SG300-28 SRW2024-K9-EU LACP Issue,
HI,
I am facing issue with relating to Link Aggregation (LACP), here with i have Discuss the details below,
I am tring to make the Two etherchannel setup with using Two SG300-28 Switches connected eachother, (As a stated given Diagram)
For ex, (Vlan-17,20,21,24,30) pass through One etherchannel
For ex, (Vlan-201,202,203 pass through Second etherchannel,
LACP Also i have kept enable for both the etherchannel,
After creating two etherchannel it is showing one etherchannel is ACTIVE and other one is showing STANDBY,
if i want to make both the etherchannel should work as ACTIVE than is it possible ?
if it is possible than please help me out for the configuration and if it is not possible than please guide me why it is made it like ?
Hi Robert,
You are right i can get that same features as you have stated in the post, but my problem is relating to LACP,
not STP,
See in my given diagram i have purposely kept the switch--1 as Root Bridge for all Vlans And Other it means Switch--2 is a Backup Root Bridge for All the Vlans, And also the Sw-2 Both the Ports i have kept as STP Block Port, as per the requiremnt i have done the configuration,
So now there is no any more problem with STP right, than also why its not creating Etherchannel as ACTIVE / ACTIVE Mode, and why it is not working as per the Design. if you have any solutions guide or examples guide for the LACP Configuration, than please share it,
Thanks for your Input,
Similar Messages
-
Nexus 2k to HP Server LACP issue
Hi,
We are having problems connecting our Nexus 2k to HP server ports in LACP mode (channel-group mode active).
The below is snippet from logs, before the port goes into suspended mode.
2013 Jun 7 17:14:21 PBR-core-1-PoC %LACP-FEX104-3-SYN_COLL_DIS_EN: WARNING: Potential Interop issue on [Ethernet104/1/7(0x1f670180)]: SYNC, COLLECT and DISTRIBUTE flags enabled too early by partner
ERROR: Cannot set/reset lacp suspend-individual for port-channel305 that is admin up
PBR-core-1-PoC(config-if)# 2013 Jun 7 17:14:41 PBR-core-1-PoC %ETH_PORT_CHANNEL-5-PORT_SUSPENDED: Ethernet104/1/7: Ethernet104/1/7 is suspended
2013 Jun 7 17:14:40 PBR-core-1-PoC %LACP-FEX104-5-LACP_SUSPEND_INDIVIDUAL: LACP port Ethernet104/1/7(0x1f670180) of port-channel port-channel305(0x16000130) not receiving any LACP BPDUs suspending (individual) port
Cisco: Nexus 7000 6.1.4 with N2K-C2248TP-1GE 6.1.4
->
HP Ethernet 1Gb 4-port 331FLR Adapter running Windows 2008 R2 sp1, Broadcom Driver Version : 15.4.0.19
Has anyone had success with LACP and this setup?
Cheers,
J-Dogg
HP Ethernet 1Gb 4-port 331FLR AdapterHi,
I'm not sure if you already found this, but the first error is documented, for the Nexus 5000 series at least in the System Messages and Recovery Procedures for the Cisco Nexus 5000 Family:
Error Message: LACP-3-SYN_COLL_DIS_EN: [chars] : SYNC, COLLECT and DISTRIBUTE flags enabled too early by partner
Explanation: Potential interop issue. Partner system seems to have enabled sync as well collecting or distributing flags too early even before actor has selected an aggregator
Recommended Action: No action is required.
I just love the Recommended Action
The message is indicating that the LACPDU from the server has the Synchronise, Collecting and Distributing flags all set on the first LACPDU it receives. When the link is first established the LACPDU is only supposed to have the Synchronise flag set, with the Collecting and Distributing flags set once the switch and host are sync'd. There's a prety good diagram of this at Networking Bodges in the Bringing Links Up section.
On the basis of this it would seem this is possibly a bug in the Broadcom driver. I see on the Broadcom website that version 15.6.0.10 of the driver is available. Are you able to try that driver on this server?
Regards -
I have a pfSense based router connected to a SG200-08 switch using round robin load balancing on the switch.
From the SG200-08, if I plug in a Macbook Pro with 2 thunderbolt GigE ethernet dongles, I can successfully get transfer speeds through the router at 1300Mbps.
If I connect an SG200-18 with two Cat6 cables to the SG200-08 and setup a dynamic LAGG on the SG200-08 with a IP/MAC based (LACP enabled) LAGG on the SG200-18 I am maxing out at 940Mbps using the Macbook Pro as a client.
Why is it that I seem to be limited when using the SG200-18.
FWIW, the SG200-18 has firmware version 1.3.5.58, the SG200-08 has 1.0.6.2
Network Overview
2xFTTH 1Gbps links --> pfSense --(load-balance RR)--->SG200-08--(dynamic LAGG)-->SG200-18---LACP LAGG--->Macbook Pro (dual ethernet dongles)round robin will allow you to use multiple interfaces/switch ports in the same conversation (tcp session). because of this you can achieve higher transfer speeds.
lacp does not allow you to use multiple interfaces/switch port for the same conversation. because of this, you are limited to the max throughput of the interface chosen for the session.
it is really the differences in the bonding/port-channeling methods. i think round-robin can result in high retransmission rates. -
HI,
i have some servers connected to these ports i see port-channel is up....can any one tell me what exactly "[LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED] " means ????
FSM:<Ethernet106/1/13> Transition at 555079 usecs after Fri Jun 20 20:15:20 2014
Previous state: [LACP_ST_WAIT_FOR_HW_TO_PROGRAM_TRANSMIT_PATH]
Triggered event: [LACP_EV_PORT_HW_PATH_ENABLED]
Next state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
Curr state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
FSM:<Ethernet106/1/14> Transition at 558271 usecs after Fri Jun 20 20:15:20 2014
Previous state: [LACP_ST_WAIT_FOR_HW_TO_PROGRAM_TRANSMIT_PATH]
Triggered event: [LACP_EV_PORT_HW_PATH_ENABLED]
Next state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
Curr state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
FSM:<Ethernet106/1/15> Transition at 655069 usecs after Fri Jun 20 20:15:20 2014
Previous state: [LACP_ST_WAIT_FOR_HW_TO_PROGRAM_TRANSMIT_PATH]
Triggered event: [LACP_EV_PORT_HW_PATH_ENABLED]
Next state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
Curr state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
FSM:<Ethernet106/1/16> Transition at 658790 usecs after Fri Jun 20 20:15:20 2014
Previous state: [LACP_ST_WAIT_FOR_HW_TO_PROGRAM_TRANSMIT_PATH]
Triggered event: [LACP_EV_PORT_HW_PATH_ENABLED]
Next state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]
Curr state: [LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED]Hi,
As I saw it before, these are just LACP status transition to Curr state: "LACP_ST_PORT_MEMBER_COLLECTING_AND_DISTRIBUTING_ENABLED" which means that LACP is ok. :)
When you see any other output from "sh lacp internal event-history interface e1/x " command, better check if this interface or LACP is flapping .
HTH
Jay Ocampo -
Disruptive ISSU 6.1.4a- 6.2.8 on Nexus 7010 sup1 because of LACP timers.
Hi all.
The problem.
Today I updated my Nexus 7010 sup1 from 6.1.4a to 6.2.8.
I want did it in ISSU mode, but after impact check I got this:
Compatibility check is done:
Module bootable Impact Install-type Reason
1 yes non-disruptive rolling
2 yes non-disruptive rolling
3 yes non-disruptive rolling
4 yes non-disruptive rolling
5 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
6 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
10 yes non-disruptive rolling
Additional info for this installation:
Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 6 switch ports and 0 fex ports are not upgrade ready!!
Issue the "show lacp issu-impact" cli for more details.
(modified the impact to <Hitful> for module <6>)
Do you want to continue with the installation (y/n)? [n] y
I went on with yes and update script reboot both sups after updated all modules.
It was quite a surprise for me (yes I know I must see word "disruptive" opposite my sups 5 and 6). Because I already had done two ISSU updates on two nexuses (from 5.1.* ->5.2.7 and 5.2.7 -> 6.1.4a) and didn`t have any trouble with LACP timers. Is it a new feature of the 6.* train?
I have another Nexus that I want to update. And it also has same problem with LACP timers.
show install all impact give me the same disruptive result because of LACP.
Can I somehow suppress such ISSU behavior? In case of LACP. I don`t have vPC, just ordinal PC.
It is a way better if some LACP interfaces flap in process, than an almost 14 minutes of all 7010 chassis reboot that I had.
Although problem with LACP timers is that they must be the same on the switch side and on the other side. And in case of switches, linux boxes or HP VCs changing LACP timers isn`t a big problem. IT is a biggg problem in case of the Windows Server.
sh lacp interface ethernet 8/13
Interface Ethernet8/13 is up
Channel group is 13 port channel is Po13
Local Port: Eth8/13 MAC Address= 40-55-39-23-1e-c1
System Identifier=0x8000, Port Identifier=0x8000,0x80d
Operational key=12
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Neighbor: 0x1
MAC Address= ac-16-2d-a4-f2-54
System Identifier=0xffff, Port Identifier=0xff,0x1
Operational key=17
LACP_Activity=active
LACP_Timeout=short Timeout (1s)
They must be the same and equal 30s for successful ISSUYou probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
SG300-28P - POE not correctly supported on all ports - possible firmware or hardware issue
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]:
3 Ruckus 7982 access points
1 Pakedge access point
2 home-automation controllers
2 Polycom voip phones
I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
I'm really interested to hear what Cisco's reply and findings on this matter would be. And would welcome a reply from one of their senior support team members/managers who could actually experiment with this, too. In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.show power inline
Port based power-limit mode
Unit Power Nominal Power Consumed Power Usage Threshold Traps
1 On 180 Watts 13 Watts (7%) 95 Disable
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
gi2 Never Off low class0
gi3 Auto Searching critical class0
gi4 Never Off low class0
gi5 Auto On critical class0
gi6 Never Off low class0
gi7 Auto On critical class2
gi8 Auto Searching low class0
gi9 Auto Searching low class0
gi10 Auto Searching low class0
gi11 Auto Searching low class0
gi12 Never Off low class0
gi13 Never Off low class0
gi14 Never Off low class0
gi15 Never Off low class0
gi16 Never Off low class0
gi17 Never Off low class0
gi18 Never Off low class0
gi19 Never Off low class0
gi20 Auto Searching low class0
gi21 Never Off low class0
gi22 Auto Searching low class0
[0mMore: , Quit: q or CTRL+Z, One line: gi23 Auto Searching low class0
gi24 Auto Searching low class0
show power inline gigabitethernet xx (for each device plugged in)
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 3
Invalid Signature Counter: 17583
Port Powered Device State Status Priority Class
gi2 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi3 Auto Searching critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - detection is in process
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 2
Invalid Signature Counter: 1
Port Powered Device State Status Priority Class
gi4 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi5 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi7 Auto On critical class2
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi13 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 1
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi14 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
show interfaces advertise gigabitethernet xx (for what ports are of interest)
Port: gi9
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi10
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi11
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi21
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi22
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi23
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - - -
Connectivity issues between Cisco 2901 and Cisco SG300-52
Hello,
I am having some serious connectivity issues between the hosts in my LAN.
My LAN is based on a Cisco 2901 router and a Cisco SG300-52 port switch.
The issue that has been happening is that connections between hosts on the LAN (remote desktop, extended ping, etc) is very unstable, at some point I can see a 35% lost packets on an extended ping. This happens at any time of the day and from any host.
All hosts are on the same Vlan(default Vlan) and on the same subnet. Some hosts have fixed IP addresses (servers and network equipment) and others obtain their IP address trough a DHCP reservation established on the router (reserved with the MAC address of every host).
I can provide further details if needed, because this issue is very serious and I would really appreciate any insight or support.
Many thanks in advanced.
Sair Amer
EDIT: After doing every test we could think of, we finally found the reason behind this problem.
It turns out that the switch has problems handling communications between clients at different speeds, because most of the hosts connected were working at 100 Mbps but the servers were working at 1000 Mbps (and the communication between host and servers wasn't stable).
After manually setting the speed on all ports to 100 Mbps the problems have stopped.
Many thanks for you help on this issue.Building configuration...
Current configuration : 4123 bytes
! Last configuration change at 12:06:16 PCTime Sat Jul 19 2014 by ccp
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Foninsa
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$BDbJ$HN3VP8nmywrGB55RCxPd30
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -4 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.151 192.168.1.255
ip dhcp pool FONINSA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool Laptop-Sporta-Wifi
host 192.168.1.10 255.255.255.0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-213585710
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-213585710
revocation-check none
rsakeypair TP-self-signed-213585710
crypto pki certificate chain TP-self-signed-213585710
certificate self-signed 01
30820229 30820192
quit
license udi pid CISCO2901/K9 sn
license boot module c2900 technology-package securityk9
username ccp privilege 15 password
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 190.196.21.98 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 21 190.196.21.98 21 extendable
ip nat inside source static tcp 192.168.1.3 80 190.196.21.98 80 extendable
ip nat inside source static udp 192.168.1.8 1194 190.196.21.98 1194 extendable
ip nat inside source static tcp 192.168.1.4 3389 190.196.21.98 3389 extendable
ip nat inside source static tcp 192.168.1.9 3389 190.196.21.98 10000 extendable
ip nat inside source static tcp 192.168.1.3 3389 190.196.21.98 20000 extendable
ip route 0.0.0.0 0.0.0.0 190.196.21.97
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
password $
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 5
access-class 23 in
privilege level 15
password #
transport input telnet ssh
no scheduler allocate
end -
Problems acccessing SG300-28P via management interface
I have a new SG300-28P, and have had occasional issues with being unable to connect to it via anything other than the serial port. I have connectivity between my machine and the switch (tested with ping each way), and in fact, have the same problem if I take a laptop to the switch and connect them directly.
What happens is that though the switch is operating normally, http, https, ssh and telnet attempts to access all fail in one way or another. Ssh and telnet either yields no response or a refused connection (even though those services are enabled). For http and https, I'll occasionally get enough of the web page to be able to tell what it is ... but attempts to log in just don't work.
While this is happening, the CPU and packet load on the switch is very, very low.
Rebooting didn't help entirely, though it may have made it better. Resetting to factory defaults and then reconfiguring makes it work.
This is using the latest firmware: 1.2.7.76.
Searching the web for this sort of failure doesn't yield any results -- maybe I'm the only one to see this?
I don't know what else I can do to diagnose ..... I've got it working without trouble now...I have this problem too. It seems to have started from either when I upgraded to the latest firmware and/or changed the management interface from the default (vlan 1) to vlan 11. It will stay up and pinging for anywhere from a few minutes to 3 hours, then I lose all connectivity until I reboot the device.
switch5782a5#show inventory
NAME: "1" DESCR: "SG300-10P 10-Port Gigabit PoE Managed Switch"
PID: SRW2008P-K9 VID: V01 SN: PSJ1522063N
switch5782a5#sh ver
SW version 1.3.5.58 ( date 10-Oct-2013 time 17:15:41 )
Boot version 1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version V01 -
How to choose switches, ipphones and copy machine for small business?
Hello,
I'm designing a network system for Nextrio Company. Right now, I'm going to choose a copy machine which has fax function; a small switch which could connect this copy machine and several other computers; several ip phone for small business.
Could you tell me the type and cost of these devices I should choose?
Many thanks,Hi Hanhan,
For the least amount of operational expernditure, and for great functionality at a small business price, I would suggest humbly that you look at the 300 series switch family.
The tolly group comparative report on our switch can be seen at the following link.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/Cisco300SeriesLANSwitchComparison.pdf
I would suggest you check out the following models and get pricing. the switches come in 10/100Mb/sec speed or Gigabit speeds depending on the switch port count and your needs;
Model Name
Your ordering P/N
Description
Fast Ethernet - access port 10/100MB/sec
SF300-08
SRW208-K9
• 8 10/100 ports
SF302-08
SRW208G-K9
• 8 10/100 ports• 2 combo* mini-GBIC ports
SF302-08P
SRW208P-K9
• 8/10/100 PoE ports• 2 combo mini-GBIC ports
SF302-08MP
SRW208MP-K9
• 8 10/100 Maximum PoE ports
• 2 combo mini-GBIC ports
SF300-24
SRW224G4-K9
• 24 10/100 ports
• 2 10/100/1000 ports
• 2 combo mini-GBIC ports
SF300-24P
SRW224G4P-K9
• 24 10/100 PoE ports
• 2 10/100/1000 ports
• 2 combo mini-GBIC ports
SF300-48
SRW248G4-K9
• 48 10/100 ports
• 2 10/100/1000 ports
• 2 combo mini-GBIC
SF300-48P
SRW248G4P-K9
• 48 10/100 PoE ports
• 2 10/100/1000 ports
• 2 combo mini-GBIC ports
Gigabit Ethernet - access ports 10/100/1000Mb/sec
SG300-10
SRW2008-K9
• 8 10/100/1000 ports
• 2 combo mini-GBIC ports
SG300-10P
SRW2008P-K9
• 8 10/100/1000 PoE ports
• 2 Combo mini-GBIC ports
SG300-10MP
SRW2008MP-K9
• 8 10/100/1000 Maximum PoE ports
• 2 combo mini-GBIC ports
SG300-20
SRW2016-K9
• 18 10/100/1000 ports
• 2 combo mini-GBIC ports
SG300-28
SRW2024-K9
• 26 10/100/1000 ports
• 2 combo mini-GBIC ports
SG300-28P
SRW2024P-K9
• 26 10/100/1000 PoE ports
• 2 combo mini-GBIC ports
SG300-52
SRW2048-K9
• 50 10/100/1000 ports
• 2 combo mini-GBIC ports
regards Dave -
RADIUS packet-id not incrementing, called-station-id missing
I am running v1.3.5.58 on an SG300-20. I am attempting to use a Network Access Control (NAC) solution, which involves a RADIUS proxy. It is getting confused by two odd behaviors of the SG300 when attempting EAP-PEAP-MSCHAPv2 authentication.
1. The SG300 does not properly increment the "Packet Identifier" bits as it progresses through the RADIUS negotiation. The packet identifier is always 0x00.
2. The SG300 does not properly set the "Called-Station-ID" Attribute-Value-Pair (AVP). Instead, it is left blank.
Although freeradius is able to find away around these problems, the NAC RADIUS proxy cannot. Have I done something in the config to cause this to happen (see below)? Is this a known bug? Does it have a workaround? Will our hero save defeat the villain and save the day? ;-)
config-file-header
ausoff-sw-test1
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
spanning-tree priority 40960
port jumbo-frame
vlan database
vlan 2-3,12,14,16,99,600,1000,1010
exit
voice vlan id 1010
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
dot1x system-auth-control
dot1x traps authentication failure 802.1x
dot1x traps authentication success 802.1x
hostname ausoff-sw-test1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
encrypted radius-server key C1TbrSasKDSDdUoOG2XrohFMsM5tVmu+3QyTwkiVKMI=
encrypted radius-server host 172.18.14.114 key C1TbrSasKDSDdUoOG2XrohFMsM5tVmu+3QyTwkiVKMI= priority 1 usage dot1.x
radius-server host 172.18.58.58 usage dot1.x
radius-server timeout 10
logging host 172.18.58.50
aaa accounting dot1x start-stop group radius
enable password level 15 encrypted
username nac password encrypted *** privilege 15
username admin password encrypted *** privilege 15
username cisco password encrypted *** privilege 15
username readonly password encrypted ***
ip ssh server
ip ssh password-auth
snmp-server server
snmp-server engineID local 800000090308cc68423f4d
snmp-server location "***"
snmp-server contact "***"
snmp-server community *** rw 172.18.58.58 view DefaultSuper
snmp-server community *** rw 172.18.14.105 view DefaultSuper
snmp-server host 172.18.58.58 traps version 2c nac
snmp-server host 172.18.58.58 version 3 auth nac
snmp-server group nac v3 auth notify DefaultSuper read DefaultSuper write DefaultSuper
snmp-server group SNMPSuperuser v3 auth notify DefaultSuper read DefaultSuper write DefaultSuper
encrypted snmp-server user nac nac v3 auth sha ***
encrypted snmp-server user ManageEngines SNMPSuperuser v3 auth sha ***
ip http timeout-policy 1800
clock timezone " " -6
sntp anycast client enable ipv4
sntp broadcast client enable ipv4
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 0.pool.ntp.org poll
sntp server 1.pool.ntp.org poll
ip domain name blah.net
ip name-server 172.18.19.232
ip domain timeout 2
ip domain retry 1
ip telnet server
interface vlan 2
name NACRegistration
interface vlan 3
name NACIsolation
interface vlan 12
name Users
interface vlan 14
name Dev
interface vlan 16
name LAN
interface vlan 99
name Mgmt
ip address 172.18.58.61 255.255.255.128
interface vlan 600
name "Core Test"
dot1x guest-vlan
interface vlan 1000
name Guest
interface vlan 1010
name Voice
interface gigabitethernet1
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet2
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet3
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet4
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet5
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet6
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet7
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet8
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet9
dot1x host-mode single-host
dot1x violation-mode protect trap 10
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet10
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet11
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet12
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet13
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet14
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet15
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet16
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet17
dot1x host-mode multi-sessions
no snmp trap link-status
port monitor GigabitEthernet 20
spanning-tree disable
spanning-tree bpduguard enable
switchport mode general
switchport general acceptable-frame-type untagged-only
switchport forbidden default-vlan
interface gigabitethernet18
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet19
switchport trunk native vlan 600
interface gigabitethernet20
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 2-3,12,14,16,99,600,1000,1010
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
exit
ip default-gateway 172.18.58.1Thank you for your response, Tom. I have performed packet captures associated with this issue, and they show that the Called-Station-ID AVP is not sent with the RADIUS packets, from the SG300. There is not an issue with capitalization, the value is simply not provided at all. Here is an example of a tcpdump decode of such a packet. Please note the missing attribute:
15:48:01.843296 IP (tos 0x0, ttl 64, id 59875, offset 0, flags [none], proto UDP (17), length 142)
172.18.58.61.49205 > 172.18.58.58.1812: [udp sum ok] RADIUS, length: 114
Access Request (1), id: 0x00, Authenticator: 390000003f2000009e3f0000eb670000
NAS IP Address Attribute (4), length: 6, Value: 172.18.58.61
0x0000: ac12 3a3d
NAS Port Type Attribute (61), length: 6, Value: Ethernet
0x0000: 0000 000f
NAS Port Attribute (5), length: 6, Value: 57
0x0000: 0000 0039
Username Attribute (1), length: 12, Value: SSO\dalewl
0x0000: 5353 4f5c 6461 6c65 776c
Accounting Session ID Attribute (44), length: 10, Value: 050000DF
0x0000: 3035 3030 3030 4446
Calling Station Attribute (31), length: 19, Value: E0-DB-55-B3-1D-5C
0x0000: 4530 2d44 422d 3535 2d42 332d 3144 2d35
0x0010: 43
EAP Message Attribute (79), length: 17, Value: ..
0x0000: 0201 000f 0153 534f 5c64 616c 6577 6c
Message Authentication Attribute (80), length: 18, Value: ......R..1...EU.
0x0000: bed3 b19e c70f 52e0 ec31 afcb d545 55ad -
Monitoring of CPU Memory backplane for SG-300
Hi,
How to monitor of CPU Memory Baclplane for SG300-28 (SRW2024-K9-EU)..?
Thanks for your Input,,,,See this link for the list of supported MIBS:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/clisnmp.htm#wp1042408 -
LAG configuration issue on Cisco SG300 52 Switch
Hi everybody,
I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine. However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports? Or is there any compatibility issue?
Any help from you guys will be greatly appreciated.
Thank you.
VishalHi Dave,
Thank you for your quick response and sorry to have looked at it late. Well, I already resolved the issue and like you pointed out, it was the configuration of the Dell NICs. I had to configure NIC teaming and there was a bug with the Broadcom NIC management software. I had to download this piece of software again and I was then able to configure NIC teaming on it. I initially thought that it was already configured because we got the Dell server "pre-installed with pretty much everything".
Anyway thank you for your assistance. Oh I have a question though if you don't mind clearing my doubt. We have bought 7 of these SG300 Switches and I would like to use all of them
in a hierarchical design as core, distribution and access layer switches because I believe this switch has got all the qualities to be used at all the three layers. We have about 100 users in our company at the moment but expecting growth of about 10-20 employees per year. Would you think a hierarchical network design for a 100 users is a bit of an overkill? Would you think these SG300 switches can handle network traffic at the distribution and core layers? I worked out the average daily traffic is only about 4 Mbps.
Thank you for your valuable guidance.
Kind regards,
Vishal
Date: Mon, 12 Sep 2011 08:09:40 -0600
From: [email protected]
To: [email protected]
Subject: - Re: LAG configuration issue on Cisco SG300 52 Switch
Cisco Support Community
Re: LAG configuration issue on Cisco SG300 52 Switch created by David Hornstein in Small Business Switches - View the full discussion
Hi Chundunsing,
Thank you for the purchase of my switch.
Chundunsing, I love the way you worded your question ; "I am having an issue with LAG configuration on a Cisco SG300 52 switch." ,but seriously you are having a problem with interfacing the dell with my switch.
You have LAG working to the Dell R710 teamed NICs and god knows what NICs or drivers you are using to acheive this.
Now LAG is providing , load balancing between the LAG ports.
Now LAG is providing , link redundancy for connectibity to the Dell R710.
If there is a configuration issue , it sure seems the way you have it configured without LACP is still working. But you have the option when you create a LAP group to enable LACP. You can see this as a tick box in the LAG group.
But might i also install, recently firmware version 1.1.1.8, just came out.
Please be sure to;
Step 1. update the firmware on the switch and
Step 2. select it as the 'active image.'
Step 3 rebbot the switch to utilize this active image.
If you are having any trouble doing this the admin guide references how to achieve this. for your concenience I have atteched the guide to this posting.
regards Dave
Reply to this message by going to Cisco Support Community
Start a new discussion in Small Business Switches at Cisco Support Community -
Issue with LACP on SRW2008 with W2k8
Hello,
I'm trying to configure the LACP for W2k8 and I have strange thing :
My network is :
1 SRW2008 with
a Synology NAS connected with LACP
my PC running under W2k8 with LACP
1 another PC with single
1 Router running with DD-WRT fw , used for DHCP , WIFI and for the internet connexion
I have a Dual NIC Intel and the LACP is active on my PC w2k8 , I can see my network connected at 2 Gb/s. I can surf ping the swr2008 , my router and my printer connect by wifi. I cannot ping the other PC and my NAS connected to the srw2008.
when I disconnect 1 cable of my LACP of my PC I can ping everything
if I configure w2k8 not with lacp but with ALB I can ping everything
my question is :
How to configure LACP 802.3ad on w2k8 and have the ping working to the other system connected to the srw2008 ?
Thanks a lot
EmmanuelSteve,
Are you having an issue with incoming or outgoing mail?
If the issue is with outgoing email this article may be helpful:
http://docs.info.apple.com/article.html?artnum=305634
If you are using an IMAP server provided by your employer, you may not be able to access the server without VPN.
Hope this helps,
Nathan C. -
Hi
I am using SG300-10 and connected it to two SG200 with LACP and PoE
When I tried to use ssh client to check poe status via cli, the switch suddenly rebooted.
After this, the poe is dead.
I reset the switch, reconfigured the settings but ..
as soon as I set GE1+GE2 to a LACP group,
the SG200-8 connected to GE1+GE2 is down, lost power
when I remove the GE1+GE2 from LACP group, the poe is back ...
same to any other port.
only ports that not in LACP listed in "Port Management" "PoE" "Settings"
is the hardware damanged? I am using the lasted 1.3.0.62 firmware.
The physical connected is:
L3 Mode
GE1+GE2 = LACP <---> SG200-8 nr1
GE3+GE4 = LACP <---> SG200-8 nr2
GE5 <---> my pc
Thanks for any hint/help!Thanks for the advice.
I came home today and found out a power outage happened and somehow the SG300-10P stopped working partly, any device not directly connected to it can't ping the switch or communicated to it or its conncted devices. (even after reboot)
So I decieded to reset it to the factory default and manually reapply all the setting from my memory, because last few times I tried to use backuped config file, it ended badly. ( the firmware is already updated to latest)
After that, I followed your advice and set GE1 PoE active and GE2 PoE off, and so on, now both SG200-8 and SLM2008 are getting power from port GE1 and GE3.
Still, as soon as I add a port to a LACP group, it will disappear from "
Port Management", "PoE", "Settings" page ..., is that a normal behavior? or is it a problem on SG200 or/and SLM2008? -
Intel Server NIC I350 LACP IEEE802.3ad teaming issue
Hello Community
I face an issue which i cannot resolve.
I have:
Intel Server System R1208GL4DS with buildin I350 4 ports inet adapter
OS: Windows Server 2008 R2
NIC drivers ver 18.4 (PRO set with ANS)
Data Center provides ieee802.3ad dynamic aggregation teaming connection, It uses 2 ports on my server (0 and 3)
DC uses Cisco Nexus switches
SpanningTreeProtocol is ON and cannot be switched off by DC.
Problem:
One of the adapters suddenly goes on standby state and doesnot pass traffic.
As the result the whole connectivity to server and to services I use stuck at that moment.
There is only one way to resolve is to restart server or restart whole team by changing the team properties.
Nic properties:
flow control off
ofloads off
rss off
Team:
I have tried to change everything playing with any property within nic or team. No luck.
Some information from DC support of the swith config:
# sh interface po1113 switchport
Name: port-channel11
13
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 300,390,398-399
Voice VLAN: none
Extended Trust State : not trusted [COS = 0]
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: 1
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Please advise as I'm almost stuck.
Thank you.May be problem on Cisco side, Cisco is very clever, could assessed network traffic as a problem and close the port. When OS is running, then NIC Teaming working fine, but when you boot up server, "BIOS not running with NIC Teaming", in this moment
may occur problem on Cisco side.
I recommend, if you use Cisco, configure NIC Teaming in LACP mode and configure your two ports on Cisco to LACP, it's better way.
Regards,
thennet
Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!
Maybe you are looking for
-
Issue with Shared Components - Report Layouts Download
After my isp provider upgraded from APEX 3.2.1 to 4.0, I am now unable to go into the Shared Components -> Report Layouts section and access an existing report to download my rtf template. Is there another way to go and get this out of the database.
-
How to get max sequence number when some record exists in data base table
Hi, I need to create sequence such a way that it should starts from max value already exists in table. Example: I have table like below: ID NAME 1 A 2 B 3 C 4 D Now when creating sequence it should start from 5 but I should't hard code STARTS WITH 5
-
Premier Pro CC and Media Encoder crashing on long file export.
Please forgive the length of this inquiry. But it is complicated and has a lot of variables. I have an hour long mixed format timeline both Red 3K footage and Black Magic ProRes 1080P footage that I want to make a DVD from and it takes forever and cr
-
Helix Fans in keyboard portion ALWAYS running at full speed
Hi, I was wondering if anyone from Lenovo support (or a fellow user) could recommend a Lenovo sponsored solution for the problem regarding the fan in the keyboard tray always running at full speed on the Helix? I know there are a bunch of 3rd party f
-
Compare a role in two different systems
Hi All, Is there way to comapare a role in 2 differnet systems as we have dual landscape for ECC. Thanks, Lisa