SG300-28 VLAN`s

I would like to swich SG300-28 grouped into separate VLAN ports. (firmware ver. 1.3.7.18)   L2 mode
1 separate vlan - Ports 1-4
   - Connected to port 1 on the router DHCP1 link
   - To ports 2-4 - stations that receive addresses from DHCP1
2 separate vlan - Ports 5-8
   - 5 connected to the port of the router dhcp2 link
   - To ports 2-4 - stations that receive addresses from dhcp2
problem: dhcp addresses are collected only for the subnet jedenj either of DHCP1, or from dhcp2
For srw2016 I had no problems, and SG300-28 have no idea how to do it :)
Can you suggest how to do it?

Hi,
As your configs do not show any GVRP configuration my view is that you have created vlans at both boxes in the static way. If this is the case the vlan configurations at both ends would show discrepancy as for the vlan 10 name (you can check via the "show vlan" command at both boxes).
Can you please try to add the "name data" under "interface vlan 10" at L3 or delete the same line at L2 and then see if there is any progress.
Best regards,
Antonin

Similar Messages

  • SG300-10 VLAN Questions

    My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
    VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
    Workstation A (Wired)
    172.16.1.2/24
    Server B (Wired)
    172.16.1.3/24
    VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
    Server C (Wired)
    172.16.2.2/24
    Server D (Wired)
    172.16.2.3/24
    Server E (Wired)
    172.16.2.4/24
    Server F (Wired)
    172.16.2.5/24
    VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
    Laptop G (Wireless)
    DHCP via Router
    Laptop H (Wireless)
    DHCP via Router
    Laptop I (Wireless)
    DHCP via Router
    Wireless Router
    192.168.1.254/24
    Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
    So my questions are:
    1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
    2) Is VLAN 3 really necessary?
    3) What would I need to do, to get the 3 VLANs communicating with each other?
    4) What should the gateway be, to get VLAN 1 internet access?
    5) What would I need to do, to expose Server B services to the outside?
    6) What static routes do I need to add?
    Thanks in advance!
       Jer

    Hello Jeremy,
    Thank you for your interest and patience.
    You are on the right track here. However, several important changes must be made. Consider the following concepts:
    The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
    The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
    However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
    Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
    The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
    In this scenario, a SG300-10 is configured with 3 VLANs:
    VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
    VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
    VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
    VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
    ip route      0.0.0.0      0.0.0.0      192.168.1.1
    The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
    However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
    Subnet IP               Mask                    Gateway                                              Interface
    192.168.2.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
    192.168.3.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
    As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
    Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
    Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
    Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
    Do not hesitate to contact us. We are always happy to help.
    All the best,
    -David Aguilar
    Cisco Small Business Support Center
    1-866-606-1866

  • SG300 inter-VLAN routing and MAC address changes in incoming packets

    Hello
    I have SG300-20 working in Layer3 mode
    VLAN1 is not used
    Internet gateway is in VLAN211
    Clients are in other VLANs
    Switch is default gateway for clients and itself has internet gateway as default route.
    MAC address of switch is XX:XX:XX:XX:XX:63
    When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
    But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
    Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

    Hi Robert,
    I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
    When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
    Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
    Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
    Thanks,
    Chris

  • SG300's vlan isolation except for shared printers

    Hello,
    We have 2 x SG300-20's and 1 x SG300-10.
    We want to have a few vlans to isolate different departments from each other while still providing access to the broadband uplink as well as shared printers.
    The setup we would like would be something like this:
    1 x SG300-20 for VLAN 2
    1 x SG300-20 for VLAN 3
    1 x SG300-10 for VLAN 4-6
    Shared printer(s) on VLAN 6 which should be accessible from all other vlans
    We also have a RV180 router sitting in front of the switches which should provide broadband uplink access and trunking for the switches.
    We need to forbid vlan 2-5 from communicating with each other.
    In order to simplify and test, we are using the SG300-10 switch only in L3 mode at the moment with 3 computers to simulate 3 vlans but it seems to turn on inter-vlan routing on every port and vlan automatically when you set the switch in L3 mode and in L2 mode, vlan isolation works but we need to use the router to serve up dhcp and inter-vlan routing on a single vlan, which after over 6 hours of having the cisco tech logged into our system to try to set it up he gave up and said he didn't understand why it was not working...
    Is there a way to use this setup, or something simillar?
    We have contacted cisco support a second time and have had a tech test our switch config file for a week now and still no progress on this and we need to have this working asap.
    We were told that this was possible with our equipment but it seems there are serious limitations with this gear that even the cisco techs don't know about...
    We can provide the switch config upon request.
    Thanks!

    Hi Tom,
    I replaced the cisco RV180 with a netgear FVS318N and so far, in the lab anyways, I've gotten the setup the following setup to work:
    SG300-10 in layer 3 mode:
    Port 1 - Admin Port - Vlan 1 pvid
    Port 2 - general - VLAN 2 pvid - tagged vlan 4 - forbid vlan 3 - dhcp 192.168.2.0/24 (iface 192.168.2.203)
    Port 3 - general - VLAN 3 pvid - tagged vlan 4 - forbid vlan 2 - dhcp 192.168.3.0/24 (iface 192.168.3.203)
    Port 4 - general - VLAN 4 - Tagged vlan 2 - Tagged vlan 3 - dhcp 192.168.4.0/24 (iface 192.168.4.203)
    Port 10 - Trunk - pvid vlan 1 - Tagged 2-3-4 - (iface 192.168.254.203)
    Routes:
    Added default gateway to vlan 1 iface on router
    Added 192.168.1.0/24 gateway vlan 1 iface router ip (lab's upstream router is on that block which doesn't have an iface on the switch)
    IPV4 ACL:
    Port 2 - priority 500 - Deny any to vlan 3 subnet
                priority 1000 - permit any to any
    Port 3 - priority 500 - Deny any to vlan 2 subnet
                priority 1000 - permit any to any
    On the netgear router, vanilla config with the 4 vlans added to it and inter-vlan routing enabled with switch port 10 plugged into router port 7 for uplink.
    So far it seems to be working correctly, still need to test vlan hopping and static ip's and routing to simulate mis-configured or malicious computers plugged into the two main vlans but replacing the router seems to have done the job.
    Perhaps further testing would of resulted in a working setup with the RV180 but after so many hours wasted on this setup by us and by the cisco tech, it was time to make a move.
    What's your opinion on this setup Tom?
    I'm so tired I'm getting cross-eyed and might be forgetting something important.
    Thanks!

  • SG300-24P VLANs

    I'm moving from a WS-C2960-24PC-L to a SG300-24P.  Most things are working ok.  I'm seeing one thing that isn't coming over as expected, but it might be a syntax problem.  I have two ports that are setup on two VLANs.  Here is the port config from the 2960:
    interface FastEthernet0/1
    switchport trunk native vlan 4
    switchport trunk allowed vlan 4,40
     switchport mode trunk
    interface FastEthernet0/2
     switchport trunk native vlan 4
     switchport trunk allowed vlan 4,40
     switchport mode trunk
    Here is the port config from the SG300
    interface gigabitethernet1
     switchport trunk allowed vlan add 40
     switchport trunk native vlan 4
    interface gigabitethernet2
     switchport trunk allowed vlan add 40
     switchport trunk native vlan 4
    The SG300 doesn't accept the same commands so this was as close as I could get.  Should this work as expected?  What I'm seeing is that VLAN 40 works ok, but not VLAN 4.

    I figured it out with the following:
    interface gigabitethernet1
     switchport trunk allowed vlan add 4,40
     switchport trunk native vlan 999
    interface gigabitethernet2
      switchport trunk allowed vlan add 4,40
     switchport trunk native vlan 999
    I created a fake VLAN 999 and set it to native. 

  • Cisco SG300-28 VLAN issues

    I'm throwing this out in hopes of finding a solution.  I just purchased the Cisco SG300-28 to replace an old Catalyst 3548 switch.  I have three VLAN's and I use a separate routing appliance.  My VLANS I use are 1 (management/Trunk), 100 (Regular Access), and 101 (Restricted Access).  On the Catalyst 3548 I statically assigned the ports for the Vlans.  My servers use trunk ports to communicate between the VLANs for various services.
    My problem is that when I setup the SG300-28 for trunk ports for the servers, I can communicate with them so long as I'm on another port that's not setup for the other two VLANS.  Vlan 100 and 101 don't route or get DHCP anymore.  I am also not able to ping back into the Vlans from the trunk ports.
    I believe my issue is that I don't understand the difference between the old way of statically assigning Vlans to the ports from the new way.  I was using V3 of the Cisco Networking Assistant which is different from the Web Interface of the Cisco SG300.  It also could be that I wasn't using the trunk ports properly.
    Either way, any assistance would certainly be appreciated.  Thank you.
    DJ Smith

    I did get this switch figured out finally and I apologize for not getting back to this sooner.  I had crafted a response only to have this board dump it so I am using notepad to
    save everything before posting.
    Here is a basic diagram
          /--------------{CISCO SG300-28}------------------------------------\
          |                                    |                         |                                  |           | 
          |                                    |                         |                                  |           |
      [Cisco 3548]    [VMWare ESXi 3.5]  [Windows SVR 2003]        |           |
        [Port 13]                 [Port 28]           [Port 27]                   [Ports 1-6] [Ports 7-12]
                                            /   \                       |                                  |           |
                                           /     \                      |                                  |           |
                                          /       \                     |                                  |           |
                                         /         \        [VLAN1, 100]            [WrkStns]   [WrkStns]
                                        /           \                                       [VLAN100]   [VLAN101]  
                   [Astaro GTWY  ] [MS Svr 2008]     
                   [VLAN1,100,101] [VLAN1      ]
    VLAN1   - Management
    VLAN100 - Main Network
    VLAN101 - Restricted Network
    I just put the main players on this setup.  The problem I was having is that the workstations wouldn't communicate with any of these devices.
    My problem was understanding how to use the web interface of the SG300 to get the devices to talk to the other devices.
    In the Cisco 3548 setup using the Cisco Networking Assistant you setup the ports to the VLANS was very staight forward.  Set 802.q and VLAN ID to the VLAN you wanted or ALL in
    the case of the Servers.
    With the Web interface, this is what I discovered:
    Under Create VLAN, I had to create VLAN 100 and 101
    Under Interface Settings, Set Ports g1-g6 to General.  Administrative PVID to 100.
    Then Set Ports g7 - g14 to General.  Administrative PVID to 101
    Then set Port g27 to General.  Administrative PVID left to 1
    Also set Port g28 to General.  Again, left PVID to 1
    Go to Port to VLAN settings;
    Change VLAN ID = to 100 press GO
    Select g1-g6 to untagged. Checked PVID box.  Also checked g13, g27, g28 to tagged.
    Changed VLAN ID = 101 Press GO
    Select g7-g14 to untagged.  Checked PVID box. Also checked g13, g28 to tagged.  Verified g27 to untagged.
    After that it was setup up like my old setup.  Everything communicating as it should.

  • SG300 voice vlan problem with UC520

    Hi Forumers'
    My problem statement:
    - refere to attached topology.png, this is how my network structure look like
    - the IP phone after boot cannot get connected, so it can't download the XML config file from UC520. suspicious switching problem.
    - my configuration shown at topology.png and my vlan voice config show as voice vlan setting.png
    - My requirement is SG300 switch single switchport to carry vlan data and vlan voice.
    - what is the trunking mode for voice VLAN siwth a IP phone+data should i configure? is it switchport voice vlan vvid, switchport voice vlan dot1p, switchport voice vlan untagged or switchport voice vlan none to suite above requirement?
    thanks
    Noel

    Hello Noel,
    Sorry for the late reply, things have been quite hectic around here lately
    1. Why use trunk? the UC520 only have vlan voice (vlan 20)
    Do you mean that the data VLAN is handled by another device ? Still I would leave it as a trunk in order to be able manage the UC through the data VLAN. (Unless for security or other reasons you would choose otherwise of course)
    2. The UC520 got CUE (voice messaging), how should i design the service module uplink to the core switch?
    Nothing in particular has to be done for this, CUE is handled and routed inside the UC520, the CUE vlan (default ID =90) is only used if you have another CUE in the network
    1. i guess i did this: swithcport tagged vlan 20, untagged vlan 10. is it ok for this setting?
    If the Voice Vlan on the switch and on the UC520 has been defined as VLAN 20 (default = VLAN 100) this is perfect. Verify if both on the UC and on the switch, the voice VLAN ID is set to 20.
    1. so if i just point the phone to vlan 20 (vlan voice), should i create the LLDP network policy?
    If you are ready to configure the VLAN manually on the phone, you don't need the LLDP policy, that is correct.
    The LLDP policy is being used for having the phones automatically choose the VLAN you defined, so you don't need to set it manually.
    Hope this answers your questions ?
    Best regards,
    Nico Muselle
    Sr. Network Engineer - CCNA

  • Need basic Help - SG300 with vlan and routing

    Hi,
    i need some basic help with configuring vlan/routing.
    Situation:
    DSL Router - Cisco 300 - XenServer
    192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
    goal is, to reach from inside xenserver vms the internet.
    vms = 192.168.2.x
    gateway ip = 192.168.2.1
    what i did:
    - configured vlan 102, tagged, with the xenserver port
    - configured on xenserver a network with vlan id 102, attached to the vm
    - this network is conntected to an external bond
    - configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
    - automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
    So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
    any ideas what i misconfigured or whats wrong?
    cheers,
    -Marco

    Hi Tom,
    ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
    But i cant ping external adresses, error: Destination net unreachable.
    My other problem i have, i cant reach any server from outside over router portforwarding.
    How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
    port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
    IPv4 Interface Table
    Interface
    IP Address Type
    IP Address
    Mask
    Status
    VLAN 1
    Static
    192.168.1.19
    255.255.255.0
    Valid
    Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
    the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
    when switching to layer 3 mode), but ive to look for the ios commands first.
    What else do i missing ?
    Thanks a lot,
    Marcus

  • SG300 DHCP VLAN requirements

    Hello,
    I was told I need either multiple DHCP server or DHCP server with multiple NIC or the DHCP server is capable to handle 802.1q to make the switch works with DHCP relay.
    Is that right?
    Thanks,

    Hi Matt, the SX300 cannot utilize the public IP addresses from the ISP for your clients to connect because it does not support NAT.
    I have the sense that is what you're attempting to do? Have a computer receive a private DHCP address then use the internet like normal like your current set up?
    -Tom
    Please mark answered for helpful posts
    http://blogs.cisco.com/smallbusiness/

  • No internet access on VLANs with RV042G and SG300

    I'm trying to set up a network for a small business which will have different offices, and so I want to separate them all by VLAN so that they cann't access each other's files. The problem is that I can't access the internet from any of the VLANs, including the default.
    The RV042G router is connected to the internet through the WAN1 port and has a static IP address of 10.4.1.1. I enables multiple subnets and added one for each of the VLANs (1 - admin, 10, 20, 30, 100 - guest). I also created static routes to the SG300 switch, which has an IP address of 10.4.1.2, 10.4.10.2, etc. The switch is in Layer 3 mode and is functioning as the DHCP server. I also have a wireless access point set up that broadcasts an SSID for each VLAN, however this is not the issue since no internet connection can be established wirelessly or with a wired connection.
    I am fairly certain it has something to do with the data not being correctly routed through from the internet to the client, however I can't seem to find what is configured incorrectly. If anyone could offer some suggestions it would be appreciated. Please let me know if you need more info, I have attached some of the configuration screens for reference.

    Hi Paul,
    Thanks for the suggestion, but I changed it from Gateway to Router and this didn't fix the problem, still no internet access.
    I have a cabel modem box that connects to the RV042G through WAN1, and then the RV042G connects to the SG300 through port 1 on the RV042G. On the RV042G, this port is set to VLAN1, while the port on the SG300 is set as a trunk port. The SG300 is then assigning IP addresses to the clients. It has 4 different VLANs created that go to different offices. Does this help you understand the setup any better?

  • SG300-28 Firmware 1.1.2.0 and 1.2.7.76 - Dynamic VLAN+freeRADIUS - Client get rejected

    Hello ladies and gentlemen,
    I am using several SG300-28 Switches with firmware version 1.1.2.0.
    I have dynamic VLAN enabled. As RADIUS server I am using freeradius 2.1.12.
    Authentication is only based on the MAC address. (I configured that on the switches)
    On the switches I created three VLANs. VLAN100 for the authenticated clients, VLAN200 for Management interface and VLAN300 as Guest VLAN. After a wrong authentication the clients should be put into this Guest VLAN immediately (I configured this on the switches).
    I am using Windows XP and Windows 7 clients in my network. I did not configure any EAP settings because I just wnat to use the MAC address.
    In most cases the dynamic VLAN assignment and authentication is working fine. The switch log says that the client is authenticated and the same I can see on freeradius log. But in some (rare) cases the client is rejected. The CISCO log says "MAC aa:bb:cc:dd:ee:ff was rejected on port ge17" but when I look at the freeradius log then this MAC address was successfully authorized.
    The problem is that the client gets an IP address based on the Guest VLAN300 but after that the switch seems to "switch" the VLAN on the port and then the client is authenticated correctly on the right VLAN but the client does not request a new IP on the new VLAN.
    If I unplug and re-plug the LAN cable in most cases the client get the correct VLAN and the correct IP.
    This is happening randomly on nearly all my PCs.
    I would really appreciate your help. Do I have to set some timers higher ? I don't think it is a problem between switch and RADIUS but a problem between communication of the host and the switch.
    Thank you very much for your help!
    Regrads
    Alexander Wilke

    This is from my CISCO log. The computer is always online but there are repeatingly rejects and then with a delay of some minutes an accept.
    2147483395
    2012-Aug-09 21:40:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483396
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483397
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483398
    2012-Aug-09 21:16:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483399
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483400
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483401
    2012-Aug-09 21:04:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483402
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483403
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483404
    2012-Aug-09 20:52:02
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483405
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483406
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483407
    2012-Aug-09 20:40:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483408
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483409
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483410
    2012-Aug-09 20:16:06
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483411
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483412
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483413
    2012-Aug-09 19:28:01
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483414
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483415
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483416
    2012-Aug-09 19:15:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483417
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483418
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483419
    2012-Aug-09 19:04:00
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483420
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483421
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483422
    2012-Aug-09 18:27:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483423
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483424
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized    
    Any ideas ?

  • SG300: How to set up routing between VLANs?

    I have recently purchased a Cisco SG300-10.  I need it to perform routing between two VLANs on the switch. Seems like this should be quick and easy to do from the built in GUI. When I configure it according to the documentation, it does not ropute between the VLANs.
    I have set the system mode to L3 (for level 3 switching).
    I have followed the instructions on pages 26 through 33 of the attached PDF (which I obtained from the Cisco site). I used the same ports on the switch and the same IP addresses as shown in the document.
    Everything works until I attempt the step "ping 10.1.1.10" on page 33. This is the step to verify the level 3 switching between the 2 PCs (on separate VLANs).
    The switch Firmware Version (Active Image): 1.3.5.58
    I have attached the running configuration from the switch. It is the file named "running-config.txt".   
    The 2 PCs that I am using are running Windows 7 and Windows 8.

    Hi jkst,
    There is a very minimum requirement to obtain layer 3 intervlan routing
    1- 2 VLAN in layer 3 mode assigned an IP address
    config t
    vlan database
    vlan 2
    int vlan 1
    ip address 192.168.1.1 /24
    int vlan 2
    ip address 192.168.2.1 /24
    2 - Active link state on each VLAN - Define a port for the second vlan then connect an IP device to that port and another device to another port since the rest of the ports will default to vlan 1
    config t
    int gi2
    switchport mode access
    switchport access vlan 2
    3 - Assign your device #1 that connects to any port an ip address on the same subnet as vlan 1
    Computer in vlan 1 IP info=
    192.168.1.100
    255.255.255.0
    192.168.1.1
    Computer in vlan 2 IP info-
    192.168.2.100
    255.255.255.0
    192.168.2.1
    Assuming these devices respond to ping and do not have external wireless communication, this will provide basic IP connectivity through the switch across vlans.
    -Tom
    Please mark answered for helpful posts

  • SG300 - Separating network using vlan?

    I am wondering what the best way to separate a network, both data, on a cisco SG300. I do not want network 1 to able to communicate with network 2 or vice versa.  I have one server for DHCP for network 1, 192.168.1.X. I would like network 2 to have ip of 10.0.0.X, can the cisco SG300 do dhcp for this vlan?
    Thank you for your help,
    Brian

    Hello Brian, the SX300 series do not support any DHCP service, you will need a router or a DHCP box for this. The SX300 can separate traffic with VLAN. However, as the default layer 2, all request will go to your router then route to the destinations. As the switch in layer 3 mode, you may have local connectivity, however, if your router does not support the vlans or dot1q encapsulation, the router would require static routes for those subnets to be able to correctly route to the internet.
    -Tom
    Please rate helpful posts

  • SG300 recommended setup for single vlan

    I have 4 SG300 switches running in their default configuration. 
    I have a single subnet and have been working just fine.
    I tried expanding my subnet from a /24 to a /23 but am having trouble communicating between old and new parts of the subnet.  Pings to the new part of the subnet work once or twice then stop. 
    What kind of setup is recommended for this?  Apparently the default config is blocking traffic to the new addresses, but I don't know why.
    I did verify that putting a single dumb switch in place fixes the problem.  I thought the default config fo these switches basically acts like a dumb switch, but I guess not.
    I also noticed that when pings stop going, if I look at the arp -a on the source PC, the MAC of the destination is a single Cisco brand Mac for ALL the devices on the new part of the subnet.
    I do understand IOS Vlan setups, but I'm consfused by the GUI terminology.  And don't know whether I can just continue using the single default VLAN or if I should create a new one. 

    Hello Chris,
    One thing that stood out to me was you said you are unable to ping from the old part of the subnet to the new, by that do you mean from clients still in the /24 to the /23?  Because they won't be able to communicate with each other unless the switch has a default gateway configured.  The switch doesn't do any routing, so it has to send traffic for a different subnet to some sort of router that knows where that other network is.
    There is a setting under Administration > Management Interface > IPv4 Interface.  After you setup a static IP for the switch and change it's prefix length to 23 you can specify a default gateway for the switch.  At that point (assuming your router is setup correctly) you should be able to ping from the /24 to the /23 addresses.
    I got this info from page 257 of the admin guide, where there is a note about inter-subnet communication. That guide is available here:
    http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
    I'm assuming however you will eventually be transitionin your entire network to /23, in which case just make sure everyone is on the same subnet mask and they will be able to communicate just fine, even without a router.
    Hope that helps, but if I got something wrong somewhere let me know and I will take another look.
    Christopher Ebert
    Network Support Engineer - Cisco Small Business Support Center
    *Please rate helpful posts*

  • Dynamic VLAN assignment on SG300

    Cisco documentation states that dynamic vlan assignment via RADIUS should provide the following IETF values:
    The RADIUS user attributes used for the VLAN ID assignment are:
    IETF 64 (Tunnel Type)—Set this to VLAN.
    IETF 65 (Tunnel Medium Type)—Set this to 802
    IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID
    I have done so with an Aruba Clearpass RADIUS server - but the Access-Accept message being sent below:
    Radius:IETF:Tunnel-Medium-Type     6
    Radius:IETF:Tunnel-Private-Group-Id     4
    Radius:IETF:Tunnel-Type     13
    is being received by the SG300 in some way that's not being interpreted correctly. Log files indicate that the IETF values are not what is expected:
    07-Aug-2014 18:58:41 :%SEC-W-SUPPLICANTUNAUTHORIZED: username teststudent with MAC 00:11:25:d8:42:83 was rejected on port gi2 because Radius accept message does not contain VLAN ID
    07-Aug-2014 18:58:41 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 65 ignored - tag should be 0
    07-Aug-2014 18:58:41 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 64 ignored - tag should be 0
    Is there something I'm missing here? These same values sent by the Clearpass RADIUS server are working for other switches such as Extreme and Brocade.
    Thanks,
    Aaron

    Hi Aleksandra,
    Here are the values from a packet capture of the Access-Accept message:

Maybe you are looking for

  • OS 7.0.4 Calenders do not work - they tell the date and THAT IS IT - Nothing else works in them.

    Thanks James Ward4 for YOUR informative and completely unhelpful reply! Maybe think about what your replied with in your post and next time before you start having a go other people mate have a good look at yourself! Really sad mate! Anyway, as I sta

  • Cannot save order due to credit block V1849

    In VA01, when I try to craete a sales order with Production order/ plan order , I get an information message saying that 'Subsequent function not possible due to credit block.' It is going into the incomplete logs and requires to provide details for

  • What's the best way to get user testing of our app (we're based in the UK)

    Hi all. We've just developed our first app for Palm and would really like to get some feedback from Palm users (our app allows users to take photos and send them as real printed postcards. We'd be very happy to give users free postcards in exchange f

  • Namespace is not shown in MWDS

    Hi Experts, I have created a namespace in the sld in the following manner In SLD, Name Reservation--> Name Prefixes, i have provided  Name Category as "Development Component Name " and on clicking New Name Prefix i have created a new name space. But

  • How do i clear email address memory

    suggestions for email contact include contacts that are no longer in use.  how do i clear those suggestions?  thanks.