SG300-28P QoS Question
Hello, I have SG300-28Ps as the PSE's for my IP telephone system. The phones are tagging their voice packets as DSCP 46 as directed by auto voice vlan. The QoS settings on the switch are at default - Basic Mode, Trust DSCP, strict priority, etc.
On the PBX itself, DB programming allows me to program the 'Type of Service' for the voice packets. The recommended value in the manual was 184 which makes sense, as this decimal value for ToS corresponds to DSCP 46, CoS 5, etc.
The question comes though, do I need to change the trust mode on the switch? I'm not real clear on the differences between them.
Regards,
-Brayton
Hi Brayton,the trust mode doesn't need to be changed. 802.1p specifies a 3 bit field called a PCP within the etherner frame header when using tagged vlan frames. This will contain a class of service priority.
The CoS is able to map to DSCP values. The DSCP has a 6 bit field called diffserv (differentiated service). CoS values are able to be mapped to DSCP values. Video is generally CoS 4 while voice is generally CoS 5. Within the SX300 you are able to manually set the mapping to any value you'd like. With trust mode, the switch will basically accept and agree with whatever the tagged ethernet frame contains. Without trust mode, the switch will remark the packet based on the PCP and DiffServ value to fit in to the different categories.
-Tom
Please mark answered for helpful posts
Similar Messages
-
SG300-28P: System LED not on. everything else working.
Hi Everyone,
Nice to meet you all.
I received an used SG300-28P today and immediately I found its System LED never lits. I upgraded the firmware to the latests but did not make any difference. So far I have configured the switch for my environment and everything is working fine including VLAN, L3 routing and PoE works on all ports.
I am puzzled, not sure what's wrong with it. In the System Summary of the Web GUI it indicates the System LED is constantly on. But the physical one is just dead (never lits including boot)
I hope its just the LED itself, the switch is definately out of warranty. What diagnostics can I run myself to understand it?
Thanks,
MarkHello Siming,
If everything is working properly on the switch, then you shouldn't be worried about the system led. The system led itself is simply not working.
This is the information you need to know about the system led:
Off - If the system led is off, it means the switch is not powered on (which in your case is false, since you told us the switch is working as it should, so that means you have a faulty led)
Green - If the system led is green, it means the switch working normally. If the system led is green and it flashes constantly, it means the switch is using the factory default IP address (192.168.1.254) to access to the switch. If it is solid green, it means that the switch has either an IP assigned via DHCP, or statically by the administrator.
Amber - If the system led is amber, it means there is a problem with the switch
As you can see, you won't be able to get information about the system led when is green or amber, since it is not working.
I would suggest that you properly configure system logs on the switch, perform constantly backups to the running/startup configuration, and keep track of which IP address you are using to access the switch GUI/CLI, that way if you forget your IP address, or if there is a problem with the switch, you know where to find the correct information.
Please let us know if you have further questions.
Alejandro Moncada
SBCD Engineer
[email protected] -
Securing SG300 28P PoE Swtich.
Greeting's, I would like to start by apologizing. I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a SG300-28P-PoE switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures (hand holding, I'm sorry).
I wanted step-by-step guidance of:
1. Locking down ports by MAC address.
2. DDoS protection.
3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.
4. Shutting down any services on the switch.
Any other recommended security steps to secure the switch.
Thanking in advance,
ParthHello Parth,
Thank you for using the Cisco Small Business forums. I am a eContent developer and part of the Small Business Support Community.
Looking over the questions that you've asked, I found a few articles that might help you with the configuration changes you'd like to make:
As Brandon mentioned, the Knowledge Base contains many documents with step-by-step procedures and screenshots for common tasks. Port-security is an excellent solution for the first problem. You can configure ports to lock down when a MAC address is changed:
Port Security
The SG300 security suite has many options for protecting against DDOS attacks:
DDOS
In regards to disabling/enabling services and restricting access to the web console, this article provides some guidance (uncheck the services that you do not wish to use-- in relation to your question, uncheck all except HTTPS):
Enabling SSH/Telnet/HTTP
I hope that these articles help to answer your question. Please remember to mark this question as answered and rate it if it helps to address your issue so other users can benefit from it, and feel free to ask any further questions you might have!
Best,
Gunner Grim
Cisco eContent Developer -
Hi There,
I was wondering if you could help me aviod a situation where the limit of 100IP's is reach on my client new site using 3 x SG300 28P switches.
I have 1 x SG300 28P in Layer 3 mode which is the default gateway for all the IP phones that will be installed. The PC's ont he network will use the existing default gateway which is another router. I will have another 2 x SG300 28P devices in layer 2 mode which are connected to the Layer 3 SG300 28P.
My question - Are the IP's that registered against the TCAM limit only the devies which physically plug into the SG300 28P switches ? I assume other computers on the network which are plugged into another switch and don't use the default gateway of the SG300 (its only for voice) they then wouldn't be registered in the TCAM ?
The site has around 65 computers currently and obviously plugging in 65 IP phones we're going to hit a limit of over 100 IP's. My thoughts were to potentially keep the computers and Phones seperate on a couple of the switches to keep the IP's in the TCAM to a minimum.. Is this possible?
Any advice would be welcomed!
BrettHi Thomas,
Thanks for the quick reply.
Just to confirm though, I want to be sure that the Layer 3 SG300 28P will have have all the IP phones from the other Layer switches using it as the default gateway for the voice VLAN - Obviously this will then register 60 + IP addresses. If I have the computers plugged into the back of the Phones (which is then into the SG300 switches) this will then register another 60 IP's correct? If I don't patch these computers into the phones and have them in a seperate switch then the TCAM address list doesn't care about these computer IP's? I do believe we'll have traffic routing from the computer to the phones even if they are on a different switch so would that then add these addresses to the TCAM?
The reason I ask this to be clear is that I read someone else going over the 100 limit and causing the network to slow down which with voice traffic I want to avoid...
Brett -
good morning, nice to saludoarles, I write because I have a problem with a model SG300-28p switch, I explain:
had run the company normally switch until one day we were completely without a net, the teams showed "Network cable unplugged" apparently the switch was off, but the surprise is that when I check it was on but no light encendia.
disconnect it and made several tests like changing electric outlet, try connecting the console, etc. .. All these attempts have been unsuccessful. when connected to the electrical outlet and turn the fans back link and poe leds light about half a second, then go off, the same happens when I disconnect the feeding.
I am looking for help and see if you can get up and running again, best regards and thanks for your attention
Pd: disculpme if I do not understand well, because my English level is very low and I am supporting in translators online.Hi John, It sounds like it is time to call SBCS support. It may need to be replaced. You may try to connect console cable and see if you see any interesting messages during boot.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
-- please remember to rate helpful posts -- -
SG300-28P - POE not correctly supported on all ports - possible firmware or hardware issue
So, I spent some time this weekend troubleshooting the issues I've had with the new SG300-28P switch and POE to many of my devices in the office. As a recap, I cannot utilize all of the 24 POE ports on the switch for POE purposes. Really only every other port [with a few odd combinations thrown in between]. In addition, the SG300-28P switch, on occasion, is sending POE to non-POE devices [e.g. my Ruckus Zone Director 1106].
Here are my POE devices [all 802.3 af-compliant]:
3 Ruckus 7982 access points
1 Pakedge access point
2 home-automation controllers
2 Polycom voip phones
I called Cisco support several times in regards to this problem, and they figured it was a hardware issue - a faulty switch. So, Cisco sent me a replacement SG300-28P, which I hooked up today. The exact problem still occurs. Default configuration [fresh out of the box]. No way I can land, for example, the 3 Ruckus 7982 AP's on ports 1, 2, and 3 [or ports 1,13, and 2]. I have to put them on ports 1, 3, and 5 in order for them to power up. In addition, I can't plug any other POE devices on the ports either between or below them. I had to skip another port bay. This is very odd behavior!! Two Cisco SG300-28P's in a row with the same problem.
However, I also had one of the new Cisco SG300-10P switches in my possession for a recent project of ours. I decided to hook up the same POE devices to this switch. ALL POE devices were recognized and worked! No need to skip a port. And it didn't matter what device was plugged in first or not. I am now convinced that it is either a hardware issue [bad power supply/transformer?] inside all of the SG300-28P switches, or a firmware issue.
Both of the SG300-28P switches were running firmware 1.1.2 [the latest on Cisco's website]. So, I decided to install an older firmware version on the SG300-28P switch that I'm returning [installed 1.1.1.8]. Here's what I found out. I could then plug 2 POE devices [e.g. two Ruckus AP's] in adjacent horizontal ports, but not three in a row. In addition, not all adjacent ports. It's funky. For example, I could plug an access point in ports 20 and 21, but not in 21 and 22. No rhyme or reason in how it worked. And I still couldn't plug an access point in adjacent vertical ports [e.g. ports 1 and 13]. BUT...
It's interesting that the same exact switch that would not initially allow 2 horizontally-adjacent POE ports to be utilized WOULD allow 2 horizontally-adjacent POE ports to be utilized when running a different firmware version. It's also interesting to note that when plugged into a "non-working" POE port, the SG300-28P would actually make a small whining noise. Very subtle noise; I could hear it when approx. 1ft away from the switch. The noise was not noticeable when ports were skipped [and POE actually worked]. Therefore, I believe that Cisco has some SG300-28P firmware bugs [at least in the last two versions of firmware] that is not truly allowing all 24 ports to utilize POE correctly. This problem does not exist with the SG300-10P switch.
I'm really interested to hear what Cisco's reply and findings on this matter would be. And would welcome a reply from one of their senior support team members/managers who could actually experiment with this, too. In addition, I'd like to know when they think a solution could be created if it's firmware-related. If hardware-related, I don't think I'll be recommending any 28P switches in our projects. Perhaps just the regular SG300-28 with a separate SG300-10P. It's a shame because the SG300-28P is more of a bargain when compared to the two separate components.show power inline
Port based power-limit mode
Unit Power Nominal Power Consumed Power Usage Threshold Traps
1 On 180 Watts 13 Watts (7%) 95 Disable
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
gi2 Never Off low class0
gi3 Auto Searching critical class0
gi4 Never Off low class0
gi5 Auto On critical class0
gi6 Never Off low class0
gi7 Auto On critical class2
gi8 Auto Searching low class0
gi9 Auto Searching low class0
gi10 Auto Searching low class0
gi11 Auto Searching low class0
gi12 Never Off low class0
gi13 Never Off low class0
gi14 Never Off low class0
gi15 Never Off low class0
gi16 Never Off low class0
gi17 Never Off low class0
gi18 Never Off low class0
gi19 Never Off low class0
gi20 Auto Searching low class0
gi21 Never Off low class0
gi22 Auto Searching low class0
[0mMore: , Quit: q or CTRL+Z, One line: gi23 Auto Searching low class0
gi24 Auto Searching low class0
show power inline gigabitethernet xx (for each device plugged in)
Port Powered Device State Status Priority Class
gi1 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 3
Invalid Signature Counter: 17583
Port Powered Device State Status Priority Class
gi2 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi3 Auto Searching critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - detection is in process
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 2
Invalid Signature Counter: 1
Port Powered Device State Status Priority Class
gi4 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi5 Auto On critical class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi7 Auto On critical class2
Power limit (for port power-limit mode): 15.400W
Port Status: Port is on - valid resistor detected
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi13 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 1
Invalid Signature Counter: 0
Port Powered Device State Status Priority Class
gi14 Never Off low class0
Power limit (for port power-limit mode): 15.400W
Port Status: Port is off - user setting
Overload Counter: 0
Short Counter: 0
Denied Counter: 0
Absent Counter: 0
Invalid Signature Counter: 0
show interfaces advertise gigabitethernet xx (for what ports are of interest)
Port: gi9
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi10
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi11
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi21
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi22
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - -
Port: gi23
Type: 1G-Copper
Link state: Down
Auto negotiation: Enabled
1000f 1000h 100f 100h 10f 10h
Admin Local link Advertisement yes no yes yes yes yes
Oper Local link Advertisement - - - - - -
Oper Remote link Advertisement - - - - - -
Priority Resolution - - - - - - -
Boot image upgrade for SG300-28P
Hi,
I have an SG300-28P and I need to upgrade both the boot & firrmware versions.
The problem is I can't find the boot file anywhere, the only file available on the Cisco downloads page is the firmware file ('.ros')
These are my current versions:
show ver
SW version 1.3.5.58 ( date 10-Oct-2013 time 17:15:41 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
And I get this warning at boot...
** Boot version is incompatible with the system image. **
** Some new features have been disabled. **
** Please update to newest boot version. **
Hence the need to upgrade.
Cheers Ianian-heath,
When you download:
Sx300 Firmware Version 1.3.5.58
Sx300_FW_Boot_1.3.5.58.zip
The zip file ha a copy of the firmware and also a copy of the boot code. The boot code needs to be upgraded via tftp server. After the boot code is upgraded, download and install the latest firmware Release 1.3.7.18. (No boot code with this one)
- Marty -
Is there a function or command to program the fans to "automatic" so that they only come on when the temperature becomes elevated? We find the noise level annoying. Thank you.
Hi,
The SG300-28p does not currently support automatic fan speed reduction.
Regards,
Jake -
SG300-28P noise level... (fan control)
Hello,
May be somebody can help me. In official information for SG300-28p noise level is 40.6 dB, but in fact its too noisy. Is it possible to change speed of fans? I use only 8 PoE ports.
Thanks in advance,
AndreyHi Andrey,
I placed a sound meter within 6 inches of the Right hand side of my SG300-28P and found a average dB level of 47
I rested a sound meter on top of my SG300-28P and found a average dB level of 59-60dB .
I used my motorola atria phone in conjunction with a Sound Meter ver 1.4.3 dB meter app to perform the measurements.
My measurements were not done according to any standards based approach for measurements of sound level of machines.
Conversation in restaurant, office, background music, Air conditioning unit at 100 ft
60
Half as loud as 70 dB. Fairly quiet
Quiet suburb, conversation at home. Large electrical transformers at 100 ft
50
One-fourth as loud as 70 dB.
Library, bird calls (44 dB); lowest limit of urban ambient sound
40
One-eighth as loud as 70 dB.
reference :http://www.industrialnoisecontrol.com/comparative-noise-examples.htm
My unit is no more than 3 feet from my left ear, and I do not find the sound distracting..but noise/sound is subjective.
The fans on the SG300-28P are not adjustable.
regards Dave -
SG300-28P and aironet access points
Dear support,
does Cisco SG300-28P provide enough PoE to power access points 1550 and 1600?
Thank youHi Mireille, it should. The 1550 is 802.3af compliant.
The 1600 may be interesting because it can actually draw up to 15.4 watt of power and you may run into limitations of cable. It is also 802.3af compliant.
-Tom
Please mark answered for helpful posts -
I have a new SG300-28P, I am unable to connect. After logging in the switch stops at 70% Processing Date. I have try Chrome, IE, and Firefox.
I am not sure of the fireware ver. I do not want to reset to the factory default because there is no backup and I am not sure of the
configuration.Hi Tony, this is going to be purely an issue with the computer/browser, etc.
I;d recommend swapping to a different computer or fully update the one you're using including latest Java.
-Tom
Please mark answered for helpful posts -
Hello,
How does one remotely access a SG300-28P?
Thanks, PetePete,
Of course you will need to have a default gateway(many people forget) and open a port though your router(as marty suggested) for inbound connections to the switch.
Hope this helps,
Jasbryan -
VLAN communication between 2 SG300-28P using one LAG
Hi,
I have 2 SG300-28P without a router used for back-end network usage.
The switches are configured in L2.
I would like to configure on both switches:
The default VLAN with Id 90
One VLAN with Id 80 to access the databases
One VLAN with Id 70 to access the backup server
One agregate with ports 25/26/27/28
Ports 1 to 8, 13 to 20 with VLAN 80 (90UP/80T)
Ports 9 to 12, 21 to 24 with VLAN 70 (70UP)
Computers connecting in VLAN 70 will only talk to VLAN 70.
I would like to use the access mode for ports in VLAN 70.
Computers connecting in VLAN 80 will only talk to VLAN 80.
It seems that the servers on VLAN 80 on switch 1 can communicate with servers on VLAN 80 on switch 2.
My problem is that the servers on VLAN 70 on switch 1 don't access the servers on VLAN 70 on switch 2.
I suppose that this is due to the LAG 25/26/27/28 configured 90UP.
Any idea to resolve this problem?The LAG is like any other link. It is configurable. You should be able to log the cli
config t
int po1
switchport mode trunk
switchport trunk native vlan 90
switchport trunk allowed vlan add 70,80
-Tom
Please rate helpful posts -
SG300-28P Multicast (IGMP) and IGMP routing..
A brief background on the setup:
I recently switched out my switch. It was a Cisco 3750 10/100 switch and I wanted to upgrade to Gig. The cost of a Gig+POE 3750 is too much to bite so I opted for the SG300. My router is a Cisco 891. Here is the setup:
Cisco 891:
two SVI's: vlan1 and vlan 100
Vlan1 = 10.0.1.1/24
Vlan100 = 10.0.100.2/24
Connected to SG300 via Fa0
DHCP Server for vlan1+vlan100
Cisco SG300-28P:
two SVI's: vlan 1 and vlan 100
vlan 1 = 10.0.1.21/24
vlan 100 = 10.0.100.1/24
Connected to 891 on via Gi18
The connection between 891 and SG300 = trunk, vlan1-u, vlan100-t
The problem:
With the 891+3750, I was able to add "ip pim sparse-dense-mode" on all the SVI's and hosts could join any multicast group, irregardless of which vlan the host was a member of.
Now I've changed switches, and I dont get the same love. I have the PIM statement on both SVI's on the 891, but Im unsure of what I need to configure on the SG300. I have enabled "Bridge multicast filtering" + "IGMP snooping". What can I do to get similar functionality using the SG300 + 891? I assume this is my lack of understanding IGMP in general, but was able to get away with it using the PIM statements on the 891+3750 stack.
JeffYou should be able to filter unregisted multicast on every port.
To be able to pass multicast over subnets two things must be certain, the node/device is able to send and receive multicast packets but also register the multicast address being listened to by the node so the local and remote routers can route the multicast packets.
When the switch learns a multicast address through IGMP snooping, this is a registered multicast. The switch will only forward multicast to ports that are registered to the multicast group. Where unregistered multicast comes in, is the multicast that is not statically defined or learned through IGMP which in turn will be forwarded to all ports of the vlan. -
Problem with switch SG300-28P Poe and Avaya 1408 telephone
Hi Team
We have a model SG300-28P Switch 28-Port Gigabit PoE Managed Switch, in every port we are allowing the voice VLAN and data VLAN (trunk), happens to be off this type of phone, we reconnect the cable and port the switch is dropped, so that the voice vlan phone is lost and no longer work.
Thanks for your comments.
RegardsHi Yesenia, did you contact Avaya support? Did you configure the phone for a voice and data vlan?
I'm trying to dig through the Avaya website and looking at the fact sheet and user guide it has no mention of VLAN.
Is the switch supported for the usage of Avaya Aura Communication Manager call processing system?
-Tom
Please mark answered for helpful posts
Maybe you are looking for
-
Server load balancing for application access using multiple servers
1.what are the methods supported by cisco switches for load balancing 2. I want to achive users to access 1 particular ip from different locations but phsically few servers which handle the application and data
-
File transfer hung up on "Validating Device"
I have added my husband's Vista PC - passkey exchanged - paired and connection on in control panel. He can send me files. When I try to send him something it hangs up on "validating device". He has his computer set to accept files. Any suggestions?
-
Ipad's touchscreen doesn't work properly.
Suddenly the touchscreen started dont responding properly .It has a month that i bought it and it was working normally until i was playing a game . I tried to restart it and pressing/heloding the sleep/wake button but still the problem is there . I h
-
Fiori Theme Designer: Target Content not saved
Hello, I have created a theme based on the blue crystal theme. At first I entered the link to the application (URL to launchpad) and add the name of the application (eg "Launchpad"). Now I press the "Add" button and a new entry is created as shown in
-
Advice on inserting data at parent level
Hi experts, I would need some advice on how can I enter data at parent level. As we cannot enter data at parent level I am figuring out different strategies to do so. The one I seem to like the most is to create members representing the parents where