Cisco Switches :: SG500 Possibility To Bind ACL To A Virtual Interface
Mar 24, 2013
I have a switch from SG 500 Series the works as Layer 3 Routing Switch with the Firmeware 1.2.7.76. I have create some diferent VLAN´s and have defined one ACL for each VLAN. Now i try to do a binding from the ACl to a VLAN but i have only the option to bind the ACL to a phys. Interface or a LAG.is the a possibility to bind the ACL to a virtual interface like in other Cisco serieses and how it works ? the Backround is i have connectetd 2 Hyper-V Server where the Guests are in different VLAN´s and the server is connectetd with a 10Gb Trunk to the Switch now the switch routed the different VLAN´s and i must have some restrictions between the VLAN´s.
View 2 Replies
ADVERTISEMENT
Aug 30, 2011
I am working on two SGE 2010 stacked and in routing mode. Everything work fine but before finishing the job, I wanted to lockdown all the network device so they would not be accessible from some subnets. Problem is, I cannot bind my ACLs to any interface. I get "Cannot apply because lack of HW resources." I am running firmware 3.0.0.18, and 3.0.1 release notes don't address that issue. TCAM utilization is at 3% Routing resources shows host: 200, routes:60, ip interfaces: 50 I have tried from the cli and get the same message.
View 3 Replies
View Related
Nov 15, 2012
When I try to apply an ACL to a port on my SGE2010P, I get the following error:Can't bind acl/policy-map to an interface when the security suite is enabled in a per-port mode.I don't see an option where I can set the security suite mode.
View 10 Replies
View Related
Feb 3, 2013
I have a brand new SG500-28P sitting on my desk.
The swtich is configured and going to operate in L3 mode. All ports are still assigned to the default VLAN ID 1. I have created several new VLAN's. Once I configure and aplly an IP Interface to a certain VLAN the swtich becomes inaccessable right away. I am pretty sure I am not pulling my own VLAN under my connection. Every port is inaccessable. I have to pull the power plug and restart the swtich with its saved configuration. Even when I add another IP interface to the default VLAN 1, same issue. I have tried lot's of things, but can't get it to work properly. I have just upgraded to the latest firmware.
I have configured dozens of SG300 swtiches which is very easy. This one does not work with me.
View 2 Replies
View Related
Dec 16, 2012
We have 3 SG500-52 switches that are stacked and configured for layer 3 that replaced a couple of SG2010 switches a month ago. Switch units 1 and 2 are for servers and unit 3 for the workstations. The switches are connected with stacking SFP+ copper cables, 1 1M and 2 7M cables. The problems are occurring between the workstations and servers resulting in slow traffic on some links and connection failures. A repeatable failure occurs doing a backup from a PC on unit 3 to a server on unit 1 and 2 (2 port LAG). Moving the workstation to a port on unit 1 results in successful backups every time.
Initially I was able to confirm packet loss between my PC (on unit 3) and the servers using ping (ping -f -c 100000 -s 1460) of about .1%. The iperf program in udp mode also showed some packet loss and in tcp mode showed slow connections. A week ago I then upgraded the switches from v1.2.0.97 to v1.2.7.76 and rebooted. After that the ping and iperf tests show no problems although there are still slow connections to samba shares and the backups still consistently fail.
I suspect there is a problem with the stacking connections and have searched for traffic statistics on the stacking ports to look for errors but have not found anything. Doing a snmpwalk didn't reveal anything that I recognized. There are interface counters for all the ports except the stacking ports.
View 4 Replies
View Related
Apr 17, 2012
Am looking into using stacking and NIC teaming to create redunancy for user access to servers. What I am thinking is getting 2 SG500-28 switchs and configuring them in a stack that appears as one logical switch. Now on the servers I would configure 2 NICs to be a team so they appear as 1 logical interface, perferably in an active/active configuration using LACP. In this NIC team take 1 team member to switch A and the other to switch B, so each team member is on seperate switches.
Givent the scenario:
1) Will that work with the 500 series switchs? Reason for the switches is their price point is perfect for my client.
2) Besides the stack link will there also need to be a LAG between the switches or does the stack link do data traffic also?
View 3 Replies
View Related
Oct 12, 2011
I got question about Cisco SF300-24P- is it possible to have management vlan in other vlan than in default vlan?I have default vlan 10 and voice vlan 20, I need to reach switch through voice vlan so I need to set up, interface vlan 20 with ip address. I ask these, because in gui, under Management Interface, IPv4 interface,under Management VLAN, I can only choose vlan 10, which is my default vlan, I dont have option to set ,up, in this case, vlan 20 as management vlan.
View 2 Replies
View Related
Apr 5, 2011
I have five 877 routers connected to ADSL circuits provided by Vodafone. Each has a VPN tunnel back to a PIX.
Occasionally one of the sites will lose it's connection to the PIX.
When we check the log, we find entries like these:-
Apr 5 01:31:54.085 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to downApr 5 01:33:19.344 UTC: %CRYPTO-
[Code].....
As you can see, the physical interface (ATM0) is not being reported as changing state to down, neither is the Dialer interface.
When the router is in this state we have to SSL to the public IP address of it and manually restart the ISAKMP SA.
When the router sees the ATM interface go down and subsequently come back up, the VPN connection to the PIX also recovers.
So - in a long winded way I think I'm asking....why does the Virtual interface go down and is there anything I can do to stop it happening?
View 3 Replies
View Related
Feb 14, 2013
Is there an SG300 or SG500 that has all ports as SFP ports?
View 1 Replies
View Related
Jan 31, 2013
how can i view the port G27 and G28 in GUI? As based on the GUI Adminstrator - > Port Management - > Port Setting i only can view from port G1 to G26. Or it will only appear when the port is active for stacking.
View 3 Replies
View Related
Jan 15, 2013
I have 3 x SG500-52P switches stacked. Vlan 1 is data and Vlan 3 is voice Port to Vlan membership is 1UP and 3T Port security is disabled
The issue I have is that I can have either a phone or a PC plugged into a port but not both. If I plug in both then the phone works and the PC gets an IP address (Broadcast traffic) but PC cannot browse the network.
View 9 Replies
View Related
May 10, 2012
What is the difference between a SGE2000 and a SG500-28?
View 3 Replies
View Related
May 8, 2013
I have downloaded the new firmware for the SG500. I see there are two files included in the download, a boot file (rfb) and regular firmware image (ros). I have looked and haven't seen anything about the rfb files. I know it is a boot file, but do not know if I should update the boot file first and then the firmware image or vice versa. Also, in my update screen on the SG500, the boot file option is greyed out.
View 1 Replies
View Related
Jun 2, 2013
I wonder if i can make a stack with 3 SG500-28.
View 1 Replies
View Related
Jun 4, 2013
I have a Cisco SG500-52P along with an older SGE-2010P, am I correct that in order to stack they must be the same series?
View 1 Replies
View Related
Jan 8, 2013
I am setting up a 3 host ESXi cluster. I am using a pair of stacked SG500-28 switches for switching redundancy. Each host has 8 NICs. 4 to each switch. I have successfully setup a 3 NIC LAG with 1 path to one switch and 2 paths to the other. These LAGs work. When I setup a 2NIC LAG via the console for management, and the associated ports on the switches, I lose managment communication with the host. Before setting up the LAG in the ESXi console, I set that vswitch properties to us IPHASH as instructed here bit.ly/VLaTEt I have attempted to follow those instructions as closely as possible. The one thing that I am wondering is whether the SG series supports etherchannel. I can't find any reference. Either way, it works on the other vswitch that is for vMotion. I can vmkping between the hosts over that LAG. But setting up a LAG on the management vSwitch doesn't?
View 5 Replies
View Related
May 29, 2013
I am currently running two SGE2010 in stack and planning to purchase new Sg500 .I have two questions :
1. If these two different products can be managed as one stack.
2. Are the SFP (mini-GBIC) connections compatible and if so what accessories or parts do we need to enable them?
View 1 Replies
View Related
Jan 13, 2013
I had connected a computer and NTP to the SG500. i had successfullly sync the internet time on the computer. but when i type 'show clock' on the terminal. The switch did not manage to sync the ntp time.
clock timezone sg +8
clock source sntp
sntp unicast client enable
sntp server 192.168.4.36
View 3 Replies
View Related
Apr 8, 2013
We have a problem with NLB on a SG500-28P which is a major issue for us.
I am investigating a problem together with Microsoft Support about a download/upload performance issue with a Microsoft Forefront TMG array which is connected to a single SG300-28P. Àpparently this issue exist on every NLB array we implement. I am now at the point we asume the SG500-28P does not handle NLB in unicast mode very well.
We have a network topology as shown below:Please note the actual public IP Addresses are hidden and the internal IP Addresses are diffrent, for security reasons.
Our SG500-28P is configure in L3 mode. It hosts three subnets you see above. The two TMG servers are configured with NLB (in unicast mode) on the Internal Network and External Network interface. It is connected to the internet and our internal network. These TMG Servers are in fact Edge Servers. Our other servers and client are in a different VLAN. The default gateway flows through this NLB Cluster [10.250.0.254].
Problem: When a client uses its default to connect to the internet the performance is very and very slow. With an internet connection of 10/10 we get 10/2. With an internet connection 100/100 we only get 7/1!.
Now we have tried everyting we can imagine. I can't write down all, because that would be a lot. One thing is worth notice; When we move the client to the same VLAN as the NLB Cluster and the client uses 10.250.0.1 as its default gateway, the problem still exists. But... when the client uses 10.250.0.254 as its default gateway the performance is outstanding 95/95! Apparently if traffic for the NLB Cluster is routed through the SG300-28P the performance drops like a rock.
I have never seen this before with SG300 series switches, although this environment is different. Normally I would configure NLB in multicast mode. But the switch does not allow to add static ARP entries for multicast MAC Addresses.I know NLB in unicast mode introduces switch flooding and such. But why does the SG500 not handle this right? Is there anything I can do about it?
View 7 Replies
View Related
Feb 25, 2013
Currently, my Cisco DPC3010 cable modem is connected directly to one of the Ethernet ports on my Linux router. All works quite well that way. However, I'm curious to know if there's some what to separate the router and cable modem over 2 switches?
The coax enters the house in my living room and connects to the CM there. The router is also sitting in the living room, and it's connected to a Cisco SG200-18 switch. I have Ethernet running from my living room to my basement, where a Cisco SG500-24 switch sits. The two switches are connected via a 2xGigE port channel.
I want to move the router into the basement. Ideally, I'd like to move the CM down there with it, but I don't have the necessary coax run. So for now, that's out. But... can I go from something like this:
--coax----- Cable Modem ---GigE----- Router ---GigE---- SG200-18 ===2xGigE==== SG500-24
To something like this:
--coax----- Cable Modem ---GigE----- SG200-18 ===2xGigE==== SG500-24 ---GigE----- Router
I tried it, complete with a separate VLAN specifically for the CM traffic. And the VLAN was properly trunked between the two switches. But for some reason, the router was unable to communicate via IP to the upstream. I'm not sure if there are config bits I need to set on the SG200 that the CM is connected to? I thought I'd read somewhere that CMs don't like broadcast technology such as LLDP and/or CDP, so I disabled both of those on its port. Did I miss something else perhaps? Or am I trying to do the impossible?
For what it's worth: the IP connectivity is static. There's no DHCP running between my router and the upstream cable provider. The cable modem is literally acting as a L2 coax-->Ethernet convertor, more or less.
View 3 Replies
View Related
Feb 26, 2013
At our office we have a weird performance problem with the following switches and connectivity:
Internet |
SG300-24 (L3) core switch (in our server room)
|SG300-10P (L2) access swtich (in our meeting room) |
SG500-28P (L3) switch (in our meeting room)
We are building a new computer infrastructure that is connected to the the SG500-28P. As you can see above the SG500-28P in our meeting room has an uplink to the SG300-10P in the same meeting room. And again the SG300-10P has and uplink to the SG300-24 in our server room. From the server room, there is connectivity to internet. The network uses a multiple VLAN's and routeing between them. Bootom line is, the internet VLAN ID 10 is tagged to trunk ports and available on the SG500-28P. So client get connected straight into the internet based VLAN.
The performance on the SG500-28P switch itself from VLAN to VLAN is very fast. But... the uplink connection tot the internet and other VLAN's on the core switch are very and very slow! At least 10 times slower than normal. So if I plug a laptop in the SG500-28P and go from uplink to uplink, it is slow! But... when I connect the same laptop to the SG300-10P the connection with only one uplink it is fast. As if three switches is to much. I can't figure out why.
View 2 Replies
View Related
Jan 4, 2013
I have an SG-200-8 which connects to a stacked pair of SG500-28P switches. It is powered by PoE from the SG500. From the SG500 the port appears Up, but at the the SG200 it is disabled and nothing I do re-enables it. I know the cable is good because I had a previous netgear switch hanging off it and working, also the power gets through.I can only connect to the switch if I disable wifi and plugin a manually configured PC - DHCP doesn't get through to it from the SG500 end.I have tried a second SG200 same problem. Have disabled RSTP/ STP thinking it might to relate to the fact that a PC connected to the switch also had a wifi connection to the same LAN, but. Don't know where to go next. looks like a bug?
View 1 Replies
View Related
Mar 1, 2013
I have an SG500 that is already deployed with some Access VLANs on it. The PVID is still the default 1. I am trying to change it to 19 with as little interruption as possible. If I just go to the VLAN Management Tab and change the Default VLAN to 19 and reboot the switch, will it migrate my management IP to the default VLAN without any trouble? Would it be less interruption to: Create VLAN 19, assign it an out of subnet IP address, change a port to PVID 19, connect directly to that port, go to that IP address, remove the original management IP from PVID1, change all the ports to PVID19 then change the management IP back to the original?
View 1 Replies
View Related
Jan 17, 2013
Is it possible to configure a cross stack etherchannel between 2 SG500 (in stack) and 1 SG200/SG300?
View 13 Replies
View Related
Feb 3, 2013
Could you provide me the main differences between SG500 and Catalyst 3750 command set?
View 2 Replies
View Related
Aug 26, 2012
Is there a way to ask the above switch how much power it's supplying to various ports?I've found some stuff in POWER-ETHERNET-MIB, but it's only the main power supply and the up/down status of the various ports.
It looks like what I want is
[URL]
but my SG500 tells me:
snmpwalk -v2c -cpublic serverswitch 1.3.6.1.4.1.9.9.402
CISCO-SMI::ciscoMgmt.402 = No Such Object available on this agent at this OID
View 6 Replies
View Related
May 17, 2013
I upgraded my SG500 switch firmware to 1.3.0.59, since there is a new functionality DHCP server v.4 well I must say I came accross the issue I cannot solve. DHCP server assign dynamic address - no hassles. troubles start with static IP hosts.I defined a couple of hosts with static address within the correct subnet. I tried with hardware address and client identifiers. no luck. my switch does not assign the IP address I assigned to the suitable mac address. to define it I use both CLI & Web.
ip dhcp pool host HP-Elliteaddress 10.10.11.7 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72client-name HP-Ellitedefault-router 10.10.11.1exit
ip dhcp pool host VAIO-Zaddress 10.10.14.108 255.255.255.0 hardware-address 54:53:ed:1c:a1:46
default-router 10.10.14.1exit
View 16 Replies
View Related
Jan 22, 2013
I have just configured up a sg500 with a lacp trunk to an upstream switch.
I am getting native vlan mismatch on the individual ports of the lacp team.
24-Jan-2013 12:54:48 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/24.
24-Jan-2013 12:57:35 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/48.
[Code].....
View 1 Replies
View Related
Dec 22, 2010
I have a problem in my Cisco 1841 in Virtual-Access Interface all interfaces is UP Except Virtual Access is Down . [code]
when i want recover the virtual access to up ,should i do shut & no shut to the ATM interface.What is the cause of the problem, and how I can solve this issue?
View 2 Replies
View Related
Feb 11, 2012
We have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
View 0 Replies
View Related
May 1, 2012
I have got new cisco ASA 5580 running 7.2(4) on it when i am trying to configured Virtual interface on vlan 400 in Gi0/0.400 to LBASE.now the problem is from my MZ zone 10.242.107.17 to Lbase virtual interface 10.242.103.1 iam not able to ping.
View 2 Replies
View Related
Feb 21, 2012
We want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.
The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3
These IPs are going to be NATted to all inside IPs.
Lets say our outside IP is X.X.X.X
This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary. When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.
View 1 Replies
View Related
May 3, 2012
one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.
View 1 Replies
View Related
