SG300-20 help...

Similar Messages

• Replacing 3COM 4500 switches with SG300-52 - help

  I'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. I was hoping someone might know what settings i should set on the Cisco for the following setups:
  3COM Setup
  interface GigabitEthernet1/0/1
  port link-type hybrid
  port hybrid vlan 10 tagged
  port hybrid vlan 1 20 100 untagged
  port hybrid pvid vlan 100
  My Cisco Translation
  interface gigabitethernet1
  switchport mode general
  switchport general allowed vlan add 10 tagged
  switchport general allowed vlan add 20,100 untagged
  switchport general pvid 100
  exit
  and one other example i'm curious if i set right..
  3COM Setup
  interface GigabitEthernet1/0/48
  port link-type trunk
  port trunk permit vlan all
  port trunk pvid vlan 100
  My Cisco Translation
  interface gigabitethernet51
  switchport trunk allowed vlan add 10,20
  switchport trunk native vlan 100
  exit
  Trying these settings I am not able to get any devices to work on the switch so i'm guessing i have something not setup correctly. Any help would be greatly appreciated..
  THanks,
  Chris

  Chris,
  Compared to your 3com switches yes the commands you currently ran are comparable. The reason it’s not working is a bigger question and we need a complete picture. First we need a topology(detailed as possible) of your network and details on how things need to work/setup? Then we can set up accordingly to the devices on your network. For quicker resolution call into the SBSC @ 1-866-606-18666 and open a support case .
  Thanks,
  Jasbryan

• Sg200-sg300 vlan help

  I am experimenting with a setup carrying vlan's to other parts of a building through switches.
  My current config doesn't work. Anyone care to lend some brainpower?
  Here is a crude drawing. https://dl.dropboxusercontent.com/u/45775353/nc-vlan-lab.pdf
  Basically I want to give devices access to Vlan's 10,20, and 30 on another side of the building. We have LAG groups tagged with each vlan going to each switch. On the final switch we are using general instead of trunk port settings for the last mile to the wap.
  I tried it with access, and ingress filtering on/off. Nothing worked.
  I am obviously missing something.

  It would be nice if they showed you all the memberships in the same screen. It does look like that for the LAG group.

• SG300-28 IP Helper Address

  I have learned that by default the ip helper-address will forward the following 8 udp ports
  UDP PORT
  Common Name.
  69
  TFTP
  67
  BOOTP Client
  68
  BOOTP Server
  37
  Time Protocol
  49
  TACACS
  53
  DNS
  137
  NetBios
  138
  NetBios Datagram
  But when I check in cisco SG300-28, only port 37, 42, 49, 53,137 and 138 are in the forwarded list. Does it mean we cannot use ip helper-address to relay DHCP request? Please advise

  Hi Blue, you cannot. The DHCP relay function is designed for that. Therefore it is reserved for that function of the switch.
  -Tom
  Please mark answered for helpful posts

• SG300 Vlan IP-Helper Address issues

  hi,
  I am trying to set a ip-helper address on my sg300 though getting the following.
  DNSWITCH01#configure
  DNSWITCH01(config)#interface vlan2
  DNSWITCH01(config-if)#ip helper-address 192.168.1.1
  % missing mandatory parameter
  DNSWITCH01(config-if)#DNSWITCH01#
  DHCP server is server 2008 R2 and the range is active for that vlan and can route to vlan and devices set statically fine

  Hi Konrad, DHCP cannot be used for IP helper since the switch has a DHCP-RELAY service.
  -Tom
  Please mark answered for helpful posts

• SG300 Help

  Working with an SG300 and an internet feed from a router with DHCP 192.168.0.x. 
  4 devices in a video control system that I need to restrict the network traffic to only their own communication for stability.  One of those devices has its own DHCP server that serves devices on the network 192.168.0.x I do not want them on a network that has internet or any other devices to cut down on traffic. 
  I have a computer as well as an iPad.  The computer will be hardwired and the iPad will access the network via an access point.  These machines do need to be in the internet as well as the ability to send commands to the 4 control system devices.  I currently have it all on one network with no internet and I am able to see the video control devices and bring up their embedded web control interfaces, ping them, and control them via tcpip commands.
  Here is my idea but need help "bridging the gap".
  2 vlans
  One with my four control system devices on it no internet connection
  The second with the internet feed, access point, and any hardwired computers that need to see internet.
  My issue is how do I now send commands and view the video control devices embedded web control pages on the other vlan?  Can I do that with the SG300-20?
  Thanks in advance.

  I would go modem > ASA > SG300. The SG300 should have a default route to the ASA and the ASA will need routes for each subnet pointing back at the SG300 so it knows how to get back. Hopefully that will help you in some direction.

• Firewall/VPN Model-SG300 Cyberguard after configuration internet working very slow....please help me...

  HI FRIENDS,
  i have one firewall model number sg300 i configured each and everything
  but after configuration internet working very slow.if i want to open any website it is taking 5 min .i connected
  my lease ling directly in this device.
  please help me....
  Thanks,
  Madhukar 

  Hi Madhukar,
  It seems that it is not a hyper-v issue .
  For troubleshooting this please use your computer to access internet directly (without firewall ).
  If it works well , you may go over the configuration of the firewall .
  Also you can contact the hardware vendor .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• VLAN help SG300

  I've successfully setup a VLAN but....
  From 192.168.1.x I can ping everything on 192.168.50.x
  Inside of VLAN 50 ports 5&6 both the laptop and the nas server can talk to 192.168.50.1.
  From 192.168.1.x I can access all of the 192.168.50.1 resources.
  Inside VLAN 50 I can ping 192.168.50.1 but cannot access anything else inside the VLAN or out.
  From the laptop 192.168.50.100 I cannot ping 192.168.50.50 (NAS) but I can ping the 192.168.50.1 gateway. I cannot ping any internet addresses.
  New guy learning VLANS here. Any ideas why this is happening?

  Hello,
  Im glad that you were able to get it to work.
  In regards to your questions:
  1- How do I benefit doing this layer 2 as you suggest as opposed to doing it layer 3? It depends on your configuration, the switch, even on layer 3 won't do NAT so it won't be able to take PC's out to the internet, which means that you have to do a lo more configuration than if you just use a router and the switches on layer 2.
  2- My understanding is that layer 3 is more efficient than layer 2 unless that is wrong. I don't know. Again, this is not a "One size fits all" type of configuration, depending on the amount of traffic, you may want to keep the local traffic restricted to the switch, which usually is more powerful than the router and just send the internet traffic (more lightweight) to the router.
  3-If I was using a 3rd party firewall that doesn't have the Inter VLAN setting and does not support VLANS wouldn't I be suck going layer 3 to make all of this work? Yes, if you have a router that is not VLAN capable, then you will definitely have to configure your switch on layer 3 to route the VLANS and only use the router as your Gateway to the internet.
  I hope this was helpful.
  Please remember to mark an answer as correct if it was helpful to you so that other members can benefit from it.

• Need basic Help - SG300 with vlan and routing

  Hi,
  i need some basic help with configuring vlan/routing.
  Situation:
  DSL Router - Cisco 300 - XenServer
  192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
  goal is, to reach from inside xenserver vms the internet.
  vms = 192.168.2.x
  gateway ip = 192.168.2.1
  what i did:
  - configured vlan 102, tagged, with the xenserver port
  - configured on xenserver a network with vlan id 102, attached to the vm
  - this network is conntected to an external bond
  - configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
  - automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
  So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
  any ideas what i misconfigured or whats wrong?
  cheers,
  -Marco

  Hi Tom,
  ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
  But i cant ping external adresses, error: Destination net unreachable.
  My other problem i have, i cant reach any server from outside over router portforwarding.
  How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
  port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
  IPv4 Interface Table
  Interface
  IP Address Type
  IP Address
  Mask
  Status
  VLAN 1
  Static
  192.168.1.19
  255.255.255.0
  Valid
  Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
  the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
  when switching to layer 3 mode), but ive to look for the ios commands first.
  What else do i missing ?
  Thanks a lot,
  Marcus

• Alternative Transceiver MGBSX1 for SG300-28SFP-K9-UK switch ? Need your help..

  In Bangladesh, someone from Cisco has said that "MGBSX1" transceiver for "SG300-28SFP-K9-UK"  is not available right now though I have not find out this kind of eol in the Cisco Web portal.
  Can somebody suggest me alternative transceiver and ensure me the information is right or wrong ?
  I have searched many times but not found any alternative.
  Thanks in advance..
  Jamshed Uddin

  Hi Jamshed,
  The MGBSX1 Transceiver is not EOL. You can purchase these online from Amazon, CDW ,NewEgg, TigerDirect or any Cisco reseller.
  Regards,
  Chris

• SG300-10 (1.4.0.88) Layer-3 Mode

  I'm having an issue getting my SG300-10 into Layer-3 mode.  I had it in Layer-3 mode under version 1.3.7.18, performed a factory reset by holding down the hard-reset button for 10 seconds.  Updated boot loader to 1.3.5.06 and SW Firmware to 1.4.0.88.
  switchc4f42e#sh ver
  SW version    1.4.0.88 ( date  06-Aug-2014 time  16:55:55 )
  Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
  HW version    V02
  Now I cannot find the option to switch it back into Layer-3 mode.  There is no "menu" option at the console (serial).
  switchc4f42e#
    boot                 Boot Commands
    clear                Reset functions
    clock                Manage the system clock
    configure            Enter configuration mode
    copy                 Copy from one file to another
    crypto               Cryptographic commands
    debug-mode           Exit from the EXEC to debug mode
    delete               Delete a file from the flash file system
    dir                  Display the list of files on the flash file system
    disable              Disable privileged commands
    dot1x                802.1x EXEC commands
    errdisable           Err-Disable shutdown commands.
    exit                 Exit from the EXEC
    green-ethernet       Green ethernet commands
    help                 Description of the interactive help system
    ip                   Global IP configuration commands
    login                Exit from the EXEC and Log in
    macro                Ports macros
    more                 Display a file
    no                   Negate command
    ping                 Send echo messages.
    reload               Halt and perform a cold restart
    rename               Rename a file                  
    renew                Renew DHCP address
    resume               Resume telnet session.
    set                  Set System Parameters
    show                 Show running system information
    telnet               Open telnet session.
    terminal             Set current session functions
    test                 diagnose
    traceroute           Discover the routes to destination.
    write                Write running configuration to memory or terminal
  switchc4f42e#menu
  % Unrecognized command
  switchc4f42e#
  What do I need to do to get this switch back into Layer-3 mode?

  Never mind, I found it ....
  switchc4f42e#set system mode router
  Changing the switch working mode will *delete* the startup configuration file and reset the device right after that. It is highly recommended that you will backup it before changing the mode, continue ? (Y/N)[N] Y

• SG300-10 VLAN Questions

  My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
  VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
  Workstation A (Wired)
  172.16.1.2/24
  Server B (Wired)
  172.16.1.3/24
  VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
  Server C (Wired)
  172.16.2.2/24
  Server D (Wired)
  172.16.2.3/24
  Server E (Wired)
  172.16.2.4/24
  Server F (Wired)
  172.16.2.5/24
  VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
  Laptop G (Wireless)
  DHCP via Router
  Laptop H (Wireless)
  DHCP via Router
  Laptop I (Wireless)
  DHCP via Router
  Wireless Router
  192.168.1.254/24
  Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
  So my questions are:
  1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
  2) Is VLAN 3 really necessary?
  3) What would I need to do, to get the 3 VLANs communicating with each other?
  4) What should the gateway be, to get VLAN 1 internet access?
  5) What would I need to do, to expose Server B services to the outside?
  6) What static routes do I need to add?
  Thanks in advance!
     Jer

  Hello Jeremy,
  Thank you for your interest and patience.
  You are on the right track here. However, several important changes must be made. Consider the following concepts:
  The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
  The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
  However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
  Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
  The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
  In this scenario, a SG300-10 is configured with 3 VLANs:
  VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
  VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
  VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
  VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
  ip route      0.0.0.0      0.0.0.0      192.168.1.1
  The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
  However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
  Subnet IP               Mask                    Gateway                                              Interface
  192.168.2.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
  192.168.3.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
  As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
  Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
  Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
  Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
  Do not hesitate to contact us. We are always happy to help.
  All the best,
  -David Aguilar
  Cisco Small Business Support Center
  1-866-606-1866

• ASA5505 - SG300 VPN site2site problem

  Hello,
  I have a problem with a site2site VPN between a SG300 and an ASA5505. On the SG300 we have two internal connected networks, the second one is an alias. The VPN goes up and works correctly for hours or even for days. Then I don't know why, for some reason, the VPN is up but works only for one of the two networks. When the users try to connect I get this error on the ASA:  ASA-7-710006: ESP request discarded from SG300PubblicInterface to outside:ASAPubblicInterface. To solve this problem I have to restart the VPN or make a ping from the ASA's LAN to the SG's LAN that isn't working. We have other VPNs on both firewalls that work correctly. ASA's Software Version is 8.0(3). I saw that I'm not the only one having this problem but nobody found the right answer...

  Hi Vinay,
  As per your below config
  crypto map vpnmap 10 match address vpnfr
  crypto map vpnmap 10 set peer 193.242.9.126
  crypto map vpnmap 10 set transform-set myvpn
  crypto map vpnmap 20 ipsec-isakmp dynamic dynmap
  crypto map vpnmap 30 match address vpnsing
  crypto map vpnmap 30 set peer 203.126.186.226
  crypto map vpnmap 30 set transform-set myvpn2
  crypto map vpnmap 40 match address vpnbl
  crypto map vpnmap 40 set peer 61.8.153.122
  crypto map vpnmap 40 set transform-set myvpn2
  crypto map vpnmap 50 match address vpnde
  crypto map vpnmap 50 set peer 61.8.129.170
  crypto map vpnmap 50 set transform-set myvpn2
  crypto map vpnmap interface outside
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer 193.242.9.126
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  vpnmap  is your original crypto map if this is the crypto map its applied to oustide interface which is correct
  now if you have added a new crypto map say " outside_map"  its not going to work as we can only apply one crypto map per interface i dont see any resundant ISP on the config so i suppose the crypto map 
  "outside_map" might be the newly added crypto map if that is true please try below config changes and let me know if it helps
  =============================================================
  crypto map vpnmap 60 match address outside_1_cryptomap <<<<
  crypto map vpnmap 60 set pfs  <<<<<<<<<<<<<<<<<<<<<<<<<
  crypto map vpnmap 60 set peer 193.242.9.126
  crypto map vpnmap 60 set transform-set ESP-3DES-SHA
  ===============================================================
  make sure the crypto acl  "outside_1_cryptomap" is mirrored on the remote end and you also have PFS enabled on remote end
  Thanks
  Rohan

• No internet access on VLANs with RV042G and SG300

  I'm trying to set up a network for a small business which will have different offices, and so I want to separate them all by VLAN so that they cann't access each other's files. The problem is that I can't access the internet from any of the VLANs, including the default.
  The RV042G router is connected to the internet through the WAN1 port and has a static IP address of 10.4.1.1. I enables multiple subnets and added one for each of the VLANs (1 - admin, 10, 20, 30, 100 - guest). I also created static routes to the SG300 switch, which has an IP address of 10.4.1.2, 10.4.10.2, etc. The switch is in Layer 3 mode and is functioning as the DHCP server. I also have a wireless access point set up that broadcasts an SSID for each VLAN, however this is not the issue since no internet connection can be established wirelessly or with a wired connection.
  I am fairly certain it has something to do with the data not being correctly routed through from the internet to the client, however I can't seem to find what is configured incorrectly. If anyone could offer some suggestions it would be appreciated. Please let me know if you need more info, I have attached some of the configuration screens for reference.

  Hi Paul,
  Thanks for the suggestion, but I changed it from Gateway to Router and this didn't fix the problem, still no internet access.
  I have a cabel modem box that connects to the RV042G through WAN1, and then the RV042G connects to the SG300 through port 1 on the RV042G. On the RV042G, this port is set to VLAN1, while the port on the SG300 is set as a trunk port. The SG300 is then assigning IP addresses to the clients. It has 4 different VLANs created that go to different offices. Does this help you understand the setup any better?

• Two questions about SG300 DHCP server

  Hi,
  I have two questions about the DHCP server on the SG300:
  On the Address Binding page, what does the "Declined" state mean? I have a NAS device that won't pull an address, and I think that the entry with a state of "Declined" corresponds to this device. It was previously pulling an address from a RV180, so the only difference is that it is now connected to the SG300. I worked around this by manually setting the address on the NAS device, but this won't scale if I run into a lot of other devices that can't pull an address.
  I configured a static address binding for a WAP321 and found that instead of pulling the configured address that it pulled a dynamic address. I checked the Address Binding page and see that the dynamic entry that corresponds with the WAP321 has a Client Identifier rather than a MAC address. I changed the static entry for the WAP321 to use the client identifier displayed in the dynamic entry, and now the WAP321 pulls the configured static address. Is this expected behavior?
  Thanks,
  Bob

  With the SX300/500 it is required the client identifier, it doesn't automatically insert it. If static DHCP is made on the switch and you didn't need client identifier, that is more or less fortunate behavior for you
  So to answer this question, the expected behavior is to configure client identifier for static DHCP entry.
  -Tom
  Please mark answered for helpful posts
  http://blogs.cisco.com/smallbusiness/