 68.23.xx.xx, Connection terminated for peer 68.23.xx.xx. Reason: Peer Terminate Remote Proxy 10.1.xx.27, Local Proxy 192.168.xx.16
When I first configured this tunnel it was with 3DES and SHA for phase 1 & 2, but when the tunnel would come up my phase 1 would negotiate to an MD5 hash, even though I specifically entered SHA, so me and the 3rd party decided to bring all the hashes for phase 1 & 2 down to MD5, and that was when it was up for the longest, but the problem still came back eventually. My ASA config posted below:
ASA Version 8.2(3) name 192.168.xx.16 Server description Server name 10.1.xx.27 XYZ_01 name 10.1.xx.28 XYZ_02 name 10.1.xx.29 XYZ_03
I have configured multicast(ip pim dense-mode) on two 2911 that are connected by a Multilink( 3 Mbps) Wan connection.The configuration works fine for awhile and sometimes all day but at some point one of the Multilink interfaces stops passing multicast traffic.I perform a SH Multilink 1 on the interfaces and one show multicast packets incrementing and one does not, it just stops.The problem acts like there is a buffer that gets full and after that happens it just stops working.
Every so ofter, the switch of the router just stops moving traffic between the LAN and to/from internet, though the WiFi keeps working and can still use internet.
I can still use the router's switch, and ping other computers on the local LAN, what happens is that the router stop routing wired traffic from/to internet, the rest of the issue is still the same, I opened reddit on my smartphone and there it was working via WiFi, but the would have none of it for the computers on wired LAN, not even accessing the router's page or telnet.
It is like some service or bridge between the switch LAN and the router itself dies... I'm still clueless.
The only "pattern" that I see is that my desktop is on line, because I can be not at home for 12+ HS and I can connect remotely to the server (rd p and trans droid) so I know it has internet access, but sometimes I think this happens when I turn on my desktop, like just now, this morning, but again, I feel is not every morning, trying to be more scientific about it I come here after every time it happens to record it, and also set the record straight about the issue description.
So, assuming it is not a hardware issue, because I did not had this problem in all 2011 and 2012, I do not overclock the router neither use other than default TX power level.
- How do I begin diagnosing this issue? - If it is a known issue with this builds? I could no find it.
My goal is to be able to provide info for debugging the problem and possible finding a fix/workaround it. If it is indeed hardware failing, how do I even begin to diagnose it from that POV? The message is empty...
Even with the new build r21061 still happened two more times. Now the real problem to me, is that I cant even revert it to stock firmware, I tried even with:
- unplug router - press and hold reset - plug router - keep pressing until power led blinks orange - enter 192.168.0.1 (PC must have static IPA, i use 192.168.0.200)
Can't open 192.168.0.1 in FF nor chrome and does not even ping. [URL]. I just want to get it back to stock or do not hang up the switch-to-router(ing).
I run a AirPort Extreme router. I have my F9K1106 range extender set up and working. works awesome. I get home from work the next day and the range extender seems to fall asleep , it won't pass any traffic. I power cycle it and its back up and running. this happens everyday no fail for a week now.
I am trying to determine why Comcast Business Class modem configured with a static IP (IPV4) works with a laptop or Linksys Cable modem but not with a Cisco ASA 5505. After a few minutes, the 5505 stop passing web traffic. I am able to ping the default gateway even though I can not surf the web. Restarting the 5505 and the Comcast modem, web traffic flows for a short period of time, then stops. I can connect inside the firewall via ASDM 7.1.1 and via SSH. I can not connect via either from the outside. Comcast tech support indicated their router is working and is configured in bridge mode. I swapped out the 5505's memory, and then with another 5505. Nothing seems to resolve the issue. I am trying to determine if the 5505 or the Comcast router is not configured correctly.
Here are the parameters: The 5505 was reset to default factory settings via the command: config factory-default. Configured the outside interface with static IP Address followed by the no shutdown command, then removed DHCP features from outside interface. Added Comcast DNS servers, default route, ntp servers, configured DHCP features on the inside interface. Enabled HTTP/SSH (inside & outside interfaces) and ICMP echo-reply (outside only).
I believe the Comcast modem is not configured correctly. The show version and show startup output are below.
ciscoasa# show version Cisco Adaptive Security Appliance Software Version 9.1(1) Device Manager Version 7.1(2)
We have an SG300 managed switch located in a small business of less than 10 PCs. There has been an ongoing issue with Internet speed. Is there any way that I can monitor the router for traffic so that I can see what might be causing the problem? I would like to focus on the WAN port and Internet activity particularly.