SG300-20 & SF302-08
I have a small network of 130 computers including ip base devices. i have recently decided to shift my network to cisco manageable switches. So i have recently purchase 8 switches of 300 series. i have got training of catalyst switches like(2950,2960,3550,3560) series but these switches are nexus series.
Now i have a problem to configure following configurations.
1. VTP and displaying the vtp status.
i have applied these commands like to display status 'show vtp status' it displays unrecognized command. same way i am facing problem regarding vtp configuration.
2. Copyig flash to tftp server.
3. Displaying trunk configurations.
Guidance from any technical person will be highly appreciated.
Regards,
Majid Hussain
skype: abdulmajid.hashmi
email: [email protected]
Hello,
The 300 series switches support scriptable command line interface called 'Textview'.
300 series Admin Guide
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
300 series CLI Guide
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_Nikola300_1_3_7.pdf
Cisco Small Business Support Center Contacts (Toll free Phone Support)
http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
Thanks.
Yiu Kay Lee
Concentrix at Cisco
.:|:.:|:. CISCO | Yiu Kay Lee | SMB Pre-Sales | [email protected] | Phone +1 (855) 354-7776
Similar Messages
-
Sg300 - 802.1x NPS - mac authentication not working
I configured 802.1x on a sg300 switch. It is working very well with some Windows 7 machines and a Windows Server 2008 NPS server.
Now I tried to get the MAC authentication running, on a 3850X it is working without problems, but every access request sent from the SG300 is declined.
My current port configuration on the SG300:
interface fastethernet1
dot1x guest-vlan enable
dot1x max-req 1
dot1x reauthentication
dot1x timeout quiet-period 10
dot1x authentication 802.1x mac
dot1x radius-attributes vlan static
dot1x port-control auto
switchport mode access
On the Windows NPS server there is following error to see:
Authentication Details:
Connection Request Policy Name: Secure Wire
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: myradius.local
Authentication Type: -
EAP Type: -
Account Session Identifier: 30353030399999
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
There is compared to the message from the 3850 the authentication type missing (PAP) and a not very helpful error message displayed...Still not working.
I tried different settings and (also older) software versions on the SF302-08P.
Also started to change the settings on the NPS (though it is working with the 3850X!), without success.
The NPS reports following error:
Schannel:
The following fatal alert was received: 40.
EventID 36887
If I search for this error, every source is pointing to certificate errors, but there should not be any certificate involved?!
... is this a bug on the SF302-08P? -
Cisco SF302-08P (SRW208P-K9-NA) Support for Cisco IP 7942 Phones
Hi All,
I am looking at quoting the SF302-08P for a client which will have three small offices interconnected via single mode fiber. I am planning on connecting them to a 3560 switch. Each office will have no more than 3 - 7942 phones. I reviewed the notes on this switch and it seems it should support this phone type without any issues. Could you advise if you have run into any support/reliability issues with this switch and the 7942s?
Thank You,Hi RevereORL,
My concern is there are;
slight nuances or differences between the CLI configuration on the SG300 compared to the Catalyst range.
I am also very very slightly concerned about post sales support interaction between TAC and SBSC, but these days there is much more cross talking between these two support groups.
Different SFP SKU's for fiber connectivity GLC- series for catalyst and MGB series on 300, even though I have no issue with plugging the GLC SKU's into my 300 series product.
The SF302-8P has a POE budget defined as 62W across all 8 ports or 62watts / 8 ports= 7.75 approx watts that can be drawn from each port.
With the software upgrade to 1.1.1.8 the 300 series now also supports pre-standard POE as well as the 802.3af, power should not be a issue..
I guess the beauty of buying from a distributor, and keeping the packaging, is that your can validate your application.
Give it a try,.
regards Dave -
SG300-28 switch in boot loop after firmware upgrade
After performing a firmware upgrade on an SG300-20 switch from ver 1.1.0.73 to 1.2.5.70 the switch now boots up with the following error and resets:
30-Aug-2011 10:47:33 %L1Mngr-F-PARAMTOOLONG: csco-sb parameter %s is too long.
The attached file contains a full output of the console boot process.
I have tried loading different versions from the console, but all produce the same error.
Has any one any idea how to resolve this issue?
Thanks
DesHello Tom, Thanks for your reply,
I had done the process before with the 3 firmwares offered in the cisco website. I did it again, and i get a boot loop again, with following error:
%L1Mngr-F-PARAMTOOLONG: csco-sb parameter serialNo is too long.
Any ideas?
Thank you,
Nico
Console
Startup Menu
[1] Download Software
[2] Erase Flash File
[3] Password Recovery Procedure
[4] Set Terminal Baud-Rate
[5] Stack menu
[6] Back
Enter your choice or press 'ESC' to exit:
Downloading code using XMODEM.
-- Download complete --
Calculating file's checksum...OK
Erasing FLASH ->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Writing to flash 0x6aa500 records...
Setting checksum: 0x350925f6 , Address: 0x0
OK.
Flash programming success.
Perform WARM BOOT ...
Boot1 Checksum Test...............................PASS
Boot2 Checksum Test...............................PASS
Flash Image Validation Test.......................PASS
BOOT Software Version 1.0.0.4 Built 08-Apr-2010 16:37:57
Networking device with Marvell ARM CPU core. 128 MByte SDRAM.
I-Cache 16 KB. D-Cache 16 KB. L2 Cache 256 KB. Cache Enabled.
MAC Address : 58:35:d9:96:7f:5d.
Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom.
Preparing to decompress...
100%
Decompressing SW from image-1
100%
OK
Running from RAM...
Board ID is 22
Device ID 0xdf5111ab
*** Running SW Ver. 1.2.7.76 Date 19-Jul-2012 Time 17:54:43 ***
HW version is V
Base Mac address is: 58:35:d9:96:7f:5d
Dram size is : 128M bytes
Dram first block size is : 101376K bytes
Dram first PTR is : 0x1900000
Dram second block size is : 4096K bytes
Dram second PTR is : 0x7C00000
Flash size is: 16M
19-Jul-2012 17:54:46 %CDB-I-LOADCONFIG: Loading running configuration.
19-Jul-2012 17:54:47 %CDB-I-LOADCONFIG: Loading startup configuration.
Device configuration:
Slot 1 - SF302-08MP
Device 0: GT_98DX1005 (AlleyCat)
-- Unit Standalone --
Tapi Version: v1.9.5
Core Version: v1.9.5
19-Jul-2012 17:55:02 %L1Mngr-F-PARAMTOOLONG: csco-sb parameter serialNo is too l
ong.
***** FATAL ERROR *****
Reporting Task: ROOT.
Software Version: 1.2.7.76 (date 19-Jul-2012 time 17:54:43)
***** DEBUG *****
DEBUG LOG IS EMPTY
0x16a614
0x167054
0x6bdc18
0x490518
0x4959e4
0x495bac
0x815674
0x816b10
0x817e64
0x1d51e8
0x1cb010
0x121d3c
***************** SYSTEM RESET ***************** -
How do I access the web utility with model cisco sf302-08p ?
Hi,i have a problem with the model Cisco SB SF302-08PP Switch , i connect a cable rj45 to my pc and configure the adapter local area connection (ip address:192.168.1.252), the LEDs blink green, and go to the address bar and get the IP by default, which according to the manual is 192.168.1.254 and the result is: page not found. Is there any way to change the web utility? How do I access the web utility?
restore the switch by holding more than 30 seconds and try accessing with ip 192.168.1.254. username and password is "cisco". before change your base ip to 192.168.1.2-253.try to ping and check the connectivity
-
SG300 ssh strange error: "A client is already connected"
Hi,
I've got a few SG300-52 switches running software version 1.3.0.62 which I configured for ssh management access with public key authentication via:
ip ssh server
ip ssh pubkey-auth auto-login
username mgmt password ... privilege 15
crypto key pubkey-chain ssh
user-key mgmt rsa
key-string ...
This is working fine if I connect interactively from my management system with:
ssh -i mgmt_id_rsa mgmt@switch
where mgmt_id_rsa is the name of a file containing the private key.
I get a privileged command prompt as intended, without being asked for a password.
However if I try to pass a command on the ssh command line like this:
ssh -i mgmt_id_rsa mgmt@switch show version
the command just hangs until I hit the Enter key a second time, and then emits the strange message:
Received disconnect from 10.11.12.13: 2:
A client is already connected
(Exactly like that, including the line break after the "2:" and the blank before "A client".)The same happens if I pipe the command I want to send into ssh like this:
echo show version | ssh -i mgmt_id_rsa mgmt@switch
except the error message appears immediately and I don't have to hit Enter a second time.
This is unfortunate as the objective of the whole exercise is to send commands to the switch from a script.
Can anyone shed some light on why this is so? What is that strange message "a client is already connected" trying to tell me? Is that another bug in Cisco's ssh implementation? Ideas for a workaround, anyone?
Thanks,
Tilman
PS: I already asked that question over in the "big business" support community before noticing there's a separate small business section, but got no answer there.
PPS: The real objective of the exercise is to make scripted backups and updates of the switches' configurations, ie. what would be naturally expressed as
scp -i mgmt_id_rsa mgmt@switch:running-config /var/backup/switch.config
and
scp -i mgmt_id_rsa /var/conf/switch.configchange mgmt@switch:running-config
except it doesn't work that way because the SG300's ssh server lacks scp support. Trying to replace that by
ssh -i mgmt_id_rsa mgmt@switch copy running-config scp://server/var/backup/switch.config
and
ssh -i mgmt_id_rsa mgmt@switch copy scp://server/var/conf/switch.configchange running-config
led me straight to the problem above. Just in case someone feels inclined to ask the standard forum question: "Why do you want that anyway?" :-)Hi all,
I've improved my expect script a bit to:
allow specifying the SSH user and keyfile on the command line
allow sending configuration mode commands
correctly handle very long commands (line wrap) and commands producing no output
Extended usage:
ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa -c "ip ssh-client username memyself"
ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa "copy scp://myserver/workdir/myswitch.configchange running-config"
The "new and improved" script:
#!/usr/bin/expect
# Script to run an IOS command on a Cisco Small Business Switch via ssh
# Prerequisites:
# - Cisco Sx300 series switch with software version 1.3 or later
# - public key authentication with auto-logon configured
# Usage:
# ciscosb-exec [] [@]
# Args:
# username on switch
# name or IP address of switch
# command string to execute
# Options:
# -c execute in configuration mode
# -i use SSH private key from
# -d activate debugging output
# Result:
# Switch response will appear on stdout
# debug switches
log_user 0
exp_internal 0
# configurable values
set sshcmd "/usr/bin/ssh -c aes192-cbc"
# end of configurable values
# below matches prompts such as "switch#", "switch>", "switch$"
set prompt "\[>#$\]\ *$"
# getopt implementation snarfed from http://www2.tcl.tk/17342
proc getopt {_argv name {_var ""} {default ""}} {
upvar 1 $_argv argv $_var var
set pos [lsearch -regexp $argv ^$name]
if {$pos>=0} {
set to $pos
if {$_var ne ""} {
set var [lindex $argv [incr to]]
set argv [lreplace $argv $pos $to]
return 1
} else {
if {[llength [info level 0]] == 5} {set var $default}
return 0
# parse command line
set configmode [getopt argv -c]
getopt argv -i idfile
if {[getopt argv -d]} {
log_user 1
exp_internal 1
if {[llength $argv] != 2} {
send_user "Usage: ciscosb-exec \[\] \[@\] \"\"\n"
send_user "Arguments:\n"
send_user " target username (default: current user)\n"
send_user " target host name or IP address\n"
send_user " command string to execute\n"
send_user "Options:\n"
send_user " -c execute in configuration mode\n"
send_user " -i use SSH private key from \n"
send_user " -d activate debugging output\n"
exit 1
set target [split [lindex $argv 0] @]
if {[llength $target] == 1} {
set device [lindex $target 0]
set userid "$env(USER)"
} elseif {[llength $target] == 2} {
set userid [lindex $target 0]
set device [lindex $target 1]
} else {
send_user "bad target: [lindex $argv 0]\n"
exit 1
set command [lindex $argv 1]
if {[info exists idfile]} {
set sshcmd "$sshcmd -i $idfile"
eval "spawn $sshcmd -l $userid $device"
match_max [expr 32 * 1024]
# handle initial noise
set timeout 20
while { 1 } {
expect {
# command prompt
-nocase -re "$prompt" {break}
# confirmations (unknown fingerprint etc.)
-nocase -re "\\(yes/no\\)" {send "yes\r"}
# username prompt
-nocase -re "name:|^login:" {send "$userid\r"}
# password prompt
-nocase -re "word:" {send_user "Public key authentication failed\n"; exit}
# errors
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connect failed: $expect_out(buffer)\n"; exit}
# disable terminal formatting junk
send "terminal datadump\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
send "terminal width 0\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
# switch to desired mode
if {$configmode} {
send "configure terminal\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
# actual command may take a long time
set timeout 180
send "$command\r"
expect {
# skip command echo
-re "$command\[\r\n\]*" {exp_continue}
# answer confirmation request
-nocase -re " \\(Y/N\\).*\? *$" {
# send confirmation, skip echo
send "Y"
expect -re "Y\[\r\n\]*"
exp_continue
# collect response, excluding next prompt
-re "\r\n" {send_user "$expect_out(buffer)"; exp_continue}
-nocase -re "$prompt" {send "exit\r"}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
set timeout 20
expect {
# second exit needed for logging out from configuration mode
-nocase -re "$prompt" {send "exit\r"}
timeout {send_user "Timeout waiting for hangup\n"; exit}
eof {exit}
expect {
-nocase -re "$prompt" {puts "Failed to log out, disconnecting"; exit}
timeout {puts "Timeout waiting for hangup"; exit}
eof {exit}
HTH
Tilman -
SG300-10 (1.4.0.88) Layer-3 Mode
I'm having an issue getting my SG300-10 into Layer-3 mode. I had it in Layer-3 mode under version 1.3.7.18, performed a factory reset by holding down the hard-reset button for 10 seconds. Updated boot loader to 1.3.5.06 and SW Firmware to 1.4.0.88.
switchc4f42e#sh ver
SW version 1.4.0.88 ( date 06-Aug-2014 time 16:55:55 )
Boot version 1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version V02
Now I cannot find the option to switch it back into Layer-3 mode. There is no "menu" option at the console (serial).
switchc4f42e#
boot Boot Commands
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
copy Copy from one file to another
crypto Cryptographic commands
debug-mode Exit from the EXEC to debug mode
delete Delete a file from the flash file system
dir Display the list of files on the flash file system
disable Disable privileged commands
dot1x 802.1x EXEC commands
errdisable Err-Disable shutdown commands.
exit Exit from the EXEC
green-ethernet Green ethernet commands
help Description of the interactive help system
ip Global IP configuration commands
login Exit from the EXEC and Log in
macro Ports macros
more Display a file
no Negate command
ping Send echo messages.
reload Halt and perform a cold restart
rename Rename a file
renew Renew DHCP address
resume Resume telnet session.
set Set System Parameters
show Show running system information
telnet Open telnet session.
terminal Set current session functions
test diagnose
traceroute Discover the routes to destination.
write Write running configuration to memory or terminal
switchc4f42e#menu
% Unrecognized command
switchc4f42e#
What do I need to do to get this switch back into Layer-3 mode?Never mind, I found it ....
switchc4f42e#set system mode router
Changing the switch working mode will *delete* the startup configuration file and reset the device right after that. It is highly recommended that you will backup it before changing the mode, continue ? (Y/N)[N] Y -
My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
Workstation A (Wired)
172.16.1.2/24
Server B (Wired)
172.16.1.3/24
VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
Server C (Wired)
172.16.2.2/24
Server D (Wired)
172.16.2.3/24
Server E (Wired)
172.16.2.4/24
Server F (Wired)
172.16.2.5/24
VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
Laptop G (Wireless)
DHCP via Router
Laptop H (Wireless)
DHCP via Router
Laptop I (Wireless)
DHCP via Router
Wireless Router
192.168.1.254/24
Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
So my questions are:
1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
2) Is VLAN 3 really necessary?
3) What would I need to do, to get the 3 VLANs communicating with each other?
4) What should the gateway be, to get VLAN 1 internet access?
5) What would I need to do, to expose Server B services to the outside?
6) What static routes do I need to add?
Thanks in advance!
JerHello Jeremy,
Thank you for your interest and patience.
You are on the right track here. However, several important changes must be made. Consider the following concepts:
The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
In this scenario, a SG300-10 is configured with 3 VLANs:
VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
Subnet IP Mask Gateway Interface
192.168.2.1 255.255.255.0 192.168.1.254 (SG-300 IP Interface) LAN
192.168.3.1 255.255.255.0 192.168.1.254 (SG-300 IP Interface) LAN
As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
Do not hesitate to contact us. We are always happy to help.
All the best,
-David Aguilar
Cisco Small Business Support Center
1-866-606-1866 -
Communication problem between Cisco 3560 and Cisco SG300.
Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan. -
ASA5505 - SG300 VPN site2site problem
Hello,
I have a problem with a site2site VPN between a SG300 and an ASA5505. On the SG300 we have two internal connected networks, the second one is an alias. The VPN goes up and works correctly for hours or even for days. Then I don't know why, for some reason, the VPN is up but works only for one of the two networks. When the users try to connect I get this error on the ASA: ASA-7-710006: ESP request discarded from SG300PubblicInterface to outside:ASAPubblicInterface. To solve this problem I have to restart the VPN or make a ping from the ASA's LAN to the SG's LAN that isn't working. We have other VPNs on both firewalls that work correctly. ASA's Software Version is 8.0(3). I saw that I'm not the only one having this problem but nobody found the right answer...Hi Vinay,
As per your below config
crypto map vpnmap 10 match address vpnfr
crypto map vpnmap 10 set peer 193.242.9.126
crypto map vpnmap 10 set transform-set myvpn
crypto map vpnmap 20 ipsec-isakmp dynamic dynmap
crypto map vpnmap 30 match address vpnsing
crypto map vpnmap 30 set peer 203.126.186.226
crypto map vpnmap 30 set transform-set myvpn2
crypto map vpnmap 40 match address vpnbl
crypto map vpnmap 40 set peer 61.8.153.122
crypto map vpnmap 40 set transform-set myvpn2
crypto map vpnmap 50 match address vpnde
crypto map vpnmap 50 set peer 61.8.129.170
crypto map vpnmap 50 set transform-set myvpn2
crypto map vpnmap interface outside
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 193.242.9.126
crypto map outside_map 1 set transform-set ESP-3DES-SHA
vpnmap is your original crypto map if this is the crypto map its applied to oustide interface which is correct
now if you have added a new crypto map say " outside_map" its not going to work as we can only apply one crypto map per interface i dont see any resundant ISP on the config so i suppose the crypto map
"outside_map" might be the newly added crypto map if that is true please try below config changes and let me know if it helps
=============================================================
crypto map vpnmap 60 match address outside_1_cryptomap <<<<
crypto map vpnmap 60 set pfs <<<<<<<<<<<<<<<<<<<<<<<<<
crypto map vpnmap 60 set peer 193.242.9.126
crypto map vpnmap 60 set transform-set ESP-3DES-SHA
===============================================================
make sure the crypto acl "outside_1_cryptomap" is mirrored on the remote end and you also have PFS enabled on remote end
Thanks
Rohan -
No internet access on VLANs with RV042G and SG300
I'm trying to set up a network for a small business which will have different offices, and so I want to separate them all by VLAN so that they cann't access each other's files. The problem is that I can't access the internet from any of the VLANs, including the default.
The RV042G router is connected to the internet through the WAN1 port and has a static IP address of 10.4.1.1. I enables multiple subnets and added one for each of the VLANs (1 - admin, 10, 20, 30, 100 - guest). I also created static routes to the SG300 switch, which has an IP address of 10.4.1.2, 10.4.10.2, etc. The switch is in Layer 3 mode and is functioning as the DHCP server. I also have a wireless access point set up that broadcasts an SSID for each VLAN, however this is not the issue since no internet connection can be established wirelessly or with a wired connection.
I am fairly certain it has something to do with the data not being correctly routed through from the internet to the client, however I can't seem to find what is configured incorrectly. If anyone could offer some suggestions it would be appreciated. Please let me know if you need more info, I have attached some of the configuration screens for reference.Hi Paul,
Thanks for the suggestion, but I changed it from Gateway to Router and this didn't fix the problem, still no internet access.
I have a cabel modem box that connects to the RV042G through WAN1, and then the RV042G connects to the SG300 through port 1 on the RV042G. On the RV042G, this port is set to VLAN1, while the port on the SG300 is set as a trunk port. The SG300 is then assigning IP addresses to the clients. It has 4 different VLANs created that go to different offices. Does this help you understand the setup any better? -
Two questions about SG300 DHCP server
Hi,
I have two questions about the DHCP server on the SG300:
On the Address Binding page, what does the "Declined" state mean? I have a NAS device that won't pull an address, and I think that the entry with a state of "Declined" corresponds to this device. It was previously pulling an address from a RV180, so the only difference is that it is now connected to the SG300. I worked around this by manually setting the address on the NAS device, but this won't scale if I run into a lot of other devices that can't pull an address.
I configured a static address binding for a WAP321 and found that instead of pulling the configured address that it pulled a dynamic address. I checked the Address Binding page and see that the dynamic entry that corresponds with the WAP321 has a Client Identifier rather than a MAC address. I changed the static entry for the WAP321 to use the client identifier displayed in the dynamic entry, and now the WAP321 pulls the configured static address. Is this expected behavior?
Thanks,
BobWith the SX300/500 it is required the client identifier, it doesn't automatically insert it. If static DHCP is made on the switch and you didn't need client identifier, that is more or less fortunate behavior for you
So to answer this question, the expected behavior is to configure client identifier for static DHCP entry.
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/ -
How do I get from a menu at login to CLI on a SG300-28 Switch?
I have a SG300-28 and would like to configure through CLI not menu. How do I get to Cli from Menu?
I am running Boot version 1.0.0.4 and SW version 1.0.0.27, Do I need to upgrade both boot and SW or Just SW?Hi rod3,
Typically SSH/Telnet is disabled by default on devices. In order to activate it you will need to go through the WEB GUI to Security > TCP/UDP Services and check the boxes that say SSH or Telnet then click apply.
Then using a Terminal program of your choice you can connect to the switch and configure it. Be advised that the CLI is not exactly the same as regular IOS.
-Trent Good
** Please rate useful posts! ** -
Not able to get the all connected mac address with snmpwalk on sg300-28
am having SG300-28 switch, I am using Opennms to monitor it, but somehow the snmpwalk on the switch is not returning me the whole mac table.
the command i am using is snmpwalk -v 2c -c pex 192.168.x.x .1.3.6.1.2.1.4.22.1
the output is
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.6 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.23 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.30 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.6 = Hex-STRING: 76 6B E9 2E xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.23 = Hex-STRING: 74 D4 35 CF xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.30 = Hex-STRING: 50 46 5D 06 xx xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.6 = IpAddress: 192.168.x.x
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.23 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.30 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.6 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.23 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.30 = INTEGER: 3
it's showing me the three nodes but actually there are 10 nodes connected, anyone having Idea what is wrong?
Regards,
Deepakam having SG300-28 switch, I am using Opennms to monitor it, but somehow the snmpwalk on the switch is not returning me the whole mac table.
the command i am using is snmpwalk -v 2c -c pex 192.168.x.x .1.3.6.1.2.1.4.22.1
the output is
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.6 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.23 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.1.100014.192.168.3.30 = INTEGER: 100014
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.6 = Hex-STRING: 76 6B E9 2E xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.23 = Hex-STRING: 74 D4 35 CF xx xx
iso.3.6.1.2.1.4.22.1.2.100014.192.168.3.30 = Hex-STRING: 50 46 5D 06 xx xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.6 = IpAddress: 192.168.x.x
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.23 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.3.100014.192.168.3.30 = IpAddress: 192.168.x.xx
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.6 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.23 = INTEGER: 3
iso.3.6.1.2.1.4.22.1.4.100014.192.168.3.30 = INTEGER: 3
it's showing me the three nodes but actually there are 10 nodes connected, anyone having Idea what is wrong?
Regards,
Deepak -
Using SG300 directly as a router?
Hello, I am building a new home with several Cat6 ethernet ports wired throughout (at least one to each room) and I want to connect them all through a rock-solid reliable gigabit switch like the SG300 or SG200. I am also going to use wireless N (something like the E4200) but I would prefer not to use the wireless device as the router since I want a solid, reliable connection from my ethernet-connected devices and the Internet and I honestly don't trust consumer-level devices like the E4200 to be reliable without dropping my connection. I have computers that need a constant VPN connection and I have other computers that do bittor...umm, network intensive activity that usually bring wireless routers to their knees
So what I would really like is to connect the internet cable modem (Ubee) directly to the business-class switch (SG300 or SG200), and have that business-class switch do the routing and NAT to my entire network, and I'd just use the E4200 as a wireless access point. I'm not a network admin and the idea of the CLI scares me, but I can probably use it to at least switch the SG300 to Layer 3 mode...that looks simple enough. I'd definitely want to use a web GUI for everything else. From what I've read, the SG200 is a Layer 2 device so it couldn't be used as a router, but can the SG300 in Layer 3 be used as a router connected directly to the cable modem? Will it support NAT and UPnP and all of the other features that the E4200 would (minus the wireless of course)? For example one thing I will want is to be able to have multiple XBoxes connected to the switch all with an "Open NAT".
If the SG300 can't do this, what's the best rock-solid business class device that I can connect directly to the cable modem that will support things like UPnP and NAT?
Thanks everyone in advance for their advice!Hi Alan,
Interesting comment "'ll probably be moderated for this"
When this community was setup years ago, I recall that the moderators for this segments said they wouldn't censor.
There were a few exceptions, unless you were rude and used foul language or were obviously demented.
So you can have your say.
Plenty of contributors , probably including myself may be moving towards demented in our thoughts. But until we all get really loony Alan, your free to say what you want. II's all healthy discussion.
I have seen many "interesting' posts but I suspect your post will remain for years to come. Once on the Internet, our comments and discussions are left to embarrass us for years to come.
regards Dave.
Maybe you are looking for
-
BAPI_SALESORDER_SIMULATE can be used in case of Sales Order Change?
Hi All, I'm using FM 'BAPI_SALESORDER_CHANGE' to update sales order. It's working fine even multiful item (delete, add, changing item). But I need to give simulated information to SAP portal before changing Sales order. This 'BAPI_SALESORDER_SIMULATE
-
Legal control error while doing Vendor return
Hi, While doing vendor return Delivery , I am getting error that material cannot be copy because of Legal Control
-
Hello, I have deleted user into UPS, however its still being display in people search. I believe search crawl will delete the information from people search - However I am not sure whether its correct approach to run delete information from people se
-
Photoshop CS3 Not Reading CR2 files ( Suddenly stopped reading!)
Hi All... I have been using photoshop CS3 for years now to work on CR2 Camera Raw formats ( Canon 40D). After months of not working on any photos now that i try to open any CR2 file i receive the message that says : "Photoshop Does
-
Hello, I have to write a WebLogic realm that ist based on a backend like this one: public interface UserContainer { public boolean containsUser (String userName, String password); i.e. the backend contains a number of users, represented by (username,