Cisco Switches :: SG300 Port Counters Via SNMP / Do They Work
May 24, 2013
I've got an SG300-10 connected back to back (trunked) with a Cisco 3560X switch, across a fibre link and am seeing some big inconsistencies in terms of unicast data transferred across the ports between them.
During a night time window of 4am - 6am I run backups which involves a large copy of files, that almost saturates a GigE link - we can see from the 3560X end that the link is running at a bit over 800MBit/sec of throughput, sustained. The duration of this transfer is consistent with the size of the files being transferred (ie just over an hour, and is what I'd expect for a data transfer of about that amount). Back-of-the-envelope calculations indicate that the 3560X is measuring this data throughput correctly.
However on the SG300 end of the link, which is also being polled by the same application (Cacti), I'm observing spikey counts of only around 20MBit/sec during that window. These counters are very obviously incorrect - there's a huge amount more data moving across the port than that. The incorrect calculations are showing on both the trunk port out of the SG300 (uplink) as well as the interface where the NAS is connected in (which is an access port).
Cacti is polling the OID: .1.3.6.1.2.1.2.2.1.16.57 which translates to IF-MIB::ifOutOctets.57 = Counter32.I'm running version 1.3.0.62 but this problem is not new to this release - previous releases and 1.2 based releases also had this problem.
It looks like multicast traffic may be being counted correctly (that's only a suspicion though), however what I am certain of is that there is a very large discrepancy with the unicast traffic counts.Is this OID the correct one to be using for this switch?
Any snmpset commands to modify port vlan membership on SG300-28 switches? I checked [URL] however this information is apparently only valid for catalysts.
The latest firmware is installed and the provided MIB files are used.
which models of HP ProCurve or Dell PowerConnect support 64-bit IF-MIB counters, or for that matter any other manufacturer (Zyxel?) (snmpv2 or v3, OID .1.3.6.1.2.1.31.1.1.1.6)I believe pretty much any Cisco Catalyst above a 2950 do, however don't believe any of the SG series do. I realize I could pick up a 2960G for $1500-2k and be good to go, but I forsee a larger switch purchase in the future, but still could use a switch in the meantime that was able to allow accurate monitoring of closet uplink bandwidth?
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
how to configure SNMP on the Cisco SG300 switches? I have the SG300-10P. I am not fully familiar with the new command line interface on this device, it was easy on the IOS but finding it a nightmare on this one.
I put the following command in but it didnt work.
snmp-server view Interfaces interfaces included snmp-server community ACB123 ro 10.x.x.x view default
I tried to follow the guidelines on the cisco website but thats all Web interface based, i can only access the switch remotely via CLI.
I was positively surprised to find the optical transmit/receive values using the show fiber-ports optical-transceiver detailed command on a SG300-10.
Now I'm wondering if there is also a SNMP-MIB to query these values? I've already tried the CISCO-ENTITY-SENSOR-MIB used by the larger devices running Cisco IOS, but this didn't work.
I am attempting to monitor bandwidth utilization of the WAN port for the RV180 via SNMP and I am getting strange results. If a 256MB file is transferred from a remote server (without compression), the ifInOctets counter doesn't increment by anything resembling 256MB:
I'm reasonably certain that the .5 interface is the WAN port based on the value of ipAdEntIfIndex.X.X.X.X, but even if that were not the case, none of the other interfaces increment by a value close to the amount of data transfered. SNMP monitoring of a WAP121 on the same subnet returns expected results. I can only assume that SNMP on the RV180 is completely broken.
The router has the latest firmware available (1.0.1.9). There is only one network connection and the RV180 is the default gateway for all internal hosts.
Ive got a 494810ge switch, and this parameters are important for me:
sh int gi 1/4 counters detail Port InBytes InUcastPkts InMcastPkts InBcastPkts Gi1/4 252819467437788 173264735013 10827 760 Port OutBytes OutUcastPkts OutMcastPkts OutBcastPkts Gi1/4 36657317030233 280590958051 5248439 5443194 Port InPkts 64 OutPkts 64 InPkts 65-127 OutPkts 65-127 Gi1/4 558420918 205564441592 2627477631 60865368994
[code]....
Some parameters i can get by snmp (InBytes,InUcastPkts,InMcastPkts, and so on from out), but how can i take other parameters? I would like to do it by snmp but i did not find proper oids. Now I making a sheme like this: eem every 90 seconds takes this info and writes it down to file into nvram and then send it by scp to server, where file is processed by monitoring system script. It is not very good, cause cisco system cpu sometimes spikes of this and i dont know a resourse of nvram, how much times can i write to it?
I received an SG300-MP as an RMA replacement for a Linksys SRW2008MP and I can't seem to get the SNTP to work.Previously on other devices I have only had to set the SNTP server name or IP address and that was it. So some of the options of the SG300 are foreign to me.So I first set
Administration > Time Settings > System Time > Main Clock Source (SNTP Servers) [X]
Then I set several SNTP server IP addresses
Administration > Time Settings > SNTP Unicast SNTP Client Unicast [X] Enable > Add Other / 64.147.116.229 (nist1-la.ustiming.org) Other / 24.56.178.140 (wwv.nist.gov) Other / 128.138.141.172 (utcnist2.colorado.edu) Other / 129.6.15.29 (time-b.nist.gov)
Some servers I set "Poll Interval" and some I didn't because I wasn't sure what this does.The status for all servers indicate "Down" with 31.12.1899 0.0.0 for the "Last Response"/I found those IP addresses via [URL] Also the setting
Administration > Time Settings > System Time SNTP Multicast / Anycast
I have disabled, and I don't know what this does either...
Using a sg300-52 switch I created two VLANs that share a port for access to the internet. All original devices added to the VLANs are functioning correctly so I have to beleive the VLANs are set up correctly. I added a new desktop and an old laptop to the VLAN and neither worked. I was able to get the desktop to work by enabling VLAN tagging in the network adapter. The laptop is 5 years old and it does not have any such setting in network adapter. There are 2 other devices that share the same port with the laptop and they both function properly. My conclusion is that the laptop does not support VLAN tagging. Is there someway to configure the switch to account for this?
i am trying to get a SG300 work as a router between VLAN's?So fare without any lock?Test setup one SG300 switch and 2 PC's ?Ping works from host to VLAN IP's, but not from host A to host B
SG300 with FW 1.1.2.0 configuration i L3 mode set system mode router confip routing (needed on SG300??? - ti is on a 3560 i PacketTracer) vlan databasevlan 5vlan 6vlan 7
Any chance of one or preferably both of these before I flash the router to a more competent firmware?Rather ridiculous that there's no interface counters and no SNMP server. I prefer keeping stock firmware where possible but I need this functionality, it really isn't a big ask.That said I have an E4200 v1, which already looks like abandonware given it's been 6 months since the last firmware update - not amused and no intention of swapping a high performance router for one that sacrifices performance for better NAS functionality.
I have an SG300-20 here for testing (firmware: 1.1.2.0, boot version: 1.0.0.4, language version: 1.1.1.6 English). Everything seems to work on it, except, that if I choose Radius authentication by mac address only, then the switch does not honor the Idle-Timeout and Session-Timeout attributes from the Radius server (freeradius).
The setup is the following: I have a no name access point plugged in to switch port gi1. The port gi1 is set up for Radius authentication by mac address only. The access point itself is authenticated, no problem with that. If I connect through the access point by (say) a mobile phone, it is authenticated, no problem. The radius server does send the Idle-Timeout and Session-Timeout attributes, I checked it by running "freeradius -X", both are set to 30 seconds. Then I turn off the wireless card in my mobile phone and check the dot1x users by "show dot1x users". My mobile phone's mac address remains there for 5-10 minutes, so the Idle-Timeout and Session-Timeout does not work.
Another way I could resolv this problem is by explicitely asking the switch to reauthenticate the user. Unfortunately there is no CLI command to do just that, I can do however a reauthentication on a port using "dot1x re-authenticate gi1" (for example). But it does not work as it is expected: the switch uses the stored mac-address to reauthenticate the user, so nothing changes on the port (unless something changes in the radius server). I think it should work like the following: remove the authenticated user from the port, and whenever that mac address makes some network traffic, then reauthenticate as if it were a completely new connection. BTW: it would work for me also if I could just remove an authenticated user from a port, but I did not find a command to do that.
As a last resort I can simply shutdown the port, bring it up again ("shutdown" and "no shutdown" in the interface config), then all users are removed from the port and they all mush reauthenticate. But it causes a network outage for a couple of seconds for all users on that port, on a busy access point it is quite disturbing, and it is not an elegant way to do this.
So my actual question is: is there a way to remove an authenticated user either automatically (Idle-Timeout and Session-Timeout) or manually from this switch?
I enclose the relevant part of the running config.
I have a question about SNMP OIDs for the command "show counters interface intx/y delta" on Catalyst6500. The customer wants to create graphs for the following values:Overruns, qos0Outlost, InErrors, OutErrors, InDiscards, OutDiscards etc..Is possible to get these values using SNMP?
I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.
I'm troubleshooting a LAN issue I have, and I wanted to hook up wireshark to record traffic over the course of a couple of hours for later diagnostics. I went into the web administration interface, clicked Administration > Diagnostics > Port and VLAN Mirroring, and added a port mirror from the port I wanted to watch to a port to which I had connected a laptop. I picked the Tx and Rx options, and clicked Apply.I did receive lots of traffic in wireshark, but I noticed immediately that the server on the port I had mirrored was suddenly unavailable on the network -- pings timed out. This lasted until I removed the mirror, then the server was suddenly reachable once again.Does this feature not work the way I had thought it does? What I saw looked more like a forward than what I would call a mirror. The documentation leads me to believe mirroring is intended to be used in just the way I was attempting to use it.
I'm administrator of small network. I wish to replace my old switches by new SG300-10 and SG300-16 managed switches. I have big trouble in my network because everyone can assign IP his neighbour (or any IP) to his network card. I have policy that IP is 172.16.1.X with x is home number. Could I do that IP based ACL assigned to port where is cable from home example 29, permit only IP 172.16.1.29 (mas 255.255.254.0) (from specified port only permit packets with specified source IP (LAN user IP) other (if user set not his IP) is denied) ?
I want know that before buying equipment. How to configure that ?
I think IPv4 Based ACE, action: permit, source IP: 172.16.1.x (nr of home), widcard 0.0.0.0, destination: any, protocol: any, source port: any ?
and in ACL Binding, I have to bound this ACL to port where user whose IP is in ALC is connected?
I have a Cisco SG300-20. I have read the documentation and cannot seem to locate the instructions for port forwarding. I need to forward TCP port 8088 to IP address 192.168.14.110 on the switch.
The switch has been set to Level 3 Routing. Port 27 has been in use as a Fiber Transceiver with no problems for several weeks. This week I tried connecting a second Fiber Transceiver to Port 28, and it would not work.
Swapped the physical GBIC modules in the ports, and the situation remained exactly the same: Port 27 works, Port 28 would not work.
Connected to the copper-part of the combo Port 28, it immediately connected and worked fine.
Connected an external Fiber Transceiver Box in place of the GBIC in Port 28, and it immediately connected and worked fine.
Swapped the new Fiber jumper (Port 28) with the existing Fiber jumper (Port 27), and the new connection came up immediately and worked fine. The existing connection would not work when connected to Port 28.
By "not working", I am not able to ping across the connection. The link light comes on and blinks. The transmit/receive statistics show as if data is processing on this switch, but on the other side of the Port 28 connection, the switch shows Transmit traffic, but no Recieve traffic.
I plug the network cable and set an IP to GUI to the default IP (192.168.1.254)the problem is the port doesn't show light when connect to notebook. How am i supposed to enter GUI.
why the port is like in shutdown state and not enable? do i need to do anything via console??
I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route 0.0.0.0 0.0.0.0 192.168.0.7).
I have configured a Microsoft Server 2008 R2 with Radius Server and connect it with a Cisco SG300 Switch.
If a new device connect to the switch it goes automatically to the guestnet. If a device with the correct certificate and a valid useraccount connect to the switch, the deivce goes in to the local company network.
Now my problem: If I connect a device which is in the domain and which have installed the correct certificate and want to login with a new domain user (which is not cached in windows) I can not login.
The following message appears: "There are Currently no Logon Servers Available"
I think the problem is that the authentication process only starts after a user have succsess logged in in windows.
Now I search for a solution which allows me to conntact the Logon Server for Domain Login before the User has logged in.
Is there a way to ask the above switch how much power it's supplying to various ports?I've found some stuff in POWER-ETHERNET-MIB, but it's only the main power supply and the up/down status of the various ports.
It looks like what I want is
[URL]
but my SG500 tells me:
snmpwalk -v2c -cpublic serverswitch 1.3.6.1.4.1.9.9.402 CISCO-SMI::ciscoMgmt.402 = No Such Object available on this agent at this OID
I have my network with severals SG300 switches.I have one of them like my core switch working in layer 3 mode. With 2 vlans and vlan interfaces to each vlan.Everything is working ok.But now i have to connect one 3com unmanage switch that have host from vlan 1 and 2. How should i connect this switch to my Cisco sg300 switch?
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version switchd64684#show version SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 ) Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 ) HW version V01
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
I've just purchased 2 switches SG100-24 and use fiber cable to connect these switch together. I plugged cable in module MGBSX1 and then put it into miniGBIC uplink port but despite trying many times, also rebooted devices, I still not make these uplink ports up. how can I bring them up?
