Error on a Switch Cisco SG300-52 PoE
Hi,
I get an error on a Switch Cisco SG300-52 PoE
error: %Box-F-INVALID-PARAM-SETTING: Function BOXG_poe_i2c_read_mem_byte: invalid param recv_byte_PTR value = 0 ***** FATAL ERROR ***** Reporting Task: HCPT. Sof tware Version: 1.3.7.18 (date 12-Jan-2014 time 18:02:59) 0x16adc8 0x166f34 0x6df974 0x48fd60 0x490670 0x490890 0x9af988 0x9be7d8 0x98a710 0x98ab8c 0x98ad60 0x98e6f4 0x990128 0x982ddc 0x994cf0 0x962c24 0x965604 0x94a960 0x94b688 0x1223fc ***** END OF FATAL ERROR *****
What does this error mean?
Thanks for help!
Martin
Hi,
I get an error on a Switch Cisco SG300-52 PoE
error: %Box-F-INVALID-PARAM-SETTING: Function BOXG_poe_i2c_read_mem_byte: invalid param recv_byte_PTR value = 0 ***** FATAL ERROR ***** Reporting Task: HCPT. Sof tware Version: 1.3.7.18 (date 12-Jan-2014 time 18:02:59) 0x16adc8 0x166f34 0x6df974 0x48fd60 0x490670 0x490890 0x9af988 0x9be7d8 0x98a710 0x98ab8c 0x98ad60 0x98e6f4 0x990128 0x982ddc 0x994cf0 0x962c24 0x965604 0x94a960 0x94b688 0x1223fc ***** END OF FATAL ERROR *****
What does this error mean?
Thanks for help!
Martin
Similar Messages
-
Need SNMP OID for MSTP status in Cisco SG300-28MP 28-port Gigabit Max-PoE Managed Switch
Hi,
I have configured redundant network using two Cisco SG300-28MP 28-port Gigabit Max-PoE Managed Switch through MSTP & it's working fine.
I need OID of MSTP status from which I can monitor which Switch is active and which one is in standby mode.
Please help.
Thanks,
HarshaHi Harsha,
check these OID's:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.4.1.9.9.500.1.2.1.1.6&translate=Translate&submitValue=SUBMIT
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=cRFStatusUnitState&translate=Translate&submitValue=SUBMIT&submitClicked=true
Thanks-
Afroz
**Ratings Encourages Contributors *** -
Need SNMP OID of MSTP status for Cisco SG300-28MP 28-port Gigabit Max-PoE Managed Switch
Hi,
I have configured redundant network using two Cisco SG300-28MP 28-port Gigabit Max-PoE Managed Switch through MSTP & it's working fine.
I need OID of MSTP status from which I can monitor which Switch is active and which one is in standby mode.
Please help.
Thanks,
HarshaHi Harsha,
check these OID's:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.4.1.9.9.500.1.2.1.1.6&translate=Translate&submitValue=SUBMIT
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=cRFStatusUnitState&translate=Translate&submitValue=SUBMIT&submitClicked=true
Thanks-
Afroz
**Ratings Encourages Contributors *** -
Cisco SG300 HOSTP_flash_operation: fatal error during read operation!
I have 2 Cisco SG300-52P switches. Earlier this week, one of them started dropping connections and POE was not working on a couple of devices... I came in this morning to restart them when no one else was around. After restarting them, the troublesome one was still not detecting POE devices.
I have been waiting for some down time to do a firmware update, so I thought this might straighten things out. I Downloaded the updated bootloader and firmware from Cisco's site. Updating the (non-problem) SG300 went exactly as it should. Upgrading the the bootloader on the problem SG300 went exactly as it should. Started the firmware update on the problem switch ....... and it didn't come back online. The power light was flashing, and occasionally the lights on ports would blink like they were trying to reset, but they never made it. There weren't really any special configurations on this switch so I had nothing to lose by trying a factory reset via the pinhole on the front ...... same result.
I connected to the serial port via a win7 PC with putty. .. All setting per Cisco. I got a message that the connection was detected, but it would not accept keyboard input. I power cycled the SG300 and watched the messages go by ... It looked like everything was working. I even got a message that the "Initialization task was completed"..
Then this message "HOSTP_flash_operation: fatal error during read operation!"
We have had a couple of internet and power outages recently, but I am trying to rule out other issues before blaming it on that.
any suggestions?
putty output file attachedI am not familiar with SG series products, but looking at the error message in the attached file, it appears there is an issue with reading from the flash. It could be that the flash file is corrupted and the flash needs to be formatted and then reload the software again.
If you have support contract on the product, I would suggest you open a TAC ticket with Cisco and have them help you.
HTH -
Cisco SG300 - IGMP and multiple switches
Hi all,
I have read through various Cisco documents and tried various configurations and i have been unsuccessful
Here is the network layout
Cisco SG300-10 in Layer 3 mode, managing all VLANS created and inter-vlan traffic is working fine
Ports 1-4 are in LAG 1 with LACP enabled, Ports 5-8 are in LAG 2 again with LACP enabled, port 9 is connected to the ASA 5505 (Trunk port, all VLANS) and port 10, again a trunk port I use for management
LAG 1 and 2 are connected to Cisco SG300-52 switches
again traffic between the switches is working ok, what we would like to do is the following
on VLAN 7, we have multiple devices streaming using UDP multicast, what we would like to do is allow PC's on VLAN 5 to be able to pick up these streams as and when they need to, the devices broadcast on their own unique UDP ranges
Could someone please explain to me what I need to configure on the Layer 3 switch and the other two Layer 2 switches in order for this to work?
If i put a port into VLAN 7 and can view the stream without a problem, also if there is any fine tuning to be done once this is working
Thanks
AndyJason,
The only advantage you would get from using SFPs (fiber tranceivers) in the GBIC slots would be if you needed to make a run of over 100m between the switches. Unless you have a very large property with switches at either end you are just as well to use the copper ports in the setup you described. There is also nothing wrong with chaining the SG100s together if necessary to free up a port on the RV320. The only other thing to consider is if you are using VLANs. Each unmanaged SG100 will only pass a single VLAN so if you need segregated distribution coming from the RV320 you would need to put each SG100 on its own port. Or, you could run a trunk from a port on the RV320 to your SG200 and then split off your untagged VLANs from there. Hope this answers your question and have a nice day.
Regards,
Mike.V -
Cisco SG300 Network Expansion (Configure 2 Switches)
I’m currently in the process of expanding my network having bought a second Cisco SG300-20 which is now sitting in my lab, my current setup is described below
Internet
^
|
Draytek Router 192.168.1.1
^
|
Cisco SG300-20 192.168.1.2
^
|
VLAN 12 Workstations interface 10.0.12.1
VLAN 13 Management interface 10.0.13.1
VLAN 14 Pubic interface 10.0.14.1
VLAN 15 Private interface 10.0.15.1
VLAN 20 Storage interface 10.0.20.1
I then have a number of servers with multiple nics that run on the various VLANS attached to certain ports in the Cisco Switch
VLAN 12 and 14 have been given access to the internet with routes added to Draytek to 10.0.12.1 / 10.0.14.1
Now what I want to do is to expand the network running a link from my first switch to the new switch. Ive read a number of notes on this forum but confused as to what I need to do.
I want the new switch to have access to all the VLANS configured on the first switch and will set the ports access to the various VLANs for each server that is being connected.
Have read that its best to have any additional switches on the network configured as Layer 2 and leave just one switch to do the routing (is that correct?). So have left the new switch as Layer 2 and given it an IP of 192.168.1.3
So the first question is how do I configure the uplink port from switch 1 (Port Gi2) to Switch 2 (Port Gi1).
Should I run multiple cables and create a LAG between the two switches? Allowing for additional bandwidth (I stream a lot of HD movies across the network to the workstations)
I have attached my running config from switch 1 below.
Any help would be appreciated, unfortunately networks are not my strong point.
prcswitch01#show running-config
config-file-header
prcswitch01
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end XXXXXX
vlan database
vlan 12-15,20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Workstations
address low 10.0.12.20 high 10.0.12.100 255.255.255.0
lease infinite
default-router 10.0.12.1
dns-server 10.0.15.200 8.8.8.8
exit
bonjour interface range vlan 1
hostname prcswitch01
username cisco password encrypted XXXXXXX privilege 15
ip ssh server
interface vlan 1
ip address 192.168.1.2 255.255.255.0
no ip address dhcp
interface vlan 12
name Workstations
ip address 10.0.12.1 255.255.255.0
interface vlan 13
name Management
ip address 10.0.13.1 255.255.255.0
interface vlan 14
name Public
ip address 10.0.14.1 255.255.255.0
interface vlan 15
name Private
ip address 10.0.15.1 255.255.255.0
interface vlan 20
name Storage
ip address 10.0.20.1 255.255.255.0
interface gigabitethernet3
switchport mode access
switchport access vlan 12
interface gigabitethernet4
switchport mode access
switchport access vlan 12
interface gigabitethernet5
switchport mode access
switchport access vlan 20
interface gigabitethernet6
switchport mode access
switchport access vlan 20
interface gigabitethernet7
switchport trunk allowed vlan add 13-15
interface gigabitethernet8
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet9
switchport trunk allowed vlan add 13-15
interface gigabitethernet10
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet11
switchport trunk allowed vlan add 13-15
interface gigabitethernet12
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet13
switchport mode access
switchport access vlan 12
interface gigabitethernet14
switchport mode access
switchport access vlan 12
interface gigabitethernet15
switchport mode access
switchport access vlan 12
interface gigabitethernet16
switchport mode access
switchport access vlan 12
interface gigabitethernet17
switchport mode access
switchport access vlan 12
interface gigabitethernet18
switchport mode access
switchport access vlan 12
interface gigabitethernet19
switchport mode access
switchport access vlan 12
interface gigabitethernet20
switchport mode access
switchport access vlan 12
exit
ip default-gateway 192.168.1.1
prcswitch01#Hi Aleksandra,
Im still having issues with my setup. The servers I have connected have VLAN tagging enabled
Previously I had my esxi server connected via two nics with ports configured on my Layer 3 switch prcswitch01 as follows
Port 1 Trunk VLAN 13-15
Port 2 Trunk VLAN 13,20
My NAS was configured on a single port on VLAN20
The ESXI server can only have a single gateway which is used by both interfaces
~ # esxcli network ip route ipv4 list
Network Netmask Gateway Interface Source
default 0.0.0.0 10.0.13.1 vmk0 MANUAL
10.0.13.0 255.255.255.0 0.0.0.0 vmk0 MANUAL
10.0.20.0 255.255.255.0 0.0.0.0 vmk1 MANUAL
Traffic was being passed from VLAN13 to VLAN20 to allow connectivity to the NAS on the ESXi server
This no longer seems to be happening on my Layer 2 switch.
I have configured the ports the same as previously setup on the Layer 3 switch.
When I have the esxi server connected I can reach the server on 10.0.13.11 but the server cannot ping the NAS on 10.0.20.196
Hope that makes sense, I’m confused about setting this new switch up. Should I configure it as Layer 3 and setup interfaces for the various VLANS. I was under the impression this would be done by my first switch.
Thanks
Paul -
LAG configuration issue on Cisco SG300 52 Switch
Hi everybody,
I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine. However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports? Or is there any compatibility issue?
Any help from you guys will be greatly appreciated.
Thank you.
VishalHi Dave,
Thank you for your quick response and sorry to have looked at it late. Well, I already resolved the issue and like you pointed out, it was the configuration of the Dell NICs. I had to configure NIC teaming and there was a bug with the Broadcom NIC management software. I had to download this piece of software again and I was then able to configure NIC teaming on it. I initially thought that it was already configured because we got the Dell server "pre-installed with pretty much everything".
Anyway thank you for your assistance. Oh I have a question though if you don't mind clearing my doubt. We have bought 7 of these SG300 Switches and I would like to use all of them
in a hierarchical design as core, distribution and access layer switches because I believe this switch has got all the qualities to be used at all the three layers. We have about 100 users in our company at the moment but expecting growth of about 10-20 employees per year. Would you think a hierarchical network design for a 100 users is a bit of an overkill? Would you think these SG300 switches can handle network traffic at the distribution and core layers? I worked out the average daily traffic is only about 4 Mbps.
Thank you for your valuable guidance.
Kind regards,
Vishal
Date: Mon, 12 Sep 2011 08:09:40 -0600
From: [email protected]
To: [email protected]
Subject: - Re: LAG configuration issue on Cisco SG300 52 Switch
Cisco Support Community
Re: LAG configuration issue on Cisco SG300 52 Switch created by David Hornstein in Small Business Switches - View the full discussion
Hi Chundunsing,
Thank you for the purchase of my switch.
Chundunsing, I love the way you worded your question ; "I am having an issue with LAG configuration on a Cisco SG300 52 switch." ,but seriously you are having a problem with interfacing the dell with my switch.
You have LAG working to the Dell R710 teamed NICs and god knows what NICs or drivers you are using to acheive this.
Now LAG is providing , load balancing between the LAG ports.
Now LAG is providing , link redundancy for connectibity to the Dell R710.
If there is a configuration issue , it sure seems the way you have it configured without LACP is still working. But you have the option when you create a LAP group to enable LACP. You can see this as a tick box in the LAG group.
But might i also install, recently firmware version 1.1.1.8, just came out.
Please be sure to;
Step 1. update the firmware on the switch and
Step 2. select it as the 'active image.'
Step 3 rebbot the switch to utilize this active image.
If you are having any trouble doing this the admin guide references how to achieve this. for your concenience I have atteched the guide to this posting.
regards Dave
Reply to this message by going to Cisco Support Community
Start a new discussion in Small Business Switches at Cisco Support Community -
Problem with switch SG300-28P Poe and Avaya 1408 telephone
Hi Team
We have a model SG300-28P Switch 28-Port Gigabit PoE Managed Switch, in every port we are allowing the voice VLAN and data VLAN (trunk), happens to be off this type of phone, we reconnect the cable and port the switch is dropped, so that the voice vlan phone is lost and no longer work.
Thanks for your comments.
RegardsHi Yesenia, did you contact Avaya support? Did you configure the phone for a voice and data vlan?
I'm trying to dig through the Avaya website and looking at the fact sheet and user guide it has no mention of VLAN.
Is the switch supported for the usage of Avaya Aura Communication Manager call processing system?
-Tom
Please mark answered for helpful posts -
Cisco SG300-28 / SGE2000 / Catalyst 2960
Hello everyone,
I'm looking for switch to accompany Cisco ASA 5520 in data center, with 20+ GE ports and no need for PoE.
I would like to understand the difference between Cisco SG300-28, Cisco SGE2000 and Cisco Catalyst 2960, 2960-C and 2960-S Series (except specific number of ports). As far as I can see the Cisco SGE2000 has 4x SFP and is stackable unlike the SG300 with 2x miniGBIC/SFP, but not much else. Cisco Catalyst 2960 series offers some additional features like USB storage, but I can't imagine I will need that.
Any suggestions?
Thank you
DanHello everyone,
I'm looking for switch to accompany Cisco ASA 5520 in data center, with 20+ GE ports and no need for PoE.
I would like to understand the difference between Cisco SG300-28, Cisco SGE2000 and Cisco Catalyst 2960, 2960-C and 2960-S Series (except specific number of ports). As far as I can see the Cisco SGE2000 has 4x SFP and is stackable unlike the SG300 with 2x miniGBIC/SFP, but not much else. Cisco Catalyst 2960 series offers some additional features like USB storage, but I can't imagine I will need that.
Any suggestions?
Thank you
Dan -
SG300-28P - POE not correctly supported on all ports - possible firmware or hardware issue
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]:
3 Ruckus 7982 access points
1 Pakedge access point
2 home-automation controllers
2 Polycom voip phones
I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
I'm really interested to hear what Cisco's reply and findings on this matter would be. And would welcome a reply from one of their senior support team members/managers who could actually experiment with this, too. In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.show power inline
Port based power-limit mode
Unit Power Nominal Power Consumed Power Usage Threshold Traps
1 On 180 Watts 13 Watts (7%) 95 Disable
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
gi2 Never Off low class0
gi3 Auto Searching critical class0
gi4 Never Off low class0
gi5 Auto On critical class0
gi6 Never Off low class0
gi7 Auto On critical class2
gi8 Auto Searching low class0
gi9 Auto Searching low class0
gi10 Auto Searching low class0
gi11 Auto Searching low class0
gi12 Never Off low class0
gi13 Never Off low class0
gi14 Never Off low class0
gi15 Never Off low class0
gi16 Never Off low class0
gi17 Never Off low class0
gi18 Never Off low class0
gi19 Never Off low class0
gi20 Auto Searching low class0
gi21 Never Off low class0
gi22 Auto Searching low class0
[0mMore: , Quit: q or CTRL+Z, One line: gi23 Auto Searching low class0
gi24 Auto Searching low class0
show power inline gigabitethernet xx (for each device plugged in)
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 3
Invalid Signature Counter: 17583
Port Powered Device State Status Priority Class
gi2 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi3 Auto Searching critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - detection is in process
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 2
Invalid Signature Counter: 1
Port Powered Device State Status Priority Class
gi4 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi5 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi7 Auto On critical class2
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi13 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 1
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi14 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
show interfaces advertise gigabitethernet xx (for what ports are of interest)
Port: gi9
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi10
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi11
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi21
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi22
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi23
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - - -
Securing SG300 28P PoE Swtich.
Greeting's, I would like to start by apologizing. I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a SG300-28P-PoE switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures (hand holding, I'm sorry).
I wanted step-by-step guidance of:
1. Locking down ports by MAC address.
2. DDoS protection.
3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
4. Shutting down any services on the switch.
Any other recommended security steps to secure the switch.
Thanking in advance,
ParthHello Parth,
Thank you for using the Cisco Small Business forums. I am a eContent developer and part of the Small Business Support Community.
Looking over the questions that you've asked, I found a few articles that might help you with the configuration changes you'd like to make:
As Brandon mentioned, the Knowledge Base contains many documents with step-by-step procedures and screenshots for common tasks. Port-security is an excellent solution for the first problem. You can configure ports to lock down when a MAC address is changed:
Port Security
The SG300 security suite has many options for protecting against DDOS attacks:
DDOS
In regards to disabling/enabling services and restricting access to the web console, this article provides some guidance (uncheck the services that you do not wish to use-- in relation to your question, uncheck all except HTTPS):
Enabling SSH/Telnet/HTTP
I hope that these articles help to answer your question. Please remember to mark this question as answered and rate it if it helps to address your issue so other users can benefit from it, and feel free to ask any further questions you might have!
Best,
Gunner Grim
Cisco eContent Developer -
Cisco SG300-10 spf module not recognized
Hi all, I have 2 Cisco SG300-10 switches with MFEFX1 spf modules. Although these modules should be supported, it seems they are not working properly.
If I execute SH fiber-ports optical-transceiver I get
SwInter1#show fiber-ports optical-transceiver interface gi10
Port Temp Voltage Current Output Input LOS
Power Power
gi10 N/S N/S N/S N/S N/S N/S
Temp - Internally measured transceiver temperature
Voltage - Internally measured supply voltage
Current - Measured TX bias current
Output Power - Measured TX output power in milliWatts
Input Power - Measured RX received power in milliWatts
LOS - Loss of signal
N/A - Not Available, N/S - Not Supported, W - Warning, E - Error
Could you help me with this?
Thanks in advanceHi Mark,
The led is green, also the status is connected
SwInter1#sh interface status
Flow Link Back Mdix
Port Type Duplex Speed Neg ctrl State Pressure Mode
gi1 1G-Copper -- -- -- -- Down -- --
gi2 1G-Copper -- -- -- -- Down -- --
gi3 1G-Copper -- -- -- -- Down -- --
gi4 1G-Copper -- -- -- -- Down -- --
gi5 1G-Copper -- -- -- -- Down -- --
gi6 1G-Copper -- -- -- -- Down -- --
gi7 1G-Copper -- -- -- -- Down -- --
gi8 1G-Copper -- -- -- -- Down -- --
gi9 1G-Combo-C -- -- -- -- Down -- --
gi10 1G-Combo-F Full 100 Disabled Off Up Disabled Off
When I insert the spf module, this appears in the log
6-Mar-2014 19:04:22 %Fiber-I-SFP-PRESENT-CHNG: gi10 SFP status is present.
06-Mar-2014 19:04:23 %HAL_config_phy-I-CHNGCOMBOMEDIA: Media changed from copper
media to fiber media (Unknown) on port gi10.
06-Mar-2014 19:04:24 %LINK-I-Up: gi10
06-Mar-2014 19:04:24 %LINK-I-Up: Vlan 1
06-Mar-2014 19:04:29 %STP-W-PORTSTATUS: gi10: STP status Forwarding
The ports are simply configured with speed 100. It's being used only vlan 1.
Thanks -
Communication problem between Cisco 3560 and Cisco SG300.
Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan. -
A rugged switch that can support PoE+ on 4 ports
We are mounting 4 Access points in a parking Lott. We have wired up a cat6 cable to each AP (not power). The cat6 cables are terminated in a weather resistant outdoor box.
My question is: Does Cisco have at rouged switch that can support this setup?
The plan was to use a IE2000. However the IE-2000-16PTC-G-L that we purchased, did not deliver enough power on each port (it can deliver PoE on 4 ports, but only PoE+ on 2) My fault that I did not read the PDF thoroughly enough :-(
So question is, does cisco have a rugged switch that can deliver PoE+ on 4 ports?I believe you'd have to move up to the IE3000 series with the 8-port module (Cisco IEM-3000-4PC-4TC=). That module will deliver POE+ on 4 of its 8 ports. Reference.
-
Cisco SG300 and LLDP with Yealink Phones.
I am currently trying to setup a Cisco SG300 switch with a hosted VoIP solution using the SG300's at the customer's premise. The Yealink phones I am not able to get them to pull an IP address and believe the problem is related to LLDP. We also use Polycom phones and they work just fine. Here is the configuration that I am currently using ( I have tried several different configurations and none of them work with the Yealinks. Any help would be greatly appreciated.
DLC#show run
config-file-header
DLC
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,88
exit
voice vlan id 88
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname DLC
interface vlan 2
name Data
interface vlan 88
name FlexVoice
interface gigabitethernet1
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet2
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet3
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet4
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet5
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet6
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet7
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet8
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet9
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet10
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet11
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet12
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet13
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet14
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet15
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet16
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet17
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet18
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet19
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet20
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet21
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet22
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet23
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet24
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet27
switchport mode access
switchport access untagged vlan 2
no macro auto smartport
interface gigabitethernet28
switchport mode access
switchport access untagged vlan 88
no macro auto smartport
exit
DLC#Here is the latest configuration that I tried, Polycom phone worked, Yealink didn't.
co-test#show run
config-file-header
co-test
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,88,881
exit
voice vlan id 88
voice vlan state oui-enabled
voice vlan cos 6 remark
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 0004f2 Polycom
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 001565 Yealink
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname co-test
interface vlan 2
name data
interface vlan 88
name flexvoice
ip address 172.16.88.2 255.255.255.0
no ip address dhcp
interface gigabitethernet1
voice vlan enable
interface gigabitethernet2
voice vlan enable
interface gigabitethernet3
voice vlan enable
interface gigabitethernet4
voice vlan enable
interface gigabitethernet5
voice vlan enable
interface gigabitethernet6
voice vlan enable
interface gigabitethernet7
voice vlan enable
interface gigabitethernet8
voice vlan enable
interface gigabitethernet9
voice vlan enable
interface gigabitethernet10
voice vlan enable
interface gigabitethernet11
voice vlan enable
interface gigabitethernet12
voice vlan enable
interface gigabitethernet13
voice vlan enable
interface gigabitethernet14
voice vlan enable
interface gigabitethernet15
voice vlan enable
interface gigabitethernet16
voice vlan enable
interface gigabitethernet17
voice vlan enable
interface gigabitethernet18
voice vlan enable
interface gigabitethernet19
voice vlan enable
interface gigabitethernet20
voice vlan enable
interface gigabitethernet21
voice vlan enable
interface gigabitethernet22
voice vlan enable
interface gigabitethernet23
voice vlan enable
interface gigabitethernet24
voice vlan enable
interface gigabitethernet27
switchport mode access
switchport access vlan 2
no macro auto smartport
interface gigabitethernet28
switchport mode access
switchport access vlan 88
no macro auto smartport
exit
co-test#
Maybe you are looking for
-
It says the mostly likely cause is problems with files in your application's profile directory.
-
Adding configurable material in MRP3 using MATMAS .
Hi All, I am working on creation of material using idoc ., message type is MATMAS and basic type is /AFS/MATMAS05. In the view MRP3 we have a field called 'CONFIGURABLE MATERIAL ; and I am trying to pass the configurable material into this space usin
-
Setting TimeZone to GMT -12.00
Hi, I set the TimeZone on my system to GMT -12.00 and the Date/Time is Dec 14 7:53 AM. When i try to get the Date in my java application using = new java.util.Date() or =Calendar.getInstance().getTime() Date/Time it shows is Dec 15 7:53 AM. It has ad
-
CRM RMA orders for configurable products
Hi Experts, We have configurable products created in ERP. We need the capability to place the configurable products in CRM RMA order. Any guidence on the steps that are needed to bring the configurable products to CRM is greatly appreciated. Also Is
-
Help: system asking for subscription or credit, bu...
system is asking for a subscription or to buy credit. I have already paid for a 3 month subscription This post was transferred from its previous location to create its own new topic here; its subject and/or title has been edited to differentiate the