Cisco Switches :: Setup ACL On SG300-20 To Enable FTP?
Mar 6, 2012
I'm trying to setup an ACL on my SG300-20 to enable FTP and a few other protocols to a server, but I'm running data that returns on different ports (ie active FTP).
Below is a sample:
-------------------------------------------
Extended IP access list Protocol_Restriction
permit tcp any ftp any any
-------------------------------------------
Now that works great to allow a connection, but with active ftp when the data tries to come back on a different port (I assume) it is just hung up as all other ports are denied.
I event tried allowing all ports to come back from the server:
-------------------------------------------
Extended IP access list Protocol_Restriction
permit tcp any ftp any any
permit ip any host 192.168.0.100
-------------------------------------------
But that also didn't work seem to work.
I've played around with this in layer2 and layer3 to no avail. I've also seen many tips on applying in and out to the various interfaces, but that doesn't seem to work. Is that something that is only available on higher end switchers/firewalls?
View 1 Replies
ADVERTISEMENT
Oct 11, 2011
I recently purchased an SG300-28P. I have 2 VLANS/subnets that are successfully routing between them.Machines on both sides can ping each other just fine, but none of the usual Windows/NetBIOS browsing is possible. I've recently learned that NetBIOS is not usually forwarded between subnets. How would I enable NetBIOS packet forwarding between my subnets?
Reading the manual, it seems like enabling UDP Relay might be the answer but I've been unable to get it to work (same with DHCP relay).
View 8 Replies
View Related
Aug 20, 2012
I'm going to have several SG300-28P switches to setup. I'll need to create multiple vlans for data, voice, and wireless traffic. I have the following questions in setting up this configuration:
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice
1) For managing the switches via IP, will LAN1 be the default management network? Should I create a seperate VLAN for managing the switches?
2) For uplinking the switches together, I plan to trunk a port to connect the switches together. What's the configuration on the trunk port to forward all vlans from one switch to another?
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC. The phone supports tagging for the PC and the VoIP traffic. For example on port 10, would VLAN 100 and 300 be set to tagged?
View 3 Replies
View Related
Apr 8, 2013
I have a customer with several SG300's providing VLAN1 for data and VLAN10 for voice. The PC's are piggy backing off the phones and showing up in the SG300 fine:
One department has recently employed more people so we have an SG200 switch to connect the computers and phones to. I don't seem to be able to get any connectivity between the new switch and the SG300 it is connecting to. I have setup VLAN1 and 10 as per the images below:
View 4 Replies
View Related
Aug 13, 2011
I just received a new Cisco SG300-10 and am configuring it in Layer 3 mode. I am trying to setup multiple routed VLANs going back to a FiOS Actiontec router. My configuration is as follows.
Fios Router: 192.168.1.1
Assigning DHCP 192.168.1.2 through 100.
SG300-10 has VLan 1 ip 192.168.1.5 used for Mgmt.
VLAN2 is 10.0.2.1
VLAN3 is 10.0.3.1.
I have a static route set on the fios router for both subnets setup as follows.
Destination 10.0.3.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
Destination 10.0.2.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
I have a laptop connected to Gi8 on the Cisco (Vlan 3) and statically assigned 10.0.3.3, with a gateway of 10.0.3.1. DNS set to the fios router (192.168.1.1).
Everything pretty much works EXCEPT, I cannot get out to the internet from either vlan. Traffic routes between vlans/and the default subnet on the fios without issue.
When I ping out, DNS resolves, but will not go past the fios router. Am I missing a setting somewhere?
View 3 Replies
View Related
Aug 29, 2011
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
View 1 Replies
View Related
May 26, 2011
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
View 2 Replies
View Related
Feb 8, 2012
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies
View Related
Jul 25, 2012
I have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies
View Related
Nov 21, 2011
I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
Dec 18, 2011
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Jan 19, 2012
I'm having alot of trouble trying to connect more that one LAG between two SG300-52 switches.Basically i have configured both switches with the same vlans. For 2 of the vlans i would like to connect them together between the two switches using LAG. Switch1 has Vlan 5 (ports 1-12) & Vlan 10 (Ports 25-36) with LAG configured on ports 1-2 and ports 25-26. I have setup the second switch identical to the first. But when i connect the LAG's there is no connectivty. If i disconnect one LAG the other starts working.Can you only have i interconnect LAG between switches?
View 1 Replies
View Related
Apr 22, 2012
I have two SG300 serie switches and two Gigabit connection between them. How do I configured these two links to work toghether like a one 2 Gigabit channel?
View 2 Replies
View Related
May 9, 2011
I have a question, does the SG300-28 support VTP and STP?. I want to add it to my network's VTP domain so I don't have to manage vlans manually on the SG300-28 and also be able to configure STP to keep my network loop free.
View 2 Replies
View Related
Jul 19, 2012
On my SG300 I set up LAG for the last two ports.
I then plugged them into my SRW224G4P, once I do that I get dropped packets.
I was thinking maybe doing firmware upgrades to both switches?
View 3 Replies
View Related
Jan 29, 2012
I need to know how to configure each port in switch SG300-10 to vlans, i need to configure one port "trunk" with catalyst switch and assign 4 ports to different vlans. any solution?
View 2 Replies
View Related
Jun 20, 2012
In the CLI documentation for the SG 300 Series, it shows sh ip route rip as a command. I have installed the latest firmware and that command is no longer available. Does the SG300 series support RIP?
View 6 Replies
View Related
Jan 27, 2013
We purchased a SG300-52 last week to replace a 5yr old Dlink which has worked perfectly. 1 day after the SG300 went it it started crashing with this fatal error problem so I reverted the firmware back from 1.2.7.76 (latest) to 1.1.2.0 but I still get the problems. It crashes when I have it on my lan with users connected or if I just have the switch on my desk with just my laptop connected, so it cant be a load issue or a network topology issue. I already have a Cisco SGE2010 on my network without problems.
View 7 Replies
View Related
Mar 15, 2011
I have a question about ACL and binding. I have a SG300 28P and a couple of other linksys switches and Access points that are connected to it via trunks. The cisco SG300 28P is running in layer3 mode and i have created a couple of vlans and one of them is a guest vlan. Now to my question, i create an ACL and an ACE that vill funktion so that guest vlan only can connect to the internet and not the rest of the internal network. And then i must bound the ACL to an interface port or lag, what i can see it is not possible to bind it to an vlan? so if i have a port on some of the other switches that is member of the guest vlan, vill the ACL on the SG 300 stop guest vlan trafic to the internal network that is comming from some of the other switches?
View 1 Replies
View Related
Mar 25, 2012
I want to set up a vlan only for the wifi APs and wifi clients on my network. They can't access to any server, only internet acces. I already implement this configuration and its working, but now I want to allowed a couple of laptops to connect to servers in other vlan. what should I do? Should I do it using Mac address of laptops or IP?
View 9 Replies
View Related
Mar 1, 2013
Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround. My firewall blocks those SYN packets with a SNORT rule.
View 1 Replies
View Related
Mar 18, 2013
I have spent several days tearing my hair out trying to properly configure our small business switch (SG300-10p) for voice. The phones are a relatively new addition and will replace old POTS phones.Our network consists of a 1941 ISR router, the SG300-10P switch, a mac server (handing DHCP, DNS, AFP), 4 client desktops and 4 SGA525G2 IP phones. The router, server, desktops and phones all have their own connection to the switch and the second data ports on the back of the IP phones are not used. We do not have any unified comms devices for voice. Our VOIP solution is hosted by a local SIP provider, and each phone independently registers with the provider's SIP proxy over the internet.
Left almost to it’s own devices (or presumably flat, default settings on VLAN 1), this whole setup works just great. We can TFTP files, make and receive calls, and do all the usual XML stuff. Calls are crystal clear. Even the localisation and directory works. However, I’ve been told several times that to ensure good quality on VOIP calls during periods of busy traffic, I should set up some form of QoS. A Voice VLAN on the switch, I was told, is the best way to do this as it automagically gives priority to the whole voice VLAN over the normal data VLAN.
I have followed instructions in numerous manuals, articles and guides, and have managed to create the Voice VLAN, both manually and automatically (I can watch Smartport detect the phones and see the Auto Voice VLAN add the ports to the VLAN as I connect them). The trouble is, as soon as this happens, the phones lose connectivity with the rest of the network, including the DNS server and the router, and therefore the internet, causing them to lose registration with the SIP service.
I tried adding the server and router ports to the Voice VLAN and tweaking every possible combination of tagged, untagged, excluded, trunk, access, general and PVID settings I can think of (by the way, I have no idea what any of those mean). The switch is in Layer 2 mode, but adding the port connected to the router to all the VLANs does not result in internet connectivity to the phones. I have told the phones to tag frames with the VLAN ID and told them not to. I have tried upgrading firmware and I have rebooted the switch so many times I'm tired of those wretched little flashing lights.
Nothing seems to work. And so I am stuck with everything on VLAN 1. My most recent thought is that the 1941 needs to know about the Voice VLAN (I checked CDP and it knows about the switch), but I’m reluctant to start messing with the router config when this is our production network, at least without knowing what I'm doing. I don’t even know if QoS applies when a Voice VLAN is not set up and we're on VLAN 1, some articles say yes, others say no. And when it is set up right, how does that priority transfer to the router? I’ve looked in the router manual and config options and found something called 802.1Q, but I have no idea what it is, how it works or even if it applies to our situation. Can I forgo VLANs altogether and use QoS some other way, perhaps?I have googled enough to cobble together our setup in IOS up until now. Ideally, I would still like to be able to ssh or https into each device (as I do now) for management, and I’ve read about setting up a another VLAN for config, monitoring etc, but I guess that would mean routing between VLANs in Layer 3.
View 2 Replies
View Related
Jul 9, 2012
I have 2 SG300 switches, in layer3 mode, lag'd together for high availability, serving 2 Dell R815's and a Dell Equallogic 4100 for virtualisation. I have setup a number of vlan's, network traffic, mgmnt traffic, iScsi, vMotion etc and they seem to work.
However, Equallogic unit suddenly became unavailable to view for managment yet maintained iscsi traffic for the servers ok. After much head scratching, noticed that one of my SG300's had the vlan ports assigned to various vlans had *automagically* changed there assignment, ie tagged changed to excluded, but only for one of the iscsi traffic connections and the mgmnt port, both coming from the Equallogic, the other iscsi continued its assignment fine. The other SG300 hasn't changed. Guaranteee no one has been into change it and no changes have been made to Dell servers or Equallogic.
Q. Is there any circumstance where the switch can change the port setup itself? or is there any external circumstance that would trigger that change either?
This has now occured twice. The setup is running as a test lab, not in production until all setup is complete, then it will replace our existing harware.
View 1 Replies
View Related
Oct 6, 2012
To setup SG300-20 as CORE switch and SF100-48 as Distribution switch.SG300-20 will have 2 VLAN(DATA and VOICE)
-192.168.14.1/24 DATA
-172.168.0.1/24 VOICE
SF100-48 will also have 2 VLAN(DATA and VOICE)
-192.168.14.1/24 Desktop/Laptops
-172.168.0.1/24 IP phones
Problem is when I tried to assign IP to any VLAN's the switch will just hang and loose my connection the light will stop blinking it will steady and i unable to access the switch until i turn off again?
View 1 Replies
View Related
Feb 14, 2013
Is there an SG300 or SG500 that has all ports as SFP ports?
View 1 Replies
View Related
Jan 26, 2012
I am using a couple cisco sg300 28P switches along with a sonciwall firewall/router. The sonicwall was already in place and working so they didnt want to replace it. I understand how to configure the vlan on the sonicwall, but could use some info on the cisco. I would basically like to create 3 vlans, 1 default for management, 2 for pc's on lan, and 3 for the cisco spa504g phones/'voip. Would i just go into the vlan managment, configure the 2 new vlans and give them two id's? These offices have one network drop, so the phones and pc's will be sharing the switch ports, however the phones have a setting to configure the vlan id so they know which one theyre on. Is there anything i need to do after that? I want to make sure that vlan 3 has the highest priority becuase its voice, is there some qos configurations i need to make on that switch as well? Also, the port that links the two cisco swtiches together, does that need to be set as "trunk" port? I understand what vlans are, but its just the first time ive run into these cisco models. .
View 0 Replies
View Related
May 10, 2013
I bought the SG300-10 Switch a few days ago and updated it to firmware 1.3.0.59, but i think there's a bug in this firmware. If I go to "IP Configuration" IPv4 Routes" in L3 Mode nothing is displayed. In the log file i see that:
21474773112013-Mar-16 09:51:34Error%HTTP_HTTPS-E-DIAGNOSTICS: ERROR - in <RL_vtLeadTableGet> tag, can not find the table rlInetRoutingDistanceTable in the MIB. 21474775182013-Mar-14 22:39:22Error%HTTP_HTTPS-E-DIAGNOSTICS: ERROR - in <RL_vtLeadTableGet> tag, can not find the table rlInetRoutingDistanceTable in the MIB., aggregated (1)
Reset of the Switch doesn't work.
View 4 Replies
View Related
Sep 4, 2012
We are in an organization of 80 users with 5 Sx300 series switches with the latest firmware (1.2.7.76). The network is mostly flat with all switches feeding into a Cisco ASA5505 acing as the primary gateway for Internet Access. Only our two 48 port POE switches have an additional vlan configured for the VoIP phones. We have one SG300-10MP that is powering 5 Cisco Aironet 1024N's that keeps crashing. A couple weeks ago it went down twice in one day. I updated the firmware and it did not have any hiccups unitl today. This issue has been consistent since we installed the switch in April. Originally the issue seemed to be caused by too much bonjour traffic causing a buffer overflow (we have over 100 Apple products). Since I updated the switch I have not seen any bonjour buffer overflow errors. Instead I get the following error when it crashes:
2147424534 2012-Sep-05 15:12:28 Emergency %SYSLOG-F-OSFATAL: FATAL ERROR: tExcTask: ABORT DATA exception ***** FATAL ERROR ***** SW Version : 1.2.7.76 Version Date: 19-Jul-2012 Version Time: 17:54:43 Instruction 0x18 Exception vector 0x10 Program state register 0x80000092 %SNMP-I-CDBITEMSNUM: Number of startup configur ation items loaded: 133 %LINK-W-Down: gi1 %LINK-W-Down: gi2 %LINK-W-Down: gi3 %LINK-W-Down: gi4 %LINK-W-Down: gi5 %LINK-W-Down: gi6 %LINK-W-Down: gi7 %LINK-W-Down: gi8 %LINK-W-Down: gi9 %LINK-W-Down: gi10 %LINK-I-Up: gi9 %LINK-I-Up: Vlan 1 %LINK-I-Up: gi1 %STP-W-PORTSTATUS: gi9: STP status Fo
The CPU and PoE supply are far from being overloaded.
View 15 Replies
View Related
Apr 8, 2013
Currently I have my SG300 connected to a Wireless Router which is, in turn, connected to a Cable Modem.
I'm considering adding a second cable modem. Can the SG300 handle that?
View 3 Replies
View Related
Sep 10, 2011
I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine.However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports?
View 2 Replies
View Related
Apr 22, 2012
Before I launch into this can I say that I am very much a novice with regards to Managed Switches and their configuration. I have the following equipment which I have connected to the switch: [code] All of the above are on subnet 255.255.255.0.All of the above communicate with each other during normal operation.Our client is connecting to the switch but his requirement is for his system to "see" the PLC Comms Card as follows:IP: 10.0.3.61 on Subnet 255.255.252.0 .
Using the Internet Explorer interface connection I have created an additional VLAN (ID 2) on Port 10 with the intention of using this as the connection to the client ( I assume there will be further settings required to route the PLC connection to this port) but every time I try to assign the IP and Subnet values and click "APPLY" the changes are not made and the connection appears to hang leading me to reboot the switch.I have connected to the switch via console and changed the mode to Layer 3. I also assume that it is OK for the three pieces of equipment to remain on the default VLAN. How I should setup this VLAN and ultimately achieve my goal.
View 5 Replies
View Related
