SG300-10P SYN Protection

Hi Community,
just registered after reading some topics in the last months. Great answers here - thank you for that!
No I have a minor issue with a new feature and did not find any solutions yet.
Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround.
Did I miss something?
Maybe somebody has some hints for me!
Best wishes,
Alex
BTW: my firewall blocks those SYN packets with a SNORT rule, so I am no "helper" to those attacks and that is why the problem is minor to me.

Well, finally I discovered that I can provocate an attack with hping3 but only when I flood the switch interface address itself not other hosts on other switch ports. I can bring them down without any reaction from the switch.
So it seems, that the feature SYN Protection only protects the switch itself from SYN floods.
Not as useful as I thought.
Best wishes,
Alex

Similar Messages

  • Unable to ping IP address from SG300 -10p switch

     i have two core switches, we have configured the vlan 70 in both core switch
    sh run int vlan 70 --ip address: 182.94.177.34/28
    configured the HSRP in both routers.
    we have configured port in vlan 77 in access switch 4507R-E , we are able to ping the ip address.
    again we have installed on Cisco SG300 10p switch case cading to Cisco 4507R-E access switch.
    we have give below commands
    switch manangement IP :
    switch38cbaf(config)int vlan1
    switch38cbaf(config-if)#ip address 124.4.67.47 255.255.255.0
    switch38cbaf(config)#vlan database
    switch38cbaf(config-if)vlan 70
    switch38cbaf(config)#int gigabitethernet1
    switch38cbaf(config-if)#switchport mode access
    switch38cbaf(config-if)#switch access vlan 77
    Trunk Configuration
    switch38cbaf(config)#int gigabitEthernet9
    switch38cbaf(config-if)#description << Trunk | connected to access switch 4507R-E | Fa4/1 >>
    switch38cbaf(config-if)#swtichport mode trunk
    switch38cbaf(config-if)#switchport trunk allowed vlan 77
    problem:
    i am assigned the ip address 182.94.177.44 to  our desktop and connected to port Gi1
    I am able to ping 182.94.177.33, 34 and 35 Ip Address but unable to ping 182.94.177.44

    Some things to check/verify -
    a) is there a typo in your configuration above ie. you have created vlan 70 according to your configuration but the actual vlan you are using is vlan 77
    b) does the trunk link between the access 4500 and the core switch allow vlan 77
    c) try pinging from the client and not to it as there may be a firewall on the PC.
    Jon

  • Connecting SG300-10P to another SG300-10P

    please forgive the newbie question but trying to upgrade/expand my network beyond the simple linksys switch i currently use. 
    what is the proper way to connect a second SG300-10P to the system?
    current configuration is:
    cable modem to Cisco Router RV042G.  Router port 1 to SG300-10P port G9 (the switch is located in another room)
    from the SG300-10P i have ethernet cables (Cat 5) running throughout the building
    in another room, i would like to add another SG300-10P.  do i connect from the ethernet jack in that room to port G1-G8 or do i connect to the G9 link port?
    thanks

    Hi Lee, it generally doesn't matter. The reason it matters interconnecting these switches is because the POE is designed to work with older Cisco POE devices and the connection will detect a valid resistance and attempt to supply power to the switch which in turn may give adverse affects.
    -Tom
    Please mark answered for helpful posts

  • SG300-10P LACP and PoE

    Hi
    I am using SG300-10 and connected it to two SG200 with LACP and PoE
    When I tried to use ssh client to check poe status via cli, the switch suddenly rebooted.
    After this, the poe is dead.
    I reset the switch, reconfigured the settings but ..
    as soon as I set GE1+GE2 to a LACP group,
    the SG200-8 connected to GE1+GE2 is down, lost power
    when I remove the GE1+GE2 from LACP group, the poe is back ...
    same to any other port.
    only ports that not in LACP listed in "Port Management" "PoE" "Settings"
    is the hardware damanged? I am using the lasted 1.3.0.62 firmware.
    The physical connected is:
    L3 Mode
    GE1+GE2 = LACP <---> SG200-8 nr1
    GE3+GE4 = LACP <---> SG200-8 nr2
    GE5 <---> my pc
    Thanks for any hint/help!

    Thanks for the advice.
    I came home today and found out a power outage happened and somehow the SG300-10P stopped working partly, any device not directly connected to it can't ping the switch or communicated to it or its conncted devices. (even after reboot)
    So I decieded to reset it to the factory default and manually reapply all the setting from my memory, because last few times I tried to use backuped config file, it ended badly. ( the firmware is already updated to latest)
    After that, I followed your advice and set GE1 PoE active and GE2 PoE off, and so on, now both SG200-8 and SLM2008 are getting power from port GE1 and GE3.
    Still, as soon as I add a port to a LACP group, it will disappear from "
    Port Management", "PoE", "Settings" page ..., is that a normal behavior? or is it a problem on SG200 or/and SLM2008?

  • Configure VLANs on SG300-10P

    Hi, 
    I need help to configure the SG300-10P switch for the following:
    port 9 connect to router (10.0.1.1) to internet
    Vlan 1 (default) 10.0.1.200: ports 1 - 4 & 10: use for PCs and IP phones
    Vlan 2: 10.0.2.1: port 5, port 6, use for printers
    Vlan 3: 10.0.3.1: port 7, port 8: use for security cameras
    Vlan 1 & 3 can access internet but not vlan2
    I've read many posts but still confused.  Please show me the required steps/commands to configure this.  
    Thank you for your help.

    Hi Nil, can you please tell me if your router supports 802.1q VLAN or subinterfaces? In order to assist you, we need to know what is the networking hardware involved.

  • DHCP on SG300-10P for VLAN

    Using an SG300-10P with firmware 1.3.7.18 and boot version 1.3.5.06 there's an option to run a DHCP server on the device.  If this is really a full DHCP server, documentation is spotty, can I create a DHCP zone to serve VLAN 25 and only VLAN 25?

    According to documentation it should be possible:
    Switch functions as an IPv4 DHCP Server serving IP addresses for multiple DHCP pools/scopes
    Rigth now I do not have access to one SSG but I will check it tomorrow when I work with one of my clients for the specific path,
    Regards,
    Jcarvaja

  • SG300-10P switching problem

    Hello
    I have a Synology disk on port 4 on my SG300-10P switch and my computer on port 6 both on the VLAN 1, the only VLAN on my switch. Accessing this disk with the IP address is slow and data transfer to the disk is slow as well. So I traced the route (Administration > Traceroute)
    to the disk and found that it is looping outside to the router and back to the switch. How can I get the switch to access the disk directly?
    Thanks in advance
    Leo

    Hi Leo, there shouldn't be a reason the packets are being sent to the default gateway if you're on the same subnet and the same vlan.
    Are you using the loca IP address of the Synology disk or are you trying to hairpin (using the WAN ip address instead of local IP address)?
    -Tom
    Please mark answered for helpful posts

  • Spare Power Supply for SG300-10P

    Hi Guys,
    anybody knows where i can buy a spare power supply for the sg300-10p.
    Perfectly in Europe or Germany.
    thx
    Paul                  

    Hi Paul, there has not been an individual part number for the power adapter. This is also true for things like rack mount kits. If your power adapter has died then you would need to call your reseller or the small business support requesting RMA.
    -Tom
    Please mark answered for helpful posts

  • SG300-10P Hochfrequenter Ton

    Hallo,
    ich hoffe das ich hier eine Lösung für meine Problem finde. Mein recht neuer SG300-10P erzeugt nach Anschluss an das Netzteil einen hochfrequenten Ton. Ich denke nicht, dass dies normal sein kann. An welche Stelle muss ich mich in dem Fall wenden? Gibt es einen Kontakt bei Cisco der sich um diese Dinge kümmert? Was kann ich da tun?
    http://soundcloud.com/christian-24-1/cisco-sg300-10p-ohne-sfp-0cm
    Beste Grüße,
    Christian

    Christian,
    Kontakt im Kleinbetrieb-Support-Center unter 0800 503 0017. Weltweite Kontaktinformationen finden Sie hier:
    http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
    Danke,
    David
    Bitte entschuldigen Sie mein Deutsch

  • SG300-10P Download Configuration Problem

    Hi, I am unable to download any configuration files.  I am prompted to select a Source File, when actually I am trying to download it from the SG300.  I'm on OS X.  It simply says Choose file and I am prompted to select a file, not a folder.  The option to Choose is greyed out as if it thinks I am trying to upload to the SG300, not the other way around.  All I am able to do is Cancel.

    Hi Mike, choose the option "back up". This should allow you to save the file to your hard drive.
    -Tom
    Please mark answered for helpful posts

  • SG300-10P

    Do these switches support option 66?
    If not, how should I configure my Polycom phones to work with it, or should I get a different type of switch?

    How do I translate this from a Cisco 3560 to this switch?
    ip dhcp pool Aastra
       network 10.90.0.0 255.255.255.0
       option 66 ascii http://myphone.company.com/sip-ps
       default-router 10.90.0.1
       dns-server X.X.X.X
    I have it upgraded to 1.3.5. But I'm not able to get the correct syntax in the SG300 to get it working. It wont allow me to use the domain name or the /sip-ps.
    ip dhcp server
    ip dhcp pool network NAME
    address low 172.31.253.10 high 172.31.253.62 255.255.255.0
    lease infinite
    next-server 10.0.0.15
    next-server-name sip-ps
    default-router 172.31.253.1
    time-server X.X.X.X
    dns-server X.X.X.X
    exit

  • Difference SG300-10MP and SG300-10P

    Hi,
    can anybody tell me the difference between these two models? In the data-sheet I don't find any differences, but probably there are some ...
    Thanks in advance, Karsten         
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni       

    Thanks, after reading that I foud the differences in the data-sheet ...
    Then I can go with the "normal" one, it just has to power three SPA525G.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • SG300-10p MAC based ACL

    I try to limit the access of a printer to one computer and define a MAC based ACL and a corresponding ACE. I set the destination MAC address of the printer (mask 000000000000) and the source MAC address of the computer (mask also 00000000000) and the VLAM ID to 1. The other parameters seem not important? Then I add the ACL to the port where the printer is connected. Unfortunately the printer is not accessible now. What do I forget?

    Hi  Andrey
    thank you for your lines.
    What I did blocks all computers, even this one I want to be allowed to print.
    I agree, when I want other computers to be able to print, then I have to add other ACE to the ACL and allow these computers as well.
    I had the idea that the masks are wrong and set them to FFFFFFFFFFFF. This however allows all computers to print...
    Any other ideas
    Thanks in advance
    Leo

  • No internet access SG300

    Hello everybody,
    I am setting up a small lab (before I roll this out to production) and I as the subject of this discussion indicates, I don't have access to the internet from inside the configured vlans.
    Here is my setup
    Internet
       I
    Broadband Router (TrendNET TW100-S4W)  LAN IP: 192.168.77.1/24 - This will eventually be replaced with Sonicwall firewall TZ205
       I
       I           link to router using interface gi10
       I
    SG300-10P IP:192.168.77.254/24
       I
    VLANs 10, 20
    ip default-gateway 192.168.77.1
    VLAN Interfaces
    VLAN10: 192.168.10.254/24 - PROD
    VLAN20: 192.168.20.254/24 - FACULTY
    I am able to configure the VLANs and I am able to ping between them.
    So for example if I configure a PC on VLAN 10 with IP 192.168.10.4, it can ping a PC on VLAN 20 with an IP of 192.168.20.45
    From inside the switch, I can ping both of the above PCs, the router's LAN interface (192.168.77.1) AND the internet both by ip (8.8.8.8) and with dns resolution (www.google.com) 
    However, from each one of the above PCs on VLANs 10 & 20, I can also ping the switch's IP (192.168.77.254) BUT I CANNOT ping the router's LAN interface (192.168.77.1) nor the internet.
    I am using interface gi10 to connect both the SG300 and the router, any ideas as to what am I missing?
    I have attached the configuration file.
    Also, I have been reading about changing the native vlan from 1 to something else. Is this recommended why/why not and what is the process to do this?

    Hi Robert, you need a static route on your gateway device to point back to the switch SVI. Your modem box essentially has no idea where to send the traffic.
    -Tom
    Please mark answered for helpful posts

  • SG300 not authenticated in Configuration Assistant

    Hello, I am fairly new to the Cisco Switches and just recently received an SG300-28, I have changed it to L3 and setup the IP along with 3 LAGS and everything is working great, I am currently setting up 3 SG300-10P that will connect to the 28 and was hoping to use the Configuration Assistant but the switches will not Authenticate.  It eventually finds the main switch but always asks for as username and password for the "REALM ADMIN" which I am not sure what that is and then it says it can't Authenticate.  I have enabled Telnet and SSH but I am thinking I may have something set wrong or missed something.  I can Telnet into the switch and see the config and change the config but still no luck.
    Any help would be appreciatted.              

    Hi
    I also face the same issue.It woudl be really nice if oracle can help us on this error.
    Thanks in Advance!

Maybe you are looking for

  • Button inactive

    Hi guys , I 've a problem in message mapping, the button "Map Selected Fields and Substructures If names are identical" is always in grey , so I can't use it...Does anybody know why?

  • Working-Frame is empty

    Hello, I have a little problem with a JFrame. I have a function wich sends a Query to a Database. The result is displayed in a table. When this function works I want to display a frame with an animated gif wich shows, that the programm is still runni

  • Self-assigned IP (DHCP is not getting correct IP address)

    I just moved and got my internet connection not long ago. When the installation people were there, they tested the internet connection by plugging the ethernet cable directly to my girlfriend's macbook (one of those new white macbooks). It worked pre

  • Physical Security

    Dear All I'm looking for some advice and experience on the best way to physically secure an Xserve. My company's clients have strict data protection policies and we need to do whatever we can to prevent data loss. Hence we are looking at implementing

  • Conecting dv camcorder firewire versus usb2

    I use now a Sony digtal camcorder (8mm digitape). Now I want to buy a new generation Hard Disk camcorder. The most of them uses an USB2 connection.What is the best USB2 or firewire. Is there a difference between speed MB/sec? Can you connect a USB ou