Cisco Switches :: SGE2010P Can't Bind ACL / Policy-map To Interface
Nov 15, 2012
When I try to apply an ACL to a port on my SGE2010P, I get the following error:Can't bind acl/policy-map to an interface when the security suite is enabled in a per-port mode.I don't see an option where I can set the security suite mode.
View 10 Replies
ADVERTISEMENT
Aug 30, 2011
I am working on two SGE 2010 stacked and in routing mode. Everything work fine but before finishing the job, I wanted to lockdown all the network device so they would not be accessible from some subnets. Problem is, I cannot bind my ACLs to any interface. I get "Cannot apply because lack of HW resources." I am running firmware 3.0.0.18, and 3.0.1 release notes don't address that issue. TCAM utilization is at 3% Routing resources shows host: 200, routes:60, ip interfaces: 50 I have tried from the cli and get the same message.
View 3 Replies
View Related
Mar 24, 2013
I have a switch from SG 500 Series the works as Layer 3 Routing Switch with the Firmeware 1.2.7.76. I have create some diferent VLAN´s and have defined one ACL for each VLAN. Now i try to do a binding from the ACl to a VLAN but i have only the option to bind the ACL to a phys. Interface or a LAG.is the a possibility to bind the ACL to a virtual interface like in other Cisco serieses and how it works ? the Backround is i have connectetd 2 Hyper-V Server where the Guests are in different VLAN´s and the server is connectetd with a 10Gb Trunk to the Switch now the switch routed the different VLAN´s and i must have some restrictions between the VLAN´s.
View 2 Replies
View Related
Aug 8, 2012
How many watts do the Cisco SGE2010P 48 POE switches draw?
View 1 Replies
View Related
Apr 9, 2013
I'm the administrator of a system composed of seven SGE2010P switches in stack configuration.I developed a script to update the ACL at regular time intervals.
ACLs work well unless one or more switches in the stack is turned off. In this case it would seem that once, which switches off will restart, they do not synchronize ACLs assigned to interfaces.
Currently the only solution I've found to restore functionality, it is cold restart of the entire stack.I was wondering if there is a command to propagate the acl switches that I can recall in the event of a restart of any of these.
View 1 Replies
View Related
Jan 2, 2011
I recently changed jobs and am now supporting a small(but rapidly growing) environment as follows:
35 PoE phones with a switchport going to a workstation
8 PoE cameras
7 servers(2 NICs each with link aggregation)
Various racked network hardware
I currently have an Enterasys 10/100 48p PoE switch powering all of the PoE devices, but the switch is getting old and I'd like to start converting over to pure gigabit. There's also an HP Procurve 2810-48G that all of the servers and other racked network hardware are plugged into. That switch is fine, but doesn't have PoE, so its uses are limited to the rack.
Just a few other things to keep in mind... Whomever setup this network failed to separate the voice and data traffic into their own VLANs + QoS, so that needs to be done as well. Expandability is key as the company is growing at a rapid pace- Stacking is certainly desirable, but not an absolute requirement.
I'd like to keep the price point bellow $2000 if I can get a good product. Cisco would be cool, but the price point is way too high for the features that I need. Any great recommendations? Here's some that I've been looking at:
Cisco SGE2010P
Netgear GS748TPS
View 15 Replies
View Related
Feb 21, 2012
I have a Cisco Calayst C3560G core switch with 4 x SGE2010P Switches which are invidually linked/trunked via 2x CAT6 Cables for each SGE switch so im not stacking them. First problem is i cant seem to trunk/bond the 2 cables to the SGE LAGs i created, I can only use 1 cable per SGE switch. Yes the Core switch is configured correctly and have the proper Port Channel config (below is an example of a config) how do i get this working!?
I run POE Voip phones and PC's of 1 cable that is vlan'd on the phones, so each port on the SGE's are trunk'd
CISCO C3560G
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
[code]...
The other issue and more troublesome is that I have random reboots on all of the SGE's the LOGs tell me nothing! I cant seem to figure it out even had the units swapped out! Jumbo Frames are enabled but still happens even if disabled. Got some STP/RSTP settings but nothing works.
SGE Hardware Version 00.00.01
SGE Software Version 3.0.018
SGE Boot Version 2.0.0.03
View 7 Replies
View Related
Jul 18, 2011
I have configured stack with 2 sge2010p switches. I want to connect this stack to the HP procurve switch using port agregation (LAG) technique. I want to use one ge port on each sge switch.How to configure it? Will it work witch port agregation on procurve?
View 2 Replies
View Related
Jul 24, 2011
I have configured 2 Vlans on the network. 1 - native Untagged for data traffic and 100 Tagged for VoIP.I have 4 SGE2010p switches 2- of them in stack working in L3 mode and 2 connected to the stack via single ethernet links in L2 mode.I have IP phones with trunked ports -Vlan100 tagged and 1 untagged. I have set CoS 5 for Voice Vlan 100 on the phones and CoS 5 to queue 3 mapping (in basic mode) on all switches.But it seems to not work at all.Should I use Advanced QoS mode?Where Can I find some QoS configuration example for Voice Vlan on SGE2010p switches?
View 1 Replies
View Related
Sep 19, 2011
I've got multiple SGE2000P & SGE2010P switches
Originally I was happy just set them all up in a stacked ring configuration. However I've become aware that my back bone fibre links are contantly pushed to their max.
So I've decided that I should change this configuration and unstack the switches and make them all stand-alone units. and I'll configure 2 cable LAG links between all my switches Theorically I should now get 2GIGs between each switch and to complete the ring in my network for redundancy I'll turn on Spanning tree.
However I've tested the speed and I just can not seem to get a LAG connection with 2 x 1gig cables to push more data than a single link 1gig link cable would.
My test enviroment(not using fibre optic cables just cat5e copper cabling):
4 x pc's(all gigabit network cards)
2 x sge2000p switches
PC1 ---(1G eth)--- /---(1G eth)--- PC2
[SGE2000P]===(LAG1 2x1G cables)===[SGE2000P]
PC3 ---(1G eth)---/ ---(1G eth)--- PC4
If I send files from PC1 & PC3 simultaneously to PC2 & PC4 They don't transfer faster than if I I just use a single 1GIG Link cable
looking at the LAG configuration it shows both cables are connected & the LAG looks like it's working. But it really doesn't seem to be running at the expected 2GIG?
The LAG fail over seems to work fine if I remove either of the 2 cables from the LAG the link continues to work. (sometimes it will drop a ping when removing or readding a LAG cable)
View 3 Replies
View Related
Mar 11, 2012
I just purchased two Cisco switches (SGE2010P) for the new Mitel 5000 Phone System. The Mitel vendor programmed and setup the phone system for us, but they couldn’t figure out the VLAN setup on the my switch. So now I have everything on one network and I am stuck on my own to figure the VLAN on my own. So please, some step by step on the settings on the switches, the router and the server (DHCP).
Here is what I have now:
2 floors building with a Cisco SGE2010P switch for each floor.Sonicwall TZ 210 routerWindows 2008 R2 server for DHCPMitel 5000I have the switch on Layer 2 at this moment, but I can switch it to Layer 3 if that makes the process easier and less steps.My network as follows: Router: 192.168.123.254Windows Server: 192.168.123.9Switches: 192.168.123.5 and 192.168.123.6Mitel 5000 server: 192.168.123.7 (has to be changed)The PCs are connected to the phones.
View 5 Replies
View Related
Sep 22, 2011
Where can I find information on using debug on the SGE2010P switches? The information in the admin and reference guides is extermely limited.
View 1 Replies
View Related
Mar 25, 2013
I have switche SGE2010P, router 871 and 3 cisco ip phone 7920. If cisco ip phone 7920 connected to switche SGE2010P then link is down. But if cisco ip phone 7920 connected to router 871 then link is up. In the log switche SGE2010P is not event about this.Why are cisco ip phone 7920 not work with switche SGE2010P?
View 3 Replies
View Related
Mar 7, 2012
I am new to VLANs and Cisco SMB switches. I have a new SGE 2010P switch and i am trying to configure different VLANs, one for data, one for Voice and the other for server.
Is there any tutorial on how to configure VLAN, by the way i tried to used the web interface and admin guide, it totally confused my understanding of Vlans.
View 5 Replies
View Related
Nov 10, 2011
I have configured the above switch with 2 vlans, with vlan interfaces and a default route that points to an internet router.
The switch is running in Layer 3 mode
================ ================
= = Vlan5 = =
= SGE2010 = ++++++++++++++ = Draytek = ------------------ INTERNET
= = = =
================ ================
192.168.0.254
Vlan 5 Data
Vlan 10 Voice
Int Vlan 5 192.168.0.253/24
Int vlan 10 192.168.10.253/24
0.0.0.0 0.0.0.0 192.168.0.254
The inter vlan routing works fine with the .253 addresses as the default gateway to the PC's but I cannot browse the internet.
When I change my gateway to the router .254 address, I get out on the internet fine.
View 5 Replies
View Related
May 1, 2012
I want to implement SPAN or RSPAN of a vlan. Can this be done with the SGE2010P? I can't find the configuration guide on the Cisco Web Site.
View 1 Replies
View Related
Aug 6, 2011
I have just downloaded new software for sge2010p. I had tried to made an upgrade on some switches, but switches still boot with the old software.I have installed software 3.0.0.18 and boot 2.0.0.03. I have downloaded software 3.0.1 from cisco, put it on tftp and started an upgrade via switch web interface. I have checked that the active image is set to 1, and started the upgrade.Switch has downloaded soft from tftp, and reported that process has been finished without errors.After the restart switch have 3.0.0.18 software again. I have try to do this same on 4 different switches working in L3 and L2 mode - always with the same effect.Should I upgrade both images in the same time to get this work?
I have noticed, that the new firmware is located on image 2.
# show bootvar
Image Filename Version Date Status
----- --------- --------- --------------------- -----------
1 image-1 3.0.0.18 08-Nov-2009 16:21:37 Active
2 image-2 3.0.1.0 19-May-2011 13:05:53 Not active*
[Code] ...
So I try to set active image via console command:
# boot system image-2
and again...
a# show bootvar
Image Filename Version Date Status
----- --------- --------- --------------------- -----------
1 image-1 3.0.0.18 08-Nov-2009 16:21:37 Active*
2 image-2 3.0.1.0 19-May-2011 13:05:53 Not active
"*" designates that the image was selected for the next boot
Finally i have tried to set the active image to "2" using console menu: I have set it like this:
Active Image
============
Unit ID Active Image Active Image after Reset
======= ============ ========================
1 Image 1 Image 2
and save..
[Code]
Where is the right place to set active image for 2. Is the "active image" settings only sets the firmware image which switch uses or configuration files too?
View 5 Replies
View Related
Jun 9, 2010
Just got a new SGE2010P layer 3 switch. I'm trying to configure Vlan to reach a few subnet. I have the original 192.168.1.0/24 as vlan1. I want to reach our WiFi subnet 192.168.10.0/24. The WIFI router is directly connected. It's new for me as the previous Job i was sorking with a ws-3750-48.
i did from console change my switch to layer 3 mode... ( i want it as the DGW for each Vlan)from the web interface, i create a vlan4 for our WIFI Next i go to ipv4 to add an IP address to vlan 4 like 192.168.10.254 /24 As soon as I apply the IP the switch stop responding, Ping request time out.. i need to reboot the switch..
View 2 Replies
View Related
Jan 24, 2013
Recently our company purchased 3 Lynksys SGE2010p, At the moment they work as a stack but as we are implementing UCCX we need to mirror 15 ports but during the provisioning i've noticed that the limit is 8 ports per stack. I'm wondering whether this is a known issue or just a known limitation . I believe that most probably i'll need to move back to stand alone mode so i could configure 8 mirrored ports per switch.
View 2 Replies
View Related
Jun 21, 2012
Created 2 separate VLANs on SGE2010P switch. Neither in Native VLAN 1.
For example;
-Port g01 in VLAN 56
-Port g25 in VLAN 56
-Port g10 in VLAN 10
-Port g37 in VLAN 10
All appears to work well within the respective VLAN (i.e. DHCP, ARP, etc. no IPs from other VLANs)STP - Spanning Tree is Globally disabled.
However; when I feed a n new network (which has STP enabled) into VLAN 10; I then plug a laptop with wireshark running into VLAN 56 - cannot see any other traffic/packet...except STP packets coming from a CISCO device on VLAN 10 while I am plugged into VLAN 56.
This demonstrates to me the network is not truely seperated. I know this because last night I crossed two networks and caused havoc; ouch.I configed a D-Link switch with the same scenario and no issue.
View 5 Replies
View Related
Jul 21, 2012
We are upgrading out internal office network. I have setup 4 switches and 1 router using the following config.
-2 SGE2010p's are stacked together forming vlan 30 (to be used for phones)
-2 SGE2010's stacked for workstation's under vlan 20
Both switches are apart of vlan 1 (the default)Ports 1 on each stack are connected to a Cisco 890 (port fe2 and fe3) in trunk mode. Ports 2 and 3 are in an LAG group and connected to the neighboring stack (I have attached a diagram), and are also in trunk mode).At this point one port (port 1 on either stack) goes into blocking mode, and I get why ,it's a physical loop.I need more than a 100mb link between switches (which is what pulling the LAG between switches gets me), but I don't want to route phone traffic through my workstation switches to get out of the LAN.Is it possible using these switches and router to have a LAG between stacks and a link to the router for traffic to 0.0.0.0 ?
View 6 Replies
View Related
Sep 6, 2012
Class and Policy maps are defined properly but when I am going to apply the policy-map on interface ,throwing an error as "'set' command is not supported in a 2nd level policymap".
Class/Policy map configuration given below ....
class-map match-any cm_traffic_control
match access-group name acl_traffic_control
class-map match-any BE
match access-group name be
[Code] ....
View 8 Replies
View Related
Jul 24, 2012
I'm unable to apply a policing limit in a switchport of the CISCO861 router. This is my configuration:interface FastEthernet0, service-policy input wired-input,service-policy output wired-output end.
View 3 Replies
View Related
Aug 29, 2011
I have configured a qos policy and I am trying to apply the policy to a vlan interface which is physically connected to a switch module port of a 3845 Router.When I try to apply, the message configuration failed appears.
View 4 Replies
View Related
May 1, 2013
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
View 4 Replies
View Related
Mar 4, 2011
Is it possible to establish PBR rules that set the ip next-hop to point directly to the inside interface of the ASA5550?Or, do I need to direct this PBR traffic first to a directly connected router interface and then default route to the ASA?At a high level, here's what we have:
ISP 1 - with /21 IP PrefixNo BGP Routing3845 Edge Router - Default Route to ISP 1PIX535 Firewalls (HA) - Default Route to Edge RouterLAN Core/Distribution - Default Route to PIX535 Inside InterfaceAll applications/services use this egress path for PAT/NAT/DMZ/VPN/Etc.
Here's what we are adding:
ISP 2 - with /24 IP PrefixNo BGP Routing3925E Edge Router - Default Route to ISP 2ASA5550 Firewalls (HA) - Default Route to Edge RouterSame connectivity to LAN Core/Distribution
Goals:Maintain ISP 1 for nowMigrate only end user Internet traffic to ISP 2No disruptions to applications/services using current DefGW to PIX535
Question: how to best use PBR to selectively direct traffic to the ASA inside interface?
View 4 Replies
View Related
Jul 18, 2011
I have a requirement to provide stats on a per-department, per-destination basis between sites. If I take Voice as an example I have 5 child classes referring to the 5 departments each matching EF and a particular access-list that matches the department's subnet. I tie these 5 child classes into a parent Voice class-map.
Now when I issue a "show policy-map interface" command I see stats for the parent class-map only whereas I would expect to see a breakdown for each of the child classes which is what is required.
I am doing this on an ASR1002 running 3.2.2.
View 1 Replies
View Related
Apr 23, 2012
I'm trying to add an outbound policy on Layer3 interface on a 6500. The will be used to prioritize voice traffic. The environment contains 2 sites with 2 6500's each with VSS and a metro Ethernet link between them. I seem to be having problems prioritizing the voice across this link.
View 1 Replies
View Related
Mar 23, 2012
I read the User Guide section on Internet Access Policy for the Linksys E3000 but I could not find this menu to create a policy from the web interface. I have the latest firmware version (1.0.04 Build 6,)
View 1 Replies
View Related
Sep 20, 2012
we just received 5 new SF200-48 Smart Switches for small business. I noticed only way I can configure them is by using the web gui. Is there a way to enable good old CLI?
View 6 Replies
View Related
Mar 16, 2011
WLC 4404 LDAP Bind Fails
View 12 Replies
View Related
Mar 15, 2011
I use the dhcp demon (dhcp server) on my PIX 501 to give my local clients automatic ip addresses, my dhcpd config is here:
dhcpd address 192.168.251.20-192.168.251.40 inside
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain lokalnet
dhcpd enable inside
View 5 Replies
View Related
Aug 9, 2011
I want to Bind 2 network interface cards together
View 2 Replies
View Related