SG300-28 uplink to another SG300-28
Can I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
Yes, you can. But if there is a longer distance in between you need to use a Cat 6 instead to get 1GB. But you might get away with it.
And by just connecting you have a Layer 2 switch connection. If you need more (e.g routing) it all depends on what you are trying to achieve.
Sent from Cisco Technical Support iPad App
Similar Messages
-
Connecting SG300-10P to another SG300-10P
please forgive the newbie question but trying to upgrade/expand my network beyond the simple linksys switch i currently use.
what is the proper way to connect a second SG300-10P to the system?
current configuration is:
cable modem to Cisco Router RV042G. Router port 1 to SG300-10P port G9 (the switch is located in another room)
from the SG300-10P i have ethernet cables (Cat 5) running throughout the building
in another room, i would like to add another SG300-10P. do i connect from the ethernet jack in that room to port G1-G8 or do i connect to the G9 link port?
thanksHi Lee, it generally doesn't matter. The reason it matters interconnecting these switches is because the POE is designed to work with older Cisco POE devices and the connection will detect a valid resistance and attempt to supply power to the switch which in turn may give adverse affects.
-Tom
Please mark answered for helpful posts -
SG300-28P - POE not correctly supported on all ports - possible firmware or hardware issue
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]:
3 Ruckus 7982 access points
1 Pakedge access point
2 home-automation controllers
2 Polycom voip phones
I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
I'm really interested to hear what Cisco's reply and findings on this matter would be. And would welcome a reply from one of their senior support team members/managers who could actually experiment with this, too. In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.show power inline
Port based power-limit mode
Unit Power Nominal Power Consumed Power Usage Threshold Traps
1 On 180 Watts 13 Watts (7%) 95 Disable
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
gi2 Never Off low class0
gi3 Auto Searching critical class0
gi4 Never Off low class0
gi5 Auto On critical class0
gi6 Never Off low class0
gi7 Auto On critical class2
gi8 Auto Searching low class0
gi9 Auto Searching low class0
gi10 Auto Searching low class0
gi11 Auto Searching low class0
gi12 Never Off low class0
gi13 Never Off low class0
gi14 Never Off low class0
gi15 Never Off low class0
gi16 Never Off low class0
gi17 Never Off low class0
gi18 Never Off low class0
gi19 Never Off low class0
gi20 Auto Searching low class0
gi21 Never Off low class0
gi22 Auto Searching low class0
[0mMore: , Quit: q or CTRL+Z, One line: gi23 Auto Searching low class0
gi24 Auto Searching low class0
show power inline gigabitethernet xx (for each device plugged in)
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 3
Invalid Signature Counter: 17583
Port Powered Device State Status Priority Class
gi2 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi3 Auto Searching critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - detection is in process
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 2
Invalid Signature Counter: 1
Port Powered Device State Status Priority Class
gi4 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi5 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi7 Auto On critical class2
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi13 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 1
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi14 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
show interfaces advertise gigabitethernet xx (for what ports are of interest)
Port: gi9
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi10
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi11
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi21
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi22
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi23
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - - -
Spread vlans from SG300 to other SG300
Hi,
propagate vlans from one SG300 to other SG300
i have Two switchs SG300-52, i would like configure my switchs to spread their vlans ?
what's the difference between "General, Access, Trunk or Customer" on the Interface VLAN Mode ?
Thanks for your helpHi Richard
General mode allows multiple untagged vlans and also multiple tagged vlans to exist on the same switch interface. I have never used this mode personally.
Trunk mode allows ONE untagged vlan and multiple Tagged vlans to exist on the same switch interface.
Access mode allows only one untagged vlan to exist on a switch interface.
I find the default setting of trunk mode the most useful , and therefore leave this setting alone.
It allows any port to be untagged in one vlan and if needed tagged in many vlans, so this interface setting can be used for PC that are not vlan aware or Uplinks to other switches.
You will notice at the top right corner of the configuration GUI, a help option. This option brings up a window giving help on the GUI page you have in front of you.
Hope that answered your question.
regards Dave -
Connecting several SG300 for failsafe
Not quite sure what will be best practise for me here:
3 x SG300-28
1 x SG300-10MP
Placed in 3 locations
1:
1 x SG300-28
2:
2 x SG300-28
3:
1 x SG300-10MP
I have 4 lines between locations 1 and 2, and 2 lines between locations 2 and 3
My idear was to use the 4 lines from location 1 and split them 2 and 2 on the switches in location 2
Between the two switches on location two I plan on have a 4 port LAG.
The 2 lines from location 3 I planned on split between the two switches on location 2
What I am uncertain about is STP, LAG's and how to get the best failsafe setup.
Any help would be appreciated greatly.Looks like I managed to get it working my self.
Used the idear I mentioned and here's the setup:
Location 1:
1xSG300-28
Switch setup with 2 LAG's each including 2 ports
Location 2:
2xSG300-28
Each Switch set up with a 4-port LAG as "stack" between the two.
Each Switch set up with a 2-port LAG connected to the Switch on Location 1
Location 3:
1xSG300-10MP
Switch connected with one line to each of the Switches on location 2
So far the setup is working as a charm. -
How to configure port to connect switch SG300 to 3com switch
Hello,
I need help. I have my network with severals SG300 switches.
I have one of them like my core switch working in layer 3 mode. With 2 vlans and vlan interfaces to each vlan.
Everything is working ok.
But now i have to connect one 3com unmanage switch that have host from vlan 1 and 2. How should i connect this switch to my Cisco sg300 switch? What mode should i use in that port?
thanks a lot.
SG300 L3 Switch
I
I
SG300 L2 switch
I
I<-------- How should i configure this connection to support all vlans.
I
3com unmanage switch
I I
I I
I vlan 1
vlan2Use MAC-based VLANs on SG300 L2 switch, register all clients in needed VLANs (or better setup SG300 L2 port to 3com in PVID VLAN with maximum clients and others in MAC-based VLANs).
-
SF300-24PP switch causing err-disable on some other switch Uplinks
This is something that happened as I was setting up a couple of these PoE SF300 switches for IP cameras.
We wanted to save a little money so we purchased a few of these switches to daisy-chain onto a couple of our 4507s to provide PoE support for IP cameras that are coming in. But an odd thing happened when I set one up and connected it.
I set up the SF300 switch with all FE ports set to access and for VLAN 18 (our camera VLAN). I then configured a Portchannel (PO2) and assigned GE1 and GE2 to it. I defined the allowed VLANs 10,14,18 on the Port Channel Interface definition. I also created an SVI Interface VLAN definition for our management address (on VLAN 10) to be able to SSH into the switch once it's on the network.
I did most of this thru the CLI and not the GUI.
I saved the config (copy run start) and turned off the switch then deployed it in the IDF closet. I powered it up and connected the GE1&2 ports to 2 Gig ports in the 4507 defined with PO2 - both with MODE=ON.
Well, as I found out later, my config changes never got saved and the GE1&2 because trunk ports, so when I plugged them in, They started acting independently. At about the same time another switch we have in our network (that is daisy-chained off a 3750 - 1 trunk port) suddenly had it's uplink put into ERR_DISABLE mode (we also had this occur with another 2 switches with a very similar config - Daisy-Chain).
Now , how my config never got saved issue, is not at the forefront of my mind as much as how did a couple of switch uplinks in another building go into ERR-DISABLE.
I know that our 4507s run rapid per-vlan STP+ and that the SP300 only runs Rapid STP, but this is a real mystery to us. If anyone has any ideas for tracking this down, please reply.Hello James,
Welcome to the forums!
About the default settings. The switch comes with vlan1 as the default vlan for all traffic.
Here is a quick overview of the port settings
access - one vlan
trunk - multiple vlans
general - multiple vlans (had additional options)
When using the auto voice-vlan, you can have your port set as access for vlan 1 and when the switch see a phone connected, it will join the voice vlan also. This allow the ports to be dynamic. It is not necessary to do this. You can create all ports as trunk ports that are part of both your default vlan and your voice vlan.
The benifits of auto-voice vlan
-phones are discovered and joined to the vlan dynamically
-predetermined QoS settings
-security in that you can have your port set to access
This is a relatively basic overview.
As for the problem you are seeing. I would recommend that you check the firmware of the switch and upgrade if needed. While it may not have anything to do with the problem at hand, it will help prevent any future issues.
I would suggest disabling the Green Ethernet, which can be found under the port management section. If you continue to see the problem after that, I would recommend giving us a call at the support center. We will be able to look a little closer to what is happening.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html -
SG 300-10's not performing as well as generic 10/100 switches over long cable run
We have recently replaced three - 10/100 Netgear or DLink switches at a customers site with three - SG 300-10 Gb switches. We are having a bandwidth problem with the connection between two of the switches. The customers says that the connection is slower than it was when we were using just the 10/100 switches. Here are the connection details -
The cat5 cable length is approx 374 feet (tested with cable tester and all wires are connected)
I have one end of network cable plugged in to port 10 on one SG300 and the other end plugged in to port 10 on another SG300. When I have the port settings set to "Automatic", I do not get any link light at all. When I set the one end to "100m Full Duplex", the switch at the other end shows that it sets itself to "100 Half Duplex", I get a link light and the switches pass network traffic between one another. Since 100 M seems to work, I tried to set both ends at 100 M full and 100 M half but have had no luck getting any better bandwidth than when one switch is set to 100M Full and the other is set to Auto.
The issue is that they were getting better bandwidth with the old switches.
Are there port settings that I can change so that these two switches will work better with one another at the 10/100 speed? I would think I could at least duplicate the speed they were getting with the cheaper switches.Thanks Siva
My results are attached in 2 text files. The remote switch is the one at the far end of the long cable run. The Middle switch is in the "Middle" of the network and is connected to another SG300 switch in the server room.
In addition to the attached files. I received this message during my telnet session to both switches -
switcha5eedb#09-May-2013 09:05:49 %CDP-W-DUPLEX_MISMATCH: Duplex mismatch detected on interface gi10.
Message was edited by: Larry Broering
Message was edited by: Larry Broering -
How to remove COMPLETELY on interface configuration
I have a SG300 switch and there are smart port macros enabled on the user/phone ports, which is giving me a headache. On another SG300 switch, there are no smartport macro and things work as expected. I can define which VLAN is used for voice and the one which can be used as data, by using it as native VLAN. How do I disable this feature (cli, most preferably, if not, GUI) so I can set the VLANs as expected? VLAN 231 is used as data and 203 is used as Voice
Here's the messed config from my switch:
switch#sh run int gi4
interface gigabitethernet4
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
macro description "no_ip_phone_desktop | ip_phone_desktop"
switchport trunk allowed vlan add 231
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
and how MAC address behaves on that port.
switch#sh mac address-table int gi4
Flags: I - Internal usage VLAN
Aging time is 300 sec
Vlan Mac Address Port Type
1 00:15:65:xx:xx:xx gi4 dynamic
231 00:15:65:xx:xx:xx gi4 dynamic
switch#
And on another switch, thins are as expected:
switch2#sh mac address-table interface gi22
Flags: I - Internal usage VLAN
Aging time is 300 sec
Vlan Mac Address Port Type
207 90:b1:1c:xx:xx:xx gi22 dynamic
switch2#
Regards,
VitorHi Vitor,
If you do not wish to use smart port macro you can just run global configuration mode command "macro auto disabled", all ports should restart however you may want to save running config to startup and reboot.
I hope this helps,
Aleksandra -
Aironet 1142 as supplicant to 2960 switch (NEAT/CISP/MAB)
Hello!
First, my configuration, (then the problem down below):
I have an Aironet 1142 with mulitple SSIDs [mapped to VLANs] connected to Gi1/0/2 on a 2960 switch in a user-accessible area. This switch is uplinked to another 2960 switch in a wiring closet, and the Microsoft NPS server is connected to the wiring closet 2960.
Aironet -- 2960 [user area] --- 2960 [closet] -- NPS RADIUS
I have the user-area 2960 configured as an authenticator switch for dot1x, and port Gi1/0/2 is authenticating the Aironet via MAB to RADIUS. RADIUS is sending VSA device-traffic-class=switch to the 2960. The closet-2960 has no special 802.1x configuration, nor is it an authenticator swtich; it just has a manually-configured trunk port to the user-area 2960 [for now; i'm trying to take this one step at a time!].
The user-area 2960 correctly converts port Gi1/0/1 to a trunk port when the Aironet is authenticated [via MAB]. The Aironet boots up, the port is opened, I can ping the Aironet on the native VLAN, and all is well [so it seems]. The Aironet's dot11Radio is configured for two SSIDs and mapped to VLANs, which are being spanned via STP thru the user-area 2960 and the closet-2960. STP is correct and verified on all switches.
I have DHCP snooping configured on the user-area 2960 but only for VLAN 1 [but NOT the wireless user VLANs], the trunk port to the closet 2960 is a trusted port. Hosts on the wired ports on the user-area 2960 are able to get DHCP IPs. On the Aironet, "show dot11 associations" shows hosts on the SSIDs are getting DHCP addresses. Again, I am *NOT* running dhcp snooping on wireless SSID VLANs [i read elsewhere that can cause problems as users roam between Aironets].
I do have CISP configured on the user-area 2960. I do not have CISP configured on the closet-2960 [best I can tell, that's not required at this stage, but I could be wrong].
Despite the alleged documentation, I could not get the Aironet to use a dot1x credentials profile to authenticate to NPS/RADIUS as an 802.1x supplicant, which is why I resorted to MAB for this exercise. The Aironet simply would not run dot1x [best I could tell]. The documentation and configuration didn't seem complex, so I was quite confused.
I have upgraded the Aironet to the latest 12.4(25d)JA2 software, and the 2960 is at 12.2(55)SE7 [i saw 12.2(58) has some issues, but i'm willing to be persuaded otherwise, based on sound advice].
Ok, now the problem:
Users on the guest wireless SSID (Vlan 20) say they cannot connect. Yep, classic. VLAN 20 is trunked and spanned to all the sufficient places. The Aironet shows users in the associations list for that SSID with IP addresses from the DHCP server! DHCP snooping is not configured on that VLAN.
I read another support forum post saying CISP and MAB could cause problems with "disappearing" ARP entries. I appear to have that problem. However, the user on the Staff wireless (VLAN 10) has full access. Am I running into a problem with "multi-host" authentication config? Via tcpdump on my firewall, I see nothing but broadcast and multicast traffic coming from a host on VLAN 20. What puzzles me is how I do see *SOME* traffic from a VLAN 20 host on this SSID, but no unicast traffic! Argh!
Since you're going to ask, here is my port config for this AP on the 2960 authenticator switch in the user-area, and the AAA config pieces:
#sh run br | in ip dhcp
ip dhcp snooping vlan 1
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcp_snoop.txt
ip dhcp snooping
#sh ip dhcp snoop
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is disabled
circuit-id default format: vlan-mod-port
remote-id: ccd5.3947.7980 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Allow option Rate limit (pps)
GigabitEthernet1/0/46 no no 15
Custom circuit-ids:
GigabitEthernet1/0/48 yes yes unlimited
Custom circuit-ids:
GigabitEthernet1/0/52 yes yes unlimited
Custom circuit-ids:
#sh run br | incl aaa auth
aaa authentication login default local group rad_eap
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec default local group rad_eap
aaa authorization network default group rad_eap local
#sh run int gi1/0/2
interface GigabitEthernet1/0/2
description Wireless Access Points
switchport mode trunk
switchport nonegotiate
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth limit 50
priority-queue out
authentication host-mode multi-host
authentication order mab dot1x
authentication port-control auto
authentication violation restrict
mab
mls qos trust cos
macro description CISCO_WIRELESS_AP_EVENT
auto qos trust
spanning-tree portfast
#sh int gi1/0/2 sw
Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
#sh auth sess int gi1/0/2
Interface: GigabitEthernet1/0/2
MAC Address: acf2.c5f2.8e27
IP Address: 10.100.32.42
User-Name: acf2c5f28e27
Status: Authz Success
Domain: DATA
Oper host mode: multi-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A64200B00000CDA41AFBEDF
Acct Session ID: 0x00000D00
Handle: 0xDE000CDA
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
#sh mab int gi1/0/2
MAB details for GigabitEthernet1/0/2
Mac-Auth-Bypass = Enabled
#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/2 on 802.1q trunking 1
Gi1/0/48 on 802.1q trunking 1
Gi1/0/52 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Gi1/0/2 1-4094
Gi1/0/48 1-2,10,20
Gi1/0/52 1-2,10,20
Port Vlans allowed and active in management domain
Gi1/0/1 1-2,10,20
Gi1/0/2 1-2,10,20
Gi1/0/48 1-2,10,20
Gi1/0/52 1-2,10,20
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1-2,10,20
Gi1/0/2 1-2,10,20
Gi1/0/48 2
Gi1/0/52 1-2,10,20
Ok, what am I missing??The problem lies in the wired Ethernet port on the Aironet. I did not submit that configuration because I thought it was simple and unrelated. Here is what I had:
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
The correct configuration should have been:
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
The line "no bridge-group 20 unicast-flooding" should not be applied to the wired port. That's stupid. With that erroneous command, the wired port will forward only broadcast and multicast traffic! Unicast traffic will be dropped. Oops.
However, I do not understand why applying this to the radio interfaces has no effect there. I have yet to find any conclusive detailed answers, either. Regardless, my original problem is fixed. -
Manipulating SNMP Trap link_down severity level?
Dear Cisco experts,
I wonder if there's a way to manipulate sent traps from a switch with different severity levels?
I now see SNMP link_down traps in my NMS, but they're all of the same level, but a link_down from a desktop is 'normal', a server link_down would be 'warning', but when an uplink to another data center goes down, it should result in all alarms going off, so should be 'critical'.
Is there a way to tell my switch to send an SNMP trap on a different severity level dependent on the type of interface? This is most important because these links all have different SLAs.
Many thanks for your support and suggestions.
Marco van der PalThis is not possible, Only one sort of trap is possible
You best approach woud be to disable up-down traps on ports that are not important.
LMS now has port groups. That feature could be usefull for doing this
Cheers,
Michel -
Catalyst 3650 as MC with non-directly connected APs
Hello,
I have a Catalyst 3650 operating as a Mobility Controller. I had to change the interfaces on the 3650 that connected to the access points to explicit access ports (switchport mode access). Before that command was configured, the APs sparatically dropped from the controller - now they are fine. I have a few other APs in the building that cannot be directly connected to the 3650, but need to terminate CAPWAP with it. The uplink from another switch (Access Switch 1) to the 3650 is a trunk, and the port from Acccess Switch 1 to the AP is an access port, however I getting the same message in the 3650's logs about it not being an access port and the AP is dropping connection to the MC.
How can I properly terminate CAPWAP from an AP connecting to Access Switch 1 through a trunk to the 3650 operating as a Mobility Controller?
Thankswith the 3850, the AP needs to be directly connected to the switch for it to be able to terminat the CAPWAP tunnel. If your other closet switch is a 3850, you can put it in MA mode, and build the SPG to the MC.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Switch inter-connectivity question
Good day to all. We have a small LAN with less than 10 switches total. Including all the network printers and PCs and servers there are about 70 nodes in this building. In the data room, there are (6) 24-port Catalyst switches. I am trying to determine the best way to inter-connect them. 2 of the switches are c3750x and are stacked. 2 are C3560X and cannot be stacked, and the other 2 are C2960G and cannot be stacked. Also, there is a C2960G in another building connected to one of these 6 via a 1G uplink. I wish I had gotten more of the switches with stack capability, but at the time I was not aware of the advantages of stacking.
So... The 2 C3560X switches each have a 10-G network module installed. One of the 2 3750X's (the stack master, call it Switch-A), in the stack has a 10G module as well. In a perfect world, I would take the C3560X (the one that is layer-3 with routing enabled and also the default gateway), and connect all the other switches to that one, and use both the 10-gigabit uplinks and then use 1-G uplinks for the rest. But if I use the 10-G ports, then I cannot use the other 2 1G SFP ports in the network module. So I am limited to 2 10-G uplinks per C3560 switch. I can't connect all the other switches to this one unless I used some of the standard (non-SFP) ports.
So here is the way I have it set up right now: there is a 1-G fiber uplink from another building and the fiber is FDDI so it is not possible to use a 10-G uplink between the buildings; they are too far apart for FDDI. We might run some OM3 fiber later, but for now, the 1-G uplink is the best we can do. So the 2 buildings are connected using a gigabit fiber uplink with SFP ports, and the fiber coming from the other building is connected to the C3560 that is not the default gateway. The default gateway switch, call it switch-1, is using both the 10-G uplinks and has one 10-G port connected to the master in the 2-switch stack, (one of the C3750X's, call it Switch-A). The other 10-G uplink goes to the other C3560X, call it Switch-2 (Switch-2 is the one with the fiber uplink from the other building). Switch B is the stack slave and is only connected via the stack cables. The other 2 switches are C2960G-24TC-L and one is connected to Switch-A with a 1-G copper SFP uplink, call it Switch-3, and Switch3 is connected to the other C2960G with a 1-G copper uplink. I have attached a basic diagram.
So... my question is, without spending more money, is this the best way to connect them? I could use more of a hub and spoke topology if I did not stick to SFP ports for all the up-linking. It was my understanding that the SFP ports are the best ones to use for uplinks. But due to the limitations of the network modules, I could not connect more than 2 SFP uplinks from a given switch, or 3 in some cases where only 1G uplinks were used.
If we did not mind spending a few more thousand (I would love to run OM3 between the buildings and get the speed up to 10G), so if we had another 5 to $10,000 to spend, would it be worth getting a switch full of fast SFP modules and using it to uplink all the other switches (a total of 5 counting the link from the other building and not counting Switch-B since it connects via the stack)? Everything is working well, so it might be better to leave it alone. Any helpful comments and/or suggestions are welcomed with a heaping helping of sincere appreciation!
Thanks!
FluxDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
What you might consider is using your dual 3750X stack as the physical core and as the L3 router. All your other switches (except the off-site switch) would have dual port channel links, one link to each 3750X. This provides core and L3 redundancy and can provide more inter switch bandwidth.
For you critical single home devices, such as your Internet and off-site switch connections, you can have a logical configuration "mirror" port ready on the second 3750X stack member, so if the member with the active link fails, you only need to repatch. (This can also be use for other critical single homed servers).
On a 3560X/3750X switches you do want to use the SFP ports for your busy ports (because they have their own reserved hardware buffers). However, if you use 10g port, as 10g, you lose half your SFP ports. Without knowing your expected traffic flow patterns, I cannot not say whether using all the SFP ports for dual gig port-channels would be better than having some on copper edge ports and some as dual 10g fiber ports. -
The difference b/w physical removal & entering shutdown command?
Hi all,
What is the difference between A port has enabled by no-shutdown command but it has not physically connected and for the same port has been disabled by shutdown command even it has physically connected with other device?
Thanqs in advance.Hi all,
What is the difference between A port has enabled by no-shutdown command but it has not physically connected and for the same port has been disabled by shutdown command even it has physically connected with other device?
Thanqs in advance.
The no shutdown command. An interface may be correctly configured and physically connected, yet be "administratively down." In this state it will not function at all.Operational enable state only has something to do with the type of port.
Either access or trunk or none/disable.
Access Ports for clientpc will be (#switchport mode access) and trunk for uplink to another switch or router(#switchport mode trunk)
This is the output from #show interface
Port is shutdown:
FastEthernet0/1 is administratively down, line protocol is down (disabled)
Port is no shutdown and is not connected
FastEthernet0/2 is down, line protocol is down (notconnect)
Port is no shutdown and is connected
FastEthernet0/3 is up, line protocol is up (connected)
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
Connecting two cisco ESW 500 series switches.
Hi Experts,
I have a basic knowledge of network and need some help.
I have two cisco ESW 500 series switches and i want to connect them together.
Q1 # Which type of cable i should use to connect these two switches CrossOver or fiber...What is the advantage of using Fiber over CrossOver. ?
Q2 # What are the marked ports in the image used for...???tech spec,
Traditionally you would use crossover to connect switches. Most modern network devices have Auto-MDIX which allows the device to connect using either crossover or straight through.
The ports on the right can be used for uplink or as regular network ports. On the 10/100 versions the ports on the right are usually Gigabit, thus making them more suitable for uplink to another switch, etc.
Please mark this thread as answered or reply if you have any additional questions.
- Marty
Maybe you are looking for
-
1) how can I see what is on my icloud and how would I edit the data that is on it? 2) I am having problems with an app syncing data with pc - how can I fix that? It is mobile noter.
-
What is new in ios 7.0.3?
-
Hi All, I am using <b>CL_GUI_ALV_GRID</b> to create an ALV grid.This screen is called from a first screen.I am also using a custom defined button in the ALV tool bar for inserting a row into the ALV.I am handling the button click in the event <b>U
-
How to use preview as an external editor in iphoto
i cant find the option for adding preview as external editor plz help
-
Um =my =macbook =is =having =some =weird =keyboard =glitches
ok =as =you =can =see =my =space =bar =is =spacing =but =is =also =adding =an = =sign =everytime =i =hit =it =and =my =delete =key =is =bring =up =dashboard =everytime =i =hit =it =and =i =don't =know =whether =to =reinstal =os =x =or =what.please =h