SG300-28P Multicast (IGMP) and IGMP routing..
A brief background on the setup:
I recently switched out my switch. It was a Cisco 3750 10/100 switch and I wanted to upgrade to Gig. The cost of a Gig+POE 3750 is too much to bite so I opted for the SG300. My router is a Cisco 891. Here is the setup:
Cisco 891:
two SVI's: vlan1 and vlan 100
Vlan1 = 10.0.1.1/24
Vlan100 = 10.0.100.2/24
Connected to SG300 via Fa0
DHCP Server for vlan1+vlan100
Cisco SG300-28P:
two SVI's: vlan 1 and vlan 100
vlan 1 = 10.0.1.21/24
vlan 100 = 10.0.100.1/24
Connected to 891 on via Gi18
The connection between 891 and SG300 = trunk, vlan1-u, vlan100-t
The problem:
With the 891+3750, I was able to add "ip pim sparse-dense-mode" on all the SVI's and hosts could join any multicast group, irregardless of which vlan the host was a member of.
Now I've changed switches, and I dont get the same love. I have the PIM statement on both SVI's on the 891, but Im unsure of what I need to configure on the SG300. I have enabled "Bridge multicast filtering" + "IGMP snooping". What can I do to get similar functionality using the SG300 + 891? I assume this is my lack of understanding IGMP in general, but was able to get away with it using the PIM statements on the 891+3750 stack.
Jeff
You should be able to filter unregisted multicast on every port.
To be able to pass multicast over subnets two things must be certain, the node/device is able to send and receive multicast packets but also register the multicast address being listened to by the node so the local and remote routers can route the multicast packets.
When the switch learns a multicast address through IGMP snooping, this is a registered multicast. The switch will only forward multicast to ports that are registered to the multicast group. Where unregistered multicast comes in, is the multicast that is not statically defined or learned through IGMP which in turn will be forwarded to all ports of the vlan.
Similar Messages
-
How to configure IGMP routing right?
My server need to pass multicast UDP streams from physical NIC to a virtual NIC. Network layout is this: Ubuntu Server (ffmpeg) in Hyper-V <---> Windows Server (Wowza) <---> Multicast subnet.
Here is what I've done: Enabled RRAS service. Added IGMP protocol to IPv4 routing. Added pNIC and vNIC as interfaces. pNIC is in Proxy mode, vNIC is in Router mode.
That way I can at least see: 1) new records in IGMP group table when someone is requesting IGMP membership, 2) UDP packets flooding pNIC multicast interface when request from vNIC is received. However, I can't listen vNIC interface with Wireshark from guest
or host by some reason so I don't know if packets are actually reaching the player on VM. I assume they aren't, because I can't play it with VLC or ingest the stream by ffmpeg (but who knows, maybe it just can't be played in Hyper-V?).
If both interfaces are in IGMP router mode, no UDP traffic can be detected.
The question is where exactly the problem is. That Router/Proxy layout I've did seems to be "one-way". But I think in theory it is possible that both subnets have their own multicasts, and both subnets can have different consumers to play all those
multicast streams, so that Windows should route it correctly both ways.
Did I configured IGMP routing on Windows Server correctly? Because I'm not really sure.
Update:I tried to restream the udp-stream via VLC Player right into Ubuntu VM's interface. This way ffmpeg was able to catch something. It has another problems, though, but clearly is receiving some data now. So IGMP isn't configured right
by me, right? Then the topic question is the actual question.Hi,
To verify if the VM receives the multicast packet, please try to perform a network capture by using Network Monitor.
To download Network Monitor, please click the link below,
Microsoft Network Monitor 3.4 (archive)
https://www.microsoft.com/en-hk/download/details.aspx?id=4865
If the packets are revceived, it should be an software issue. Please check the settings of Ubuntu.
If the packets are not received, due to it is more related to Hyper-V, to get better help, please post this question on the Hyper-V forum.
Here is the address,
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverhyperv
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Enabling VM Guest NLB w/Multicast IGMP on 2012 Hyper-V host w/ converged SCVMM fabric switch
What a mouthful.
As short as possible:
WHAT I'M ATTEMPTING:
I'm trying to build a new NLB cluster for a 2008 R2 SP1 Remote Desktop Services farm. And I'm trying to do it the right way, with multicast igmp, not unicast.
The two guest VMs with NLB install converge fine. VIP gets this:
IP: 192.168.100.157
MAC: 01-00-5e-7f-64-9d
NLB NIC is on the same VLAN & "Converged switch" in VMM as our mgmt/server traffic (That is to say it's on production VLAN, not on a separate vlan)
PROBLEM:
Can't ping 100.157. From VM guest itself, from host, or from Cisco 6509 switch.
Cisco show mac address lookup does not see that MAC anywhere
show ip igmp groups shows not igmp traffic at all. Clearing counters show sno multicast increment.
FURTHERMORE:
Host is setup thusly:
- Dell R810
- 8x1GbE Broadcom 5709c in a Server 2012 LACP/HASH team built via VMM powershell cmdlets
- On the physical switch side, those 8 nics are in a Cisco port-channel, trunked, all VLANs allowed
- Host has no "physical" nics per se, as in a 2008 R2 hyper-v host. Instead Host has these:
Set-VMNetworkAdapter -ManagementOS -Name "Live Migrate" -MinimumBandwidthWeight 35
Set-VMNetworkAdapter -ManagementOS -Name "MGMT" -MinimumBandwidthWeight 25
Set-VMNetworkAdapter -ManagementOS -Name "CSV" -MinimumBandwidthWeight 40
Set-VMNetworkAdapter -ManagementOS -Name "iSCSI #1" -MinimumBandwidthWeight 0
Set-VMNetworkAdapter -ManagementOS -Name "iSCSI #2" -MinimumBandwidthWeight 0
Set-VMNetworkAdapter -ManagementOS -Name "Aux" -MinimumBandwidthWeight 0
Get-VMSwitch outputs this on the converged v-switch:
ComputerName : My-host
Name : My awesome switch
Id : e2377ce3-12b4-4243-9f51-e14a21f91844
Notes :
SwitchType : External
AllowManagementOS : True
NetAdapterInterfaceDescription : Microsoft Network Adapter Multiplexor
Driver
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovEnabled : False
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
BandwidthPercentage : 0
BandwidthReservationMode : Weight
DefaultFlowMinimumBandwidthAbsolute : 0
DefaultFlowMinimumBandwidthWeight : 1
Extensions : {Microsoft NDIS Capture, Microsoft
Windows Filtering Platform, Microsoft
VMM DHCPv4 Server Switch Extension}
IovSupport : False
IovSupportReasons : {This network adapter does not support
SR-IOV.}
IsDeleted : False
Question:
Aside from a few of my favorite MS MVPs (shout out to
WorkingHardInIt for having this same question), I can't find much documentation on employing 2008 R2 NLB on guest VM within a fabric-oriented, VMM-built 2012 Hyper-Visor converged switch (no network virtualization...yet).
Yes I know all about VMM NLB but 1) I'm trying to wedge NLB in after building these VMs without a service template (NLB is the audible, essentially) and 2) MS NLB is configured in providers & I've created requisite VIP templates.
Even so, I ought to be able to create an NLB cluster without VMM's assistance in this scenario correct? Suboptimal, I know but possible, yes? Essentially I've put to synthetic NICs on each VM, set IPs manually, and assigned them to the same vlan. I can ping
each synthetic NIC, but not the cluster IP.
And yes: these particular vNICs have Mac Address Spoofing enabled.
Cisco:
I have a TAC case open with Cisco, but they can't quite figure it out either. IGMP Snooping enabled across the switch. And they insist that the old static arp entry to resolve this problem is no longer necessary, that Microsoft now complies with relevant
RFCs
Possible SOlution:
Only thing I can think of is flipping MulticastForwarding param below from disabled to enabled. Anybody ever tried it on a converged virtual switch on the Hyper visor? Is my virtual converged switch protecting
me from multicast igmp packets?
PS C:\utilities> Get-NetIPv4Protocol
DefaultHopLimit : 128
NeighborCacheLimit(Entries) : 1024
RouteCacheLimit(Entries) : 128
ReassemblyLimit(Bytes) : 1560173184
IcmpRedirects : Enabled
SourceRoutingBehavior : DontForward
DhcpMediaSense : Enabled
MediaSenseEventLog : Disabled
IGMPLevel : All
IGMPVersion : Version3
MulticastForwarding : Disabled
GroupForwardedFragments : Disabled
RandomizeIdentifiers : Enabled
AddressMaskReply : Disabled
Thanks for any thoughts.
RobertSorry for the poor follow-up Steven. We are using Server 2012 Hyper-V, not VMWare, on the hosts. You can close this but for the benefit of anyone who comes across it:
After working with Cisco, we decided not to implement multicast IGMP. Cisco says you still need to create a static ARP entry on the physical switch, though my cluster IP address & Microsoft NLB 2008 R2 were set up with igmp multicast, not multicast or
unicast. Here was his email:
Yes, we will need the static mapping for the NLB server in this case because the NLB mac address is multicast and the IP address is unicast. I was under the impression that even the server would be using IGMP but that’s not
the case. We won’t need to do the mapping for the nodes though if they use IGMP. To this end, following is the configuration that should make this work.rp 192.168.100.157
0100.5e7f.649d arpa
<u5:p></u5:p>
mac address-table static 0000.0000.649d vlan <> interface <> disable-snooping
ßThis is the switch interface where the NLB server is located<u5:p></u5:p>
interface vlan<>
<u5:p></u5:p>
ip pim sparse-dense-mode <- This is needed for the switch to elicit IGMP joins from the nodes<u5:p></u5:p>
end<u5:p></u5:p>
I don't think it got through to him that there was a virtual Layer 2/3 Hyper-V switch on top of 8 teamed GbE interfaces in LACP/hash. "Where the NLB server is located" = 1)a Cisco port-channel bound to one of six physical hosts; the NLB VM itself could be
on any of those port channels at any given time (We have a six node Hyper-V cluster).
Once I enabled pim I did see activity; but we killed this later as we realized we'd have to implement the same on 40+ managed routers globally
Anyway we further would have had to implement this across managed routers at 40 sites globally according to Cisco.
Robert -
Multicast (IGMP) in new air port extreme??
multicast (IGMP) in new air port extreme??
You can get to IGMP settings going to AirPort utility. In network tab there are extended network options tab then enable IGMP tracking (or something like this, I don't know how it named in english version)
Ed.
But! If you enable this option, this won't get multicast to you.
You still won't connect to multicast streams on 224.0.0.0-224.0.0.255
Message was edited by: A1l3 -
SG300-28P and aironet access points
Dear support,
does Cisco SG300-28P provide enough PoE to power access points 1550 and 1600?
Thank youHi Mireille, it should. The 1550 is 802.3af compliant.
The 1600 may be interesting because it can actually draw up to 15.4 watt of power and you may run into limitations of cable. It is also 802.3af compliant.
-Tom
Please mark answered for helpful posts -
Problem with switch SG300-28P Poe and Avaya 1408 telephone
Hi Team
We have a model SG300-28P Switch 28-Port Gigabit PoE Managed Switch, in every port we are allowing the voice VLAN and data VLAN (trunk), happens to be off this type of phone, we reconnect the cable and port the switch is dropped, so that the voice vlan phone is lost and no longer work.
Thanks for your comments.
RegardsHi Yesenia, did you contact Avaya support? Did you configure the phone for a voice and data vlan?
I'm trying to dig through the Avaya website and looking at the fact sheet and user guide it has no mention of VLAN.
Is the switch supported for the usage of Avaya Aura Communication Manager call processing system?
-Tom
Please mark answered for helpful posts -
SG300-28P: System LED not on. everything else working.
Hi Everyone,
Nice to meet you all.
I received an used SG300-28P today and immediately I found its System LED never lits. I upgraded the firmware to the latests but did not make any difference. So far I have configured the switch for my environment and everything is working fine including VLAN, L3 routing and PoE works on all ports.
I am puzzled, not sure what's wrong with it. In the System Summary of the Web GUI it indicates the System LED is constantly on. But the physical one is just dead (never lits including boot)
I hope its just the LED itself, the switch is definately out of warranty. What diagnostics can I run myself to understand it?
Thanks,
MarkHello Siming,
If everything is working properly on the switch, then you shouldn't be worried about the system led. The system led itself is simply not working.
This is the information you need to know about the system led:
Off - If the system led is off, it means the switch is not powered on (which in your case is false, since you told us the switch is working as it should, so that means you have a faulty led)
Green - If the system led is green, it means the switch working normally. If the system led is green and it flashes constantly, it means the switch is using the factory default IP address (192.168.1.254) to access to the switch. If it is solid green, it means that the switch has either an IP assigned via DHCP, or statically by the administrator.
Amber - If the system led is amber, it means there is a problem with the switch
As you can see, you won't be able to get information about the system led when is green or amber, since it is not working.
I would suggest that you properly configure system logs on the switch, perform constantly backups to the running/startup configuration, and keep track of which IP address you are using to access the switch GUI/CLI, that way if you forget your IP address, or if there is a problem with the switch, you know where to find the correct information.
Please let us know if you have further questions.
Alejandro Moncada
SBCD Engineer
[email protected] -
Hello,
How does one remotely access a SG300-28P?
Thanks, PetePete,
Of course you will need to have a default gateway(many people forget) and open a port though your router(as marty suggested) for inbound connections to the switch.
Hope this helps,
Jasbryan -
Hi There,
I was wondering if you could help me aviod a situation where the limit of 100IP's is reach on my client new site using 3 x SG300 28P switches.
I have 1 x SG300 28P in Layer 3 mode which is the default gateway for all the IP phones that will be installed. The PC's ont he network will use the existing default gateway which is another router. I will have another 2 x SG300 28P devices in layer 2 mode which are connected to the Layer 3 SG300 28P.
My question - Are the IP's that registered against the TCAM limit only the devies which physically plug into the SG300 28P switches ? I assume other computers on the network which are plugged into another switch and don't use the default gateway of the SG300 (its only for voice) they then wouldn't be registered in the TCAM ?
The site has around 65 computers currently and obviously plugging in 65 IP phones we're going to hit a limit of over 100 IP's. My thoughts were to potentially keep the computers and Phones seperate on a couple of the switches to keep the IP's in the TCAM to a minimum.. Is this possible?
Any advice would be welcomed!
BrettHi Thomas,
Thanks for the quick reply.
Just to confirm though, I want to be sure that the Layer 3 SG300 28P will have have all the IP phones from the other Layer switches using it as the default gateway for the voice VLAN - Obviously this will then register 60 + IP addresses. If I have the computers plugged into the back of the Phones (which is then into the SG300 switches) this will then register another 60 IP's correct? If I don't patch these computers into the phones and have them in a seperate switch then the TCAM address list doesn't care about these computer IP's? I do believe we'll have traffic routing from the computer to the phones even if they are on a different switch so would that then add these addresses to the TCAM?
The reason I ask this to be clear is that I read someone else going over the 100 limit and causing the network to slow down which with voice traffic I want to avoid...
Brett -
good morning, nice to saludoarles, I write because I have a problem with a model SG300-28p switch, I explain:
had run the company normally switch until one day we were completely without a net, the teams showed "Network cable unplugged" apparently the switch was off, but the surprise is that when I check it was on but no light encendia.
disconnect it and made several tests like changing electric outlet, try connecting the console, etc. .. All these attempts have been unsuccessful. when connected to the electrical outlet and turn the fans back link and poe leds light about half a second, then go off, the same happens when I disconnect the feeding.
I am looking for help and see if you can get up and running again, best regards and thanks for your attention
Pd: disculpme if I do not understand well, because my English level is very low and I am supporting in translators online.Hi John, It sounds like it is time to call SBCS support. It may need to be replaced. You may try to connect console cable and see if you see any interesting messages during boot.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
-- please remember to rate helpful posts -- -
SG300-28P - POE not correctly supported on all ports - possible firmware or hardware issue
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]:
3 Ruckus 7982 access points
1 Pakedge access point
2 home-automation controllers
2 Polycom voip phones
I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
I'm really interested to hear what Cisco's reply and findings on this matter would be. And would welcome a reply from one of their senior support team members/managers who could actually experiment with this, too. In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.show power inline
Port based power-limit mode
Unit Power Nominal Power Consumed Power Usage Threshold Traps
1 On 180 Watts 13 Watts (7%) 95 Disable
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
gi2 Never Off low class0
gi3 Auto Searching critical class0
gi4 Never Off low class0
gi5 Auto On critical class0
gi6 Never Off low class0
gi7 Auto On critical class2
gi8 Auto Searching low class0
gi9 Auto Searching low class0
gi10 Auto Searching low class0
gi11 Auto Searching low class0
gi12 Never Off low class0
gi13 Never Off low class0
gi14 Never Off low class0
gi15 Never Off low class0
gi16 Never Off low class0
gi17 Never Off low class0
gi18 Never Off low class0
gi19 Never Off low class0
gi20 Auto Searching low class0
gi21 Never Off low class0
gi22 Auto Searching low class0
[0mMore: , Quit: q or CTRL+Z, One line: gi23 Auto Searching low class0
gi24 Auto Searching low class0
show power inline gigabitethernet xx (for each device plugged in)
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 3
Invalid Signature Counter: 17583
Port Powered Device State Status Priority Class
gi2 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi3 Auto Searching critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - detection is in process
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 2
Invalid Signature Counter: 1
Port Powered Device State Status Priority Class
gi4 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi5 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi7 Auto On critical class2
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi13 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 1
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi14 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
show interfaces advertise gigabitethernet xx (for what ports are of interest)
Port: gi9
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi10
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi11
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi21
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi22
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi23
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - - -
Boot image upgrade for SG300-28P
Hi,
I have an SG300-28P and I need to upgrade both the boot & firrmware versions.
The problem is I can't find the boot file anywhere, the only file available on the Cisco downloads page is the firmware file ('.ros')
These are my current versions:
show ver
SW version 1.3.5.58 ( date 10-Oct-2013 time 17:15:41 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
And I get this warning at boot...
** Boot version is incompatible with the system image. **
** Some new features have been disabled. **
** Please update to newest boot version. **
Hence the need to upgrade.
Cheers Ianian-heath,
When you download:
Sx300 Firmware Version 1.3.5.58
Sx300_FW_Boot_1.3.5.58.zip
The zip file ha a copy of the firmware and also a copy of the boot code. The boot code needs to be upgraded via tftp server. After the boot code is upgraded, download and install the latest firmware Release 1.3.7.18. (No boot code with this one)
- Marty -
Securing SG300 28P PoE Swtich.
Greeting's, I would like to start by apologizing. I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a SG300-28P-PoE switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures (hand holding, I'm sorry).
I wanted step-by-step guidance of:
1. Locking down ports by MAC address.
2. DDoS protection.
3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
4. Shutting down any services on the switch.
Any other recommended security steps to secure the switch.
Thanking in advance,
ParthHello Parth,
Thank you for using the Cisco Small Business forums. I am a eContent developer and part of the Small Business Support Community.
Looking over the questions that you've asked, I found a few articles that might help you with the configuration changes you'd like to make:
As Brandon mentioned, the Knowledge Base contains many documents with step-by-step procedures and screenshots for common tasks. Port-security is an excellent solution for the first problem. You can configure ports to lock down when a MAC address is changed:
Port Security
The SG300 security suite has many options for protecting against DDOS attacks:
DDOS
In regards to disabling/enabling services and restricting access to the web console, this article provides some guidance (uncheck the services that you do not wish to use-- in relation to your question, uncheck all except HTTPS):
Enabling SSH/Telnet/HTTP
I hope that these articles help to answer your question. Please remember to mark this question as answered and rate it if it helps to address your issue so other users can benefit from it, and feel free to ask any further questions you might have!
Best,
Gunner Grim
Cisco eContent Developer -
SG300-28P noise level... (fan control)
Hello,
May be somebody can help me. In official information for SG300-28p noise level is 40.6 dB, but in fact its too noisy. Is it possible to change speed of fans? I use only 8 PoE ports.
Thanks in advance,
AndreyHi Andrey,
I placed a sound meter within 6 inches of the Right hand side of my SG300-28P and found a average dB level of 47
I rested a sound meter on top of my SG300-28P and found a average dB level of 59-60dB .
I used my motorola atria phone in conjunction with a Sound Meter ver 1.4.3 dB meter app to perform the measurements.
My measurements were not done according to any standards based approach for measurements of sound level of machines.
Conversation in restaurant, office, background music, Air conditioning unit at 100 ft
60
Half as loud as 70 dB. Fairly quiet
Quiet suburb, conversation at home. Large electrical transformers at 100 ft
50
One-fourth as loud as 70 dB.
Library, bird calls (44 dB); lowest limit of urban ambient sound
40
One-eighth as loud as 70 dB.
reference :http://www.industrialnoisecontrol.com/comparative-noise-examples.htm
My unit is no more than 3 feet from my left ear, and I do not find the sound distracting..but noise/sound is subjective.
The fans on the SG300-28P are not adjustable.
regards Dave -
I have a new SG300-28P, I am unable to connect. After logging in the switch stops at 70% Processing Date. I have try Chrome, IE, and Firefox.
I am not sure of the fireware ver. I do not want to reset to the factory default because there is no backup and I am not sure of the
configuration.Hi Tony, this is going to be purely an issue with the computer/browser, etc.
I;d recommend swapping to a different computer or fully update the one you're using including latest Java.
-Tom
Please mark answered for helpful posts
Maybe you are looking for
-
Problem in upgrading obiee 11g
HI I Installed obiee 11g successfully and while running upgrade assistant after giving web logic server port address i m getting an error as router to destination not available In my system there is no OBIEE 10g software and i have only that 10g rpd
-
Accessing Application Scope from an EJB
I'm not sure of the best way of doing this: The set up: We have a rather large J2EE application that is composed of only servlets and JSPs at the moment (When the application began development EJB was in its infancy and not feasible for the developme
-
Could anybody tell me which is better between Aperture and Lightroom 4 please. I need to decide Badrakumar
-
Java -a more professional look
Hello, Does anyone know an example of building a commercial application, where I can see the phases and understand why each part is useful. Until now I only worked on small applications, and now I plan on building a more advanced one. I would like to
-
Wondering what would be required to pick sales orders by promise date. I understand that Schedule Ship Date and Customer Requested Date are the only fields identified on the Pick Release form, but I was wondering if anyone has made this type of modif