SF300-24P VLAN CONFIG QUESTION

Hi please excuse my ignorance and lack of knowledge in this field as I am a complete newbie when it comes to Cisco switches and VLANS etc. but trying to learn.
I have a Cisco 300-24P and need to create two separate networks (private and public) ports 1 - 10 for Private and ports 11 - 20 for Public. I then to need ports 21 - 24 for access points and that can access both private and public.
I am assuming that would need to create two vlans (e.g. VLAN100 for private and VLAN200 for public). After reading a little I think I need to set ports 1- 20 to "access" and ports 21- G4 to "trunk".
I have attempted this but don't think I have things quite right. Would it be possible for someone to either point me in the right direction or even send me a saved config that I could load and examine.
Many thanks in advance for your help.

Hello,
I think I can clarify a few things for you:
1- The ports that are going to connect directly to end stations will need to be configured as access ports with the respective VLAN as untagged.
2- The ports that are going to be connected to the AP's will need to be configured as trunks with VLAN 100 un-tagged and 200 tagged. The AP should be able to understand VLAN's, they should be configured with and IP address on VLAN 100.
3- By default, the un-tagged VLAN is the same PVID.
Notes:
A few things to keep in mind:
1- I see you already have a router on the network, this is the one that will determine if the VLAN's can talk to each other based on the Inter VLAN configuration. In general terms, if inter VLAN is enabled on the router then Public and Private will be able to share traffic, otherwise they wont.
2- When creating VLAN's on the SG300 make sure that you are not assigning IP addresses to any other VLAN than your management VLAN, otherwise you could have issues with the routing.
3- To make sure the connectivity between the VLANs is working as you expect, make sure to do all the testing from the hardwired PC's first, that way you will know if the issue is on the router or the switch.
I hope this was helpful.

Similar Messages

SF300-24P VLAN Confusion - autosmartport not being too smart?

Hi Everyone, first question i've posted, i'll try and give as much information as possible, i'm an extremely quick learner as well and have been around networking for nearly 20 years but this is my first outing into the medium sized VoIP deployment with prioritised LAN traffic and a client that is itching to say "told you so" about using IP phones.
I have 4 x SF300-24P switches in a network i'm deploying, 1 will be adjacent to the router (a draytek Vigor 3200 - 4xWAN Gigabit) and the other 3 will be trunked using the GE/01-GE/03 ports to the main switch and will then distribute through a patch panel to give me 96 network ports with PoE capability where required. There will be 30+ IP Phones on the network, all of which are Yealink T38G SIP handsets.
I want to have two VLAN's - one for regular workstations, and one for IP Phones with the IP Phone VLAN getting high prority for its traffic on the LAN - all documentation makes it sound simple but it doesn't seem to be working the way I think I expect it to. I don't mind the two VLAN's sharing the same IP address space at this time and currently all occupy 10.0.0.0/24 internally.
So, I have 2 questions and a problem.
First, from the factory, the switches are configured that VLAN1 is the default VLAN and that auto-voice VLAN is also VLAN1? Is this right?
Second, i'm having trouble determining the difference in terminology for port types between general, access, trunk etc - obviously trunk is between switches and carries VLAN information through to the next segment of the network.
My main problem seems to be with auto-voice VLAN and smartport. If I enable smartport, the switch figures out through LLDP that the port is used by an IP Phone + Desktop (excellent, this is what I want it to do) so then puts the handsets in VLAN1 but then the handsets start to become invisible on the network after 2-3 minutes, the handsets then reboot because they've detected a network drop out and then reconnect, re-register at the voice server and are visible and contactable for 2-3 minutes then the loop begins again.
If I disable smartport, the problem goes away.
Am I unreasonably expecting that any user can unpack an IP phone and (subject to provisioning on the server), plug it into any port on the network and it will figure out that it's a phone, not a PC and then prioritise its traffic?
What I want to avoid is the possibility of internal bandwidth lag if someone copies a large file over the network and people are using the phones that the phone users don't get packet loss or audio instability because of the file copy. The internet side will be fine, the Vigor3200 has QoS facilities built in and i've had good success on smaller networks with these routers.
Ideally I need a semi-planned network setup where people with WiFi SIP clients will also get some priority.
I have set QoS on the handsets to match DSCP46 from the switches - can the traffic be manipulated this way or does it already do that in the DSCP to Queue setup which automatically puts anything above 40 in Queue 4 (high priority).
All help very greatfully received.
James

Hello James,
Welcome to the forums!
About the default settings. The switch comes with vlan1 as the default vlan for all traffic.
Here is a quick overview of the port settings
access - one vlan
trunk - multiple vlans
general - multiple vlans (had additional options)
When using the auto voice-vlan, you can have your port set as access for vlan 1 and when the switch see a phone connected, it will join the voice vlan also. This allow the ports to be dynamic. It is not necessary to do this. You can create all ports as trunk ports that are part of both your default vlan and your voice vlan.
The benifits of auto-voice vlan
-phones are discovered and joined to the vlan dynamically
-predetermined QoS settings
-security in that you can have your port set to access
This is a relatively basic overview.
As for the problem you are seeing. I would recommend that you check the firmware of the switch and upgrade if needed. While it may not have anything to do with the problem at hand, it will help prevent any future issues.
I would suggest disabling the Green Ethernet, which can be found under the port management section. If you continue to see the problem after that, I would recommend giving us a call at the support center. We will be able to look a little closer to what is happening.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Initial 4402 and VLAN Config Questions

We have a 4402 connected through a 3750 with ints as follows:
ap-manager/untagged/192.168.1.241/yes
management/untagged/192.168.1.244/n
s.p./na/172.16.0.1/n
v/na/1.1.1.1/n
wireless/100/10.10.0.1/n
Internal DHCP Server enabled at 192.168.1.241
In viewing the port address table on the switch connecting to the WLC, no traffic is showing on VLAN100 (port is tagged for that VLAN). Any ideas?
Also, is there a need for a NAT box anywhere to translate IPs between the distinct subnets?
Thanks in advance.
Doug

Hi Hoof,
I haven't used NAT, just a standard router.
I'm not sure what you mean when you say "pointing at the address on the controller", if you're talking about the ap-manager or management interfaces then that is definitely not what you want (unless I've completely misunderstood you).
Yes, the gateway address on your dynamic interface for vlan 100 should be the gateway on your router. The other "IP Address" parameter is a free address from the subnet that is associated with vlan 100 which I believe is used to route (for want of a better term) between the WLC and your wired network.
Hoping this is helpful.
Scott

SF300-24p Q-in-Q - Changing from vlan 4095

I have a Cisco SF300-24P deployed at a customer prem running only a couple VLAN's - 1 customer related and 1 for management. Recently the customer inquired about changing his connection to Q-in-Q. I have changed the interface type to customer but then it selects vlan 4095 as the vlan associated to that port. How do I change that vlan or by default is that the only vlan I can use? Currently the customer is using vlan 904 and would like to continue to use that vlan in the Q-in-Q config.

Hi Christopher, I didn't run in to this problem at all. Please reference the 2 screen shots below. 4095 is a reserved PVID when a native vlan is not associated to the port.
-Tom
Please rate helpful posts

There is no "Switchport Voice Vlan" command on SF300-24P !!!

Hello everyone
I am in an urgent problem :S
I have a Small Business SF300-24P
I have created two vlans one data and one voice
but i have not assigned them to the ports and I am not sure how to do so since there's no "switchport voice vlan" command under the interface !!
here are the configurations
btw the switchport mode is still trunk as it is by default
Thanks in advance
switch0a1172#
switch0a1172#
switch0a1172#sho run
config-file-header
switch0a1172
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 13,20
exit
voice vlan id 20
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switch0a1172
username cisco password encrypted c8e383b1dd7be99f878a387d87766e875404e0b3 priv
lege 15
ip telnet server
interface vlan 13
name "VLAN13"
interface vlan 20
name VOICE
switch0a1172#

Hi Sandy,
You need:
switchxxxxxx(config)# voice vlan id 20
and smart ports should do the rest.
for your reference: http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_300.pdf?mdfid=283019666
Regards,
Aleksandra

Need help InterVlan Routing on SF300-24P? .

Hello
I really need help with Inter vlan routing via Kerio Controll 7.4.1.
I have several SF300-24P switches (IOS 1.3.0.62) and i have created a several VLAN's.
Vlans: Vlan 10, 100, 200 and interface vlan 213 (for management).
I can ping hosts in the same Vlan via this switches. From switch to host, port is in access mode and between switches ports is in Trunk mode
(also i had a problem here, trunk wasn't working untill i used command: switchport trunk allowed vlan add all).
Also port is in Trunk mode between KERIO and SW1 (switch). interface is in TRUNK mode from switch's side because i don't know how configure interface TRUNK mode on kerio.
On kerio i have configed one physical interface with IP - 172.16.0.1 255.255.255.0 and on the same interface i have created
VLAN 10, VLAN 100 and VLAN 200.
static IP's for this interfaces:
10.0.0.1 255.255.255.0 VLAN 10
192.168.100.1 255.255.255.0 VLAN 100
192.168.200.1 255.255.255.0 VLAN 200
On KERIO i have created DHCP Lease for each VLAN, but i cannot get IP's from DHCP. So i assigned static IP's to computers
(for example for VLAN100 PC, VLAN 200 PC and so on) but they cannot ping each other when they are in different vlans, so inter vlan routing itsnot working. but with static IP on the PC, i can ping every VLAN's IP address on KERIO.
so pls tell me how i must configure inter vlan routing on kerio, is it possible?
or what must i do? where is my mistake? maybe when i put IP on pysical interface?
here is my configs and pls help and give me config example.
config-file-header
SW1
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator plaintext
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW1
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.1 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW2       <--- This port is Trunk, but its not showing here for some reason.
spanning-tree disable
interface gigabitethernet2
description Direction-To-KERIO <--- This port is Trunk also.   i used: switchport mode trunk on both interfaces
spanning-tree disable
exit
banner login
SW1
config-file-header
SW2
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW2
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.2 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet8
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW1    <--- This port is Trunk also.   i used: switchport mode trunk
exit
banner login
SW2
i have excluded many interfaces because hey have same configs.

Yes Kerio is capable for routing. i wanted to make InterVlan routing via kerio Ccontroll, but i can't and that's i asked here, i need to know reason.
I have modified 1 switch to L3, and inter vlan routing its now working (without Kerio) and i hope this switches dont have problem when they are DHCP server also.
thanx for help. I Hope i didnot have much mistakes in config.

VoIp settings for replacing a Cisco 3550 switch with a SF300-24P

I am adding the SF300-24P to an existing set of switches. My backbone switch is a 3560.
The 3550 I am replacing has this config for each port that supports a Shoretel phone
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
global settings include
spaning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,200 priority 28762
vlan internal allocation policy ascending
all other settings are at default
Any ideas how to replicate this on this new switch? I added the Shoretel mac address range (00-10-49) into the Telephone OUI. The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
Some configs from the backbone are attached. I did not need to configure any of this in the 3550.
Any ideas?
Fred

Hi fred,
The shoretel phone sounds like it is not attaching to tagged vlan 200 on my switch, the shortel voice vlan as per your screen captures.
The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to the Data Vlan .
I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc... But the phones are not attached to the voice vlan , but the untagged data vlan. You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
Please review carefully that attached shortel document and my screen shots and a real configuration done on my SF300-48P. The configuration should be almost identical to your configuration.
I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
All ports by default are in VLAN1 as you can see below
I then added all ports as tagged ports to vlan 200 as you can see below.
For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports fastports except for the uplink Gigabit ports.
If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
For some reason this site adds a zip extension to the end of my running configuration. I used wordpad to look at the file
I am using firmware version 1.0.0.27 on my unit and the userid=admin password i used was admin
I hope this helps.
regards Dave

SF300-24P unstable traffic

Hello,
I've installed and configured 2 SF300-24P switches on Layer 3 mode in my company.
Since I've made this installation, I accounter some problems of stability in my LAN communication.
Here is the running config of the 2 switches:
First Switch
SW-WIFI#show running-config
config-file-header
SW-WIFI
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
no cdp run
no spanning-tree
vlan database
vlan 2
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 172.16.0.2
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname SW-WIFI
username cisco password encrypted 18c7e97c305303ec56fbb3105666d85721208731 privilege 15
ip ssh server
snmp-server server
clock timezone " " 0 minutes 0
ip telnet server
interface vlan 1
ip address 172.16.0.249 255.255.0.0
no ip address dhcp
interface vlan 2
name POSTES
ip address 192.168.1.245 255.255.255.0
ip dhcp relay enable
interface fastethernet1
ip dhcp relay enable
switchport trunk native vlan 2
interface fastethernet2
switchport trunk allowed vlan add 2
interface fastethernet3
switchport trunk allowed vlan add 2
interface fastethernet4
switchport trunk allowed vlan add 2
interface fastethernet5
switchport trunk allowed vlan add 2
interface fastethernet6
switchport trunk allowed vlan add 2
interface fastethernet7
switchport trunk allowed vlan add 2
interface fastethernet8
switchport trunk allowed vlan add 2
interface fastethernet9
switchport trunk native vlan 2
interface fastethernet10
switchport trunk native vlan 2
interface fastethernet11
switchport trunk allowed vlan add 2
interface fastethernet12
switchport trunk allowed vlan add 2
interface fastethernet13
switchport trunk allowed vlan add 2
interface fastethernet14
switchport trunk allowed vlan add 2
interface fastethernet15
switchport trunk allowed vlan add 2
interface fastethernet16
switchport trunk allowed vlan add 2
interface fastethernet17
switchport trunk allowed vlan add 2
interface fastethernet18
switchport trunk allowed vlan add 2
interface fastethernet19
switchport trunk allowed vlan add 2
interface fastethernet20
switchport trunk allowed vlan add 2
interface fastethernet21
switchport trunk allowed vlan add 2
interface fastethernet22
switchport trunk native vlan 2
interface fastethernet23
switchport trunk allowed vlan add 2
interface fastethernet24
switchport trunk native vlan 2
ip helper-address all 172.16.0.2 37 42 49 53 137 138
ip route 0.0.0.0 0.0.0.0 172.16.0.150
ip route 10.30.31.0 255.255.255.0 172.16.0.250
Second switch
SW-SRV#show running-config
config-file-header
SW-SRV
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
no cdp run
no spanning-tree
vlan database
vlan 2
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 172.16.0.2
ip dhcp relay enable
bonjour interface range vlan 1
hostname SW-SRV
line telnet
password 18c7e97c305303ec56fbb3105666d85721208731 encrypted
exit
line ssh
password 18c7e97c305303ec56fbb3105666d85721208731 encrypted
exit
username cisco password encrypted 18c7e97c305303ec56fbb3105666d85721208731 privilege 15
ip ssh server
snmp-server server
clock timezone " " 0 minutes 0
ip telnet server
interface vlan 1
ip address 172.16.0.248 255.255.0.0
no ip address dhcp
interface vlan 2
name POSTE
ip address 192.168.1.248 255.255.255.0
ip dhcp relay enable
interface fastethernet1
switchport trunk allowed vlan add 2
interface fastethernet2
switchport trunk allowed vlan add 2
interface fastethernet3
switchport trunk allowed vlan add 2
interface fastethernet4
switchport trunk allowed vlan add 2
interface fastethernet5
switchport trunk allowed vlan add 2
interface fastethernet6
switchport trunk allowed vlan add 2
interface fastethernet7
switchport trunk allowed vlan add 2
interface fastethernet8
switchport trunk allowed vlan add 2
interface fastethernet9
switchport trunk allowed vlan add 2
interface fastethernet10
switchport trunk allowed vlan add 2
interface fastethernet11
switchport trunk allowed vlan add 2
interface fastethernet12
switchport trunk allowed vlan add 2
interface fastethernet13
switchport trunk allowed vlan add 2
interface fastethernet14
switchport trunk allowed vlan add 2
interface fastethernet15
switchport trunk allowed vlan add 2
interface fastethernet16
switchport trunk allowed vlan add 2
interface fastethernet17
switchport trunk allowed vlan add 2
interface fastethernet18
switchport trunk allowed vlan add 2
interface fastethernet19
switchport trunk allowed vlan add 2
interface fastethernet20
switchport trunk allowed vlan add 2
interface fastethernet21
switchport trunk allowed vlan add 2
interface fastethernet22
switchport trunk allowed vlan add 2
interface fastethernet23
switchport mode access
switchport access vlan 2
switchport general pvid 2
interface fastethernet24
switchport mode access
switchport access vlan 2
switchport general pvid 2
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.30.31.0 255.255.255.0 172.16.0.250
ip route 10.42.2.0 255.255.255.0 192.168.1.251
Here is what I want to do with these switches:
Uplink between the 2 switches on fa 13 for the first and fa 12 on the second
Behind the fa 23 on the second switch, I have a SDSL line between my company and a datacenter wich is hosting my main software.
Behind the fa 24 on the second switch, I have my Firewall wich hosts the ADSL for Internet and which is translating all addresses of the VLAN 1 to the address 192.168.1.254 in order to communicate with the datacenter via the SDSL.
On the native VLAN 1, I have some PCs, servers, the firewal and WiFi controllers.
On the VLAN 2, I have only PCs.
My final objective is to migrate all of the WiFi controllers and PCs in VLAN 2 and to only have servers in VLAN 1.
VLAN 1 and 2 must communicate between them, so I activated IP routing.
I wonder why I accounter some problems of stability for the connection on the SDSL.
In fact: between 7:30 and 10:00 I have no problems of communication between my LAN and the datacenter, passed 10:00 some problems of communications are appearing.
These problems didn't happened before I changed my old SF200 for the SF300, so I really think the problem is coming from the switches configuration.
I turned off CDP because I had some messages about Native VLAN mismatch on fa23 (SDSL).
I hope someone could give me some clue about what goes wrong.

I'll try an update of the firmware tomorrow.
The duplex mode is set to auto negociation and in fact on the port fa 23 autoset to full.
Yesterday, I set all ports to mode access except for the uplink ones wich still set to trunk and I moved uplink to the gigabits ports.
Before I do the firmware update from v1.2.9.44 to 1.3.0.62, could you tell me how long this update should take, and, by the way, does it need to rebuild the configuration of the switch?
I'll update the post after the firmware update is done.

Redundant FWSM Config Question

Hello All,
I'm going to be configuring failover with FWSMs for our 6500 at my job and I have a config question. There is one current 6500 chassis with 2 FWSMs installed. They are both online but currently since failover isn't setup, only one FWSM is actually active. My question is since we are using mutiple contexts where do I setup the failover interface, and do I need to configure failover on every single vlan on the FWSM? We have over 10 contexts each with 2-3 interfaces on them, so do I need a failover IP for every vlan that exists on every context? Also, does the failover config get setup on the admin or system context? Any help would be greatly appreciated, and thank you so much in advance!

Hi John.
Failover config goes in the system context. For the data interfaces in each context, you will need a primary and a standby IP i.e. 2 IP's per VLAN. Once failover happens, the secondary FWSM will assume the active role and the secondary FWSM will take over the Primary IP address thus making the failover process transparent to end users.
HTH.
Regards
Zubair

Need to access settings of SF300-24p

Hi I was just recently hired in my company, we have an sf300-24p switch but I cant find the console cable for it, I think it needs a female to female db9 serial cable, all I have is a DB9 serial to rj45 console cable for the 2801 router, also I cant find the IP address of the sf300 switch, it is directly connected to the 2801 router, I issued a show arp to the router but didnt find the switch's IP add for web access, to sum it up I have no way of configuring the switch, is there any way to find the IP address of the switch? It also dosnt show on show cdp neighbors, thanks!

Daniele,
You would be able to do something similar, password recovery, if you had the serial cable.
I'll update this post with instructions in a minute. I don't know if this is a project you need to get done today, but it sounds like that serial cable will make your life a heck of a lot simpler. If you can't wait to order one, is there somewhere you can get one locally?
Best,
David
Password recovery steps:
You'll need a serial connection to the switch with the following serial connections settings (I'm using Putty in the screenshot):
You will see a prompt during boot right after the cisco logo made out of #s that says "Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom."
Hit return, and you will get the following startup menu:
You'll want [3] Password Recovery Procedure and follow the prompts to reset the password without erasing your config file.

TROUBLE with SF300-24P

Hi
Actually we have the follow diagrame:
When put the SF300-24P on the remote node we have troubles with pass the vlan tag from voice and data on the same port but when put on access port to the vlan voice and data the dispositives have the correct funtion.
someone have something about of this trouble?
the firmeware actually on the switch es 1.2
Best Regards

Hi,
We follow the procedure as You said Us, and now the CP3905 learned the vlan correctly through CDP.
This is the Show Run now:
#sh run
interface gi1
spanning-tree link-type point-to-point
exit
vlan database
vlan 320-322
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no lldp run
interface fastethernet2
lldp med disable
exit
interface vlan 322
ip address 10.1.208.100 255.255.240.0
exit
ip route 0.0.0.0 0.0.0.0 10.1.208.1
[0mMore: , Quit: q or CTRL+Z, One line:
bonjour interface range vlan 1
hostname switch06e3d7
ip ssh server
no snmp-server server
ip telnet server
interface fastethernet2
macro description "ip_phone_desktop | no_ip_phone_desktop"
exit
interface fastethernet3
macro description "ip_phone_desktop | no_ip_phone_desktop"
exit
interface gigabitethernet1
macro description "switch | no_switch | switch"
exit
interface fastethernet2
no macro auto smartport
switchport trunk allowed vlan add 321
switchport trunk native vlan 320
exit
interface gigabitethernet1
!next command is internal.
macro auto smartport dynamic_type switch
[0mMore: , Quit: q or CTRL+Z, One line:
switchport trunk allowed vlan add 320-322
exit
Thanks for Your support
Best Regards,
AJ

Private Vlan config

I have a question regarding private Vlan config. I have a DMZ switch where I need to be able for a particuilar server to communicate to the reset of the servers on port 8686 and deny the rest of the communications between them. I have this server on a poremiscuios mode and the other servers on isolated ports.For security reason how can apply this access list? on which vlan? I am running IOS on the switch connecting these servers. Thanks for your help

the port is that the server(10.3.1.50. 255.255.0.0) that need to talk to all server is attached to:
interface GigabitEthernet1/0/18
description DZ1WEBSD001
switchport private-vlan host-association 50 51
switchport mode private-vlan promiscuous
speed 100
duplex full
no mdix auto
The subnet is 10.3.1.0 255.255.0.0
Basically the 10.3.1.50 need to talk to all servers on this subnet on port 8686 and deny evrything else
Thanks

Translation from SF300-24P to 3650ios

I received a config from my vendor that they usualy put on a SF300 for their managed voice. Looks like you configure general ports and PVID's to allow two vlans on one port. Is this the same as switchport voice vlan <vlanid> ?
Also in the configuration I see the following
voice vlan id 20
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
This config won't work on my 3550 and 3560 switches. It seems this is some auto vlan config, how would this translate on a 3550 or a 3560? or is it needed at all?

Hi Devin. The OUI table is not needed. That is just an alternate method to implement voice VLAN if you chose not to use SX300 macro.
General port is a 802.1q trunk, it's not relevant to priority tagging. Priority tagging is based off a tag VLAN packet to accept the 4 bit VPT header to prioritize traffic. Port mode has no effect on this so long as it's a tagged packet.
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/

Problem with SF300-24P

hi I Have been facing a problem, like when we are connecting the Aironet LWAPP indoor Accesspoint to Cisco SF300-24P Switch, we are getting some error like LOW POWER...means accesspoint not recieving enough power from POE Switch.
As per Cisco Datasheet for 300 series Switch the model number is SF300-24P and power dedicated to POE is 180 W and all 24ports do support POE at 7.5Wand 12 portsSupport Maximum Power at 15.0W.Required Power for Aironet Accesspoint through POE Switch maximum is 12.4W is Enough.So can anyone please suggest what to do now.

Hi Nenad, if you administratively remove auto smart port, auto voice vlan will also be shut down.
Your original post consists of some important details-
IP phones are directly connected on the switch and PC's are connected on the phone, so the PC's get IP's through the phone. FE ports are configured vlan 10 untagged vlan 20 tagged.
This is expected and good
Some PC's can't get IP's,for example client turn the computer on and can't get IP, sometimes ipconfig /release, ipconfig /renew on cmd helps sometimes I just unplug network cable from pc and plug it again and it works, I tried to replace the IP phone i didn't help.
When this happens, it usually indicates a convergence issue with spanning tree. If portfast (edge port) does not negotiate, the port will progress through the spanning-tree states, listening, learning forwarding, which can make a long time to receive DHCP / LAN connectivity.
Sometimes that issue change configuration on switch port for example client announce that he have a problem, I connect to switch via the web and see that port on witch is client connected have configuration vlan 10 data tagged vlan 20 voice tagged instead of vlan 10 untagged vlan 20 tagged...very strange.
This statement indicates a macro issue. The macro detects connection types through LLDP and CDP advertisements. If the switch is dynamically assigning vlan id or vlan tag, it means the macro is writing that configuration. Most likely, you will need to go to the macro and re-write the macro to show the native vlan to be 10.
So, I would recommend to do this- Go to the smart port built-in macro, edit all of the macro like this example
-Tom
Please rate helpful posts

A few post config questions on new setup

Hi Group,
Just a few post config questions.
First, how can I confirm my controller is in fact associating properly with an NTP server? On a typically cisco product, I could just do a 'show ntp associations' or a 'show ntp status'. I cannot see a way to confirm this on the gui or command line.
Second, on my guest network with web-auth, if one were to choose to not use https for web-auth and instead use unsecure http, would that be possible and if so where in the gui?
Thanks.

The third field is from a WLC running v7.4 not v7.2. I usually would install a 3rd party certificate, but what eles you can try is issue this command on from the CLI. It had issues working with certain code versions, but you might as well give it a try.
config network web-auth secureweb disable
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

SF300-24P VLAN CONFIG QUESTION

Similar Messages

Maybe you are looking for