Trouble with Mangement VLAN on SF300-24P

This should be really simple for you guys.
The SF300 Switch is in Layer 2 Mode. I have 3 VLANs configured on this switch:
VLAN1 - Default VLAN
VLAN2 - Wireless
VLAN3 - Video (management VLAN)
I moved the management VLAN from VLAN1 to VLAN3.
I have a single uplink going from the cisco switch to a core 3com Switch (uplink ports on both ends are tagging VLAN2 and VLAN3).
Now, from my 3Com switch, I can ping my VLAN3 endpoints. However, I cannot ping the management interface. If I plug a laptop directly to a VLAN3 access port on the Cisco switch, I don't have any problems. But I cannot ping it from my 3Com switch.
Any idea? Is it possible that management interface is not accepting my request because the management interface on VLAN3 is receiving tagged packets from the 3Com switch?
Wondering if the only way to fix this is to turn on layer 3 mode.
Thanks guys.

The default vlan is the management vlan in layer 2. The IP address resides on vlan 1 currently.
-Tom
Please mark answered for helpful posts

Similar Messages

TROUBLE with SF300-24P

Hi
Actually we have the follow diagrame:
When put the SF300-24P on the remote node we have troubles with pass the vlan tag from voice and data on the same port but when put on access port to the vlan voice and data the dispositives have the correct funtion.
someone have something about of this trouble?
the firmeware actually on the switch es 1.2
Best Regards

Hi,
We follow the procedure as You said Us, and now the CP3905 learned the vlan correctly through CDP.
This is the Show Run now:
#sh run
interface gi1
spanning-tree link-type point-to-point
exit
vlan database
vlan 320-322
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no lldp run
interface fastethernet2
lldp med disable
exit
interface vlan 322
ip address 10.1.208.100 255.255.240.0
exit
ip route 0.0.0.0 0.0.0.0 10.1.208.1
[0mMore: , Quit: q or CTRL+Z, One line:
bonjour interface range vlan 1
hostname switch06e3d7
ip ssh server
no snmp-server server
ip telnet server
interface fastethernet2
macro description "ip_phone_desktop | no_ip_phone_desktop"
exit
interface fastethernet3
macro description "ip_phone_desktop | no_ip_phone_desktop"
exit
interface gigabitethernet1
macro description "switch | no_switch | switch"
exit
interface fastethernet2
no macro auto smartport
switchport trunk allowed vlan add 321
switchport trunk native vlan 320
exit
interface gigabitethernet1
!next command is internal.
macro auto smartport dynamic_type switch
[0mMore: , Quit: q or CTRL+Z, One line:
switchport trunk allowed vlan add 320-322
exit
Thanks for Your support
Best Regards,
AJ

SF300-24P VLAN Confusion - autosmartport not being too smart?

Hi Everyone, first question i've posted, i'll try and give as much information as possible, i'm an extremely quick learner as well and have been around networking for nearly 20 years but this is my first outing into the medium sized VoIP deployment with prioritised LAN traffic and a client that is itching to say "told you so" about using IP phones.
I have 4 x SF300-24P switches in a network i'm deploying, 1 will be adjacent to the router (a draytek Vigor 3200 - 4xWAN Gigabit) and the other 3 will be trunked using the GE/01-GE/03 ports to the main switch and will then distribute through a patch panel to give me 96 network ports with PoE capability where required. There will be 30+ IP Phones on the network, all of which are Yealink T38G SIP handsets.
I want to have two VLAN's - one for regular workstations, and one for IP Phones with the IP Phone VLAN getting high prority for its traffic on the LAN - all documentation makes it sound simple but it doesn't seem to be working the way I think I expect it to. I don't mind the two VLAN's sharing the same IP address space at this time and currently all occupy 10.0.0.0/24 internally.
So, I have 2 questions and a problem.
First, from the factory, the switches are configured that VLAN1 is the default VLAN and that auto-voice VLAN is also VLAN1? Is this right?
Second, i'm having trouble determining the difference in terminology for port types between general, access, trunk etc - obviously trunk is between switches and carries VLAN information through to the next segment of the network.
My main problem seems to be with auto-voice VLAN and smartport. If I enable smartport, the switch figures out through LLDP that the port is used by an IP Phone + Desktop (excellent, this is what I want it to do) so then puts the handsets in VLAN1 but then the handsets start to become invisible on the network after 2-3 minutes, the handsets then reboot because they've detected a network drop out and then reconnect, re-register at the voice server and are visible and contactable for 2-3 minutes then the loop begins again.
If I disable smartport, the problem goes away.
Am I unreasonably expecting that any user can unpack an IP phone and (subject to provisioning on the server), plug it into any port on the network and it will figure out that it's a phone, not a PC and then prioritise its traffic?
What I want to avoid is the possibility of internal bandwidth lag if someone copies a large file over the network and people are using the phones that the phone users don't get packet loss or audio instability because of the file copy. The internet side will be fine, the Vigor3200 has QoS facilities built in and i've had good success on smaller networks with these routers.
Ideally I need a semi-planned network setup where people with WiFi SIP clients will also get some priority.
I have set QoS on the handsets to match DSCP46 from the switches - can the traffic be manipulated this way or does it already do that in the DSCP to Queue setup which automatically puts anything above 40 in Queue 4 (high priority).
All help very greatfully received.
James

Hello James,
Welcome to the forums!
About the default settings. The switch comes with vlan1 as the default vlan for all traffic.
Here is a quick overview of the port settings
access - one vlan
trunk - multiple vlans
general - multiple vlans (had additional options)
When using the auto voice-vlan, you can have your port set as access for vlan 1 and when the switch see a phone connected, it will join the voice vlan also. This allow the ports to be dynamic. It is not necessary to do this. You can create all ports as trunk ports that are part of both your default vlan and your voice vlan.
The benifits of auto-voice vlan
-phones are discovered and joined to the vlan dynamically
-predetermined QoS settings
-security in that you can have your port set to access
This is a relatively basic overview.
As for the problem you are seeing. I would recommend that you check the firmware of the switch and upgrade if needed. While it may not have anything to do with the problem at hand, it will help prevent any future issues.
I would suggest disabling the Green Ethernet, which can be found under the port management section. If you continue to see the problem after that, I would recommend giving us a call at the support center. We will be able to look a little closer to what is happening.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Problem with SF300-24P

hi I Have been facing a problem, like when we are connecting the Aironet LWAPP indoor Accesspoint to Cisco SF300-24P Switch, we are getting some error like LOW POWER...means accesspoint not recieving enough power from POE Switch.
As per Cisco Datasheet for 300 series Switch the model number is SF300-24P and power dedicated to POE is 180 W and all 24ports do support POE at 7.5Wand 12 portsSupport Maximum Power at 15.0W.Required Power for Aironet Accesspoint through POE Switch maximum is 12.4W is Enough.So can anyone please suggest what to do now.

Hi Nenad, if you administratively remove auto smart port, auto voice vlan will also be shut down.
Your original post consists of some important details-
IP phones are directly connected on the switch and PC's are connected on the phone, so the PC's get IP's through the phone. FE ports are configured vlan 10 untagged vlan 20 tagged.
This is expected and good
Some PC's can't get IP's,for example client turn the computer on and can't get IP, sometimes ipconfig /release, ipconfig /renew on cmd helps sometimes I just unplug network cable from pc and plug it again and it works, I tried to replace the IP phone i didn't help.
When this happens, it usually indicates a convergence issue with spanning tree. If portfast (edge port) does not negotiate, the port will progress through the spanning-tree states, listening, learning forwarding, which can make a long time to receive DHCP / LAN connectivity.
Sometimes that issue change configuration on switch port for example client announce that he have a problem, I connect to switch via the web and see that port on witch is client connected have configuration vlan 10 data tagged vlan 20 voice tagged instead of vlan 10 untagged vlan 20 tagged...very strange.
This statement indicates a macro issue. The macro detects connection types through LLDP and CDP advertisements. If the switch is dynamically assigning vlan id or vlan tag, it means the macro is writing that configuration. Most likely, you will need to go to the macro and re-write the macro to show the native vlan to be 10.
So, I would recommend to do this- Go to the smart port built-in macro, edit all of the macro like this example
-Tom
Please rate helpful posts

SF300-24p Q-in-Q - Changing from vlan 4095

I have a Cisco SF300-24P deployed at a customer prem running only a couple VLAN's - 1 customer related and 1 for management. Recently the customer inquired about changing his connection to Q-in-Q. I have changed the interface type to customer but then it selects vlan 4095 as the vlan associated to that port. How do I change that vlan or by default is that the only vlan I can use? Currently the customer is using vlan 904 and would like to continue to use that vlan in the Q-in-Q config.

Hi Christopher, I didn't run in to this problem at all. Please reference the 2 screen shots below. 4095 is a reserved PVID when a native vlan is not associated to the port.
-Tom
Please rate helpful posts

There is no "Switchport Voice Vlan" command on SF300-24P !!!

Hello everyone
I am in an urgent problem :S
I have a Small Business SF300-24P
I have created two vlans one data and one voice
but i have not assigned them to the ports and I am not sure how to do so since there's no "switchport voice vlan" command under the interface !!
here are the configurations
btw the switchport mode is still trunk as it is by default
Thanks in advance
switch0a1172#
switch0a1172#
switch0a1172#sho run
config-file-header
switch0a1172
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 13,20
exit
voice vlan id 20
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switch0a1172
username cisco password encrypted c8e383b1dd7be99f878a387d87766e875404e0b3 priv
lege 15
ip telnet server
interface vlan 13
name "VLAN13"
interface vlan 20
name VOICE
switch0a1172#

Hi Sandy,
You need:
switchxxxxxx(config)# voice vlan id 20
and smart ports should do the rest.
for your reference: http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_300.pdf?mdfid=283019666
Regards,
Aleksandra

VoIp settings for replacing a Cisco 3550 switch with a SF300-24P

I am adding the SF300-24P to an existing set of switches. My backbone switch is a 3560.
The 3550 I am replacing has this config for each port that supports a Shoretel phone
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
global settings include
spaning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,200 priority 28762
vlan internal allocation policy ascending
all other settings are at default
Any ideas how to replicate this on this new switch? I added the Shoretel mac address range (00-10-49) into the Telephone OUI. The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
Some configs from the backbone are attached. I did not need to configure any of this in the 3550.
Any ideas?
Fred

Hi fred,
The shoretel phone sounds like it is not attaching to tagged vlan 200 on my switch, the shortel voice vlan as per your screen captures.
The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to the Data Vlan .
I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc... But the phones are not attached to the voice vlan , but the untagged data vlan. You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
Please review carefully that attached shortel document and my screen shots and a real configuration done on my SF300-48P. The configuration should be almost identical to your configuration.
I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
All ports by default are in VLAN1 as you can see below
I then added all ports as tagged ports to vlan 200 as you can see below.
For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports fastports except for the uplink Gigabit ports.
If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
For some reason this site adds a zip extension to the end of my running configuration. I used wordpad to look at the file
I am using firmware version 1.0.0.27 on my unit and the userid=admin password i used was admin
I hope this helps.
regards Dave

Need help InterVlan Routing on SF300-24P? .

Hello
I really need help with Inter vlan routing via Kerio Controll 7.4.1.
I have several SF300-24P switches (IOS 1.3.0.62) and i have created a several VLAN's.
Vlans: Vlan 10, 100, 200 and interface vlan 213 (for management).
I can ping hosts in the same Vlan via this switches. From switch to host, port is in access mode and between switches ports is in Trunk mode
(also i had a problem here, trunk wasn't working untill i used command: switchport trunk allowed vlan add all).
Also port is in Trunk mode between KERIO and SW1 (switch). interface is in TRUNK mode from switch's side because i don't know how configure interface TRUNK mode on kerio.
On kerio i have configed one physical interface with IP - 172.16.0.1 255.255.255.0 and on the same interface i have created
VLAN 10, VLAN 100 and VLAN 200.
static IP's for this interfaces:
10.0.0.1 255.255.255.0 VLAN 10
192.168.100.1 255.255.255.0 VLAN 100
192.168.200.1 255.255.255.0 VLAN 200
On KERIO i have created DHCP Lease for each VLAN, but i cannot get IP's from DHCP. So i assigned static IP's to computers
(for example for VLAN100 PC, VLAN 200 PC and so on) but they cannot ping each other when they are in different vlans, so inter vlan routing itsnot working. but with static IP on the PC, i can ping every VLAN's IP address on KERIO.
so pls tell me how i must configure inter vlan routing on kerio, is it possible?
or what must i do? where is my mistake? maybe when i put IP on pysical interface?
here is my configs and pls help and give me config example.
config-file-header
SW1
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator plaintext
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW1
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.1 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW2       <--- This port is Trunk, but its not showing here for some reason.
spanning-tree disable
interface gigabitethernet2
description Direction-To-KERIO <--- This port is Trunk also.   i used: switchport mode trunk on both interfaces
spanning-tree disable
exit
banner login
SW1
config-file-header
SW2
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW2
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.2 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet8
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW1    <--- This port is Trunk also.   i used: switchport mode trunk
exit
banner login
SW2
i have excluded many interfaces because hey have same configs.

Yes Kerio is capable for routing. i wanted to make InterVlan routing via kerio Ccontroll, but i can't and that's i asked here, i need to know reason.
I have modified 1 switch to L3, and inter vlan routing its now working (without Kerio) and i hope this switches dont have problem when they are DHCP server also.
thanx for help. I Hope i didnot have much mistakes in config.

SF300-24P unstable traffic

Hello,
I've installed and configured 2 SF300-24P switches on Layer 3 mode in my company.
Since I've made this installation, I accounter some problems of stability in my LAN communication.
Here is the running config of the 2 switches:
First Switch
SW-WIFI#show running-config
config-file-header
SW-WIFI
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
no cdp run
no spanning-tree
vlan database
vlan 2
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 172.16.0.2
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname SW-WIFI
username cisco password encrypted 18c7e97c305303ec56fbb3105666d85721208731 privilege 15
ip ssh server
snmp-server server
clock timezone " " 0 minutes 0
ip telnet server
interface vlan 1
ip address 172.16.0.249 255.255.0.0
no ip address dhcp
interface vlan 2
name POSTES
ip address 192.168.1.245 255.255.255.0
ip dhcp relay enable
interface fastethernet1
ip dhcp relay enable
switchport trunk native vlan 2
interface fastethernet2
switchport trunk allowed vlan add 2
interface fastethernet3
switchport trunk allowed vlan add 2
interface fastethernet4
switchport trunk allowed vlan add 2
interface fastethernet5
switchport trunk allowed vlan add 2
interface fastethernet6
switchport trunk allowed vlan add 2
interface fastethernet7
switchport trunk allowed vlan add 2
interface fastethernet8
switchport trunk allowed vlan add 2
interface fastethernet9
switchport trunk native vlan 2
interface fastethernet10
switchport trunk native vlan 2
interface fastethernet11
switchport trunk allowed vlan add 2
interface fastethernet12
switchport trunk allowed vlan add 2
interface fastethernet13
switchport trunk allowed vlan add 2
interface fastethernet14
switchport trunk allowed vlan add 2
interface fastethernet15
switchport trunk allowed vlan add 2
interface fastethernet16
switchport trunk allowed vlan add 2
interface fastethernet17
switchport trunk allowed vlan add 2
interface fastethernet18
switchport trunk allowed vlan add 2
interface fastethernet19
switchport trunk allowed vlan add 2
interface fastethernet20
switchport trunk allowed vlan add 2
interface fastethernet21
switchport trunk allowed vlan add 2
interface fastethernet22
switchport trunk native vlan 2
interface fastethernet23
switchport trunk allowed vlan add 2
interface fastethernet24
switchport trunk native vlan 2
ip helper-address all 172.16.0.2 37 42 49 53 137 138
ip route 0.0.0.0 0.0.0.0 172.16.0.150
ip route 10.30.31.0 255.255.255.0 172.16.0.250
Second switch
SW-SRV#show running-config
config-file-header
SW-SRV
v1.2.9.44 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
no cdp run
no spanning-tree
vlan database
vlan 2
exit
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 172.16.0.2
ip dhcp relay enable
bonjour interface range vlan 1
hostname SW-SRV
line telnet
password 18c7e97c305303ec56fbb3105666d85721208731 encrypted
exit
line ssh
password 18c7e97c305303ec56fbb3105666d85721208731 encrypted
exit
username cisco password encrypted 18c7e97c305303ec56fbb3105666d85721208731 privilege 15
ip ssh server
snmp-server server
clock timezone " " 0 minutes 0
ip telnet server
interface vlan 1
ip address 172.16.0.248 255.255.0.0
no ip address dhcp
interface vlan 2
name POSTE
ip address 192.168.1.248 255.255.255.0
ip dhcp relay enable
interface fastethernet1
switchport trunk allowed vlan add 2
interface fastethernet2
switchport trunk allowed vlan add 2
interface fastethernet3
switchport trunk allowed vlan add 2
interface fastethernet4
switchport trunk allowed vlan add 2
interface fastethernet5
switchport trunk allowed vlan add 2
interface fastethernet6
switchport trunk allowed vlan add 2
interface fastethernet7
switchport trunk allowed vlan add 2
interface fastethernet8
switchport trunk allowed vlan add 2
interface fastethernet9
switchport trunk allowed vlan add 2
interface fastethernet10
switchport trunk allowed vlan add 2
interface fastethernet11
switchport trunk allowed vlan add 2
interface fastethernet12
switchport trunk allowed vlan add 2
interface fastethernet13
switchport trunk allowed vlan add 2
interface fastethernet14
switchport trunk allowed vlan add 2
interface fastethernet15
switchport trunk allowed vlan add 2
interface fastethernet16
switchport trunk allowed vlan add 2
interface fastethernet17
switchport trunk allowed vlan add 2
interface fastethernet18
switchport trunk allowed vlan add 2
interface fastethernet19
switchport trunk allowed vlan add 2
interface fastethernet20
switchport trunk allowed vlan add 2
interface fastethernet21
switchport trunk allowed vlan add 2
interface fastethernet22
switchport trunk allowed vlan add 2
interface fastethernet23
switchport mode access
switchport access vlan 2
switchport general pvid 2
interface fastethernet24
switchport mode access
switchport access vlan 2
switchport general pvid 2
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.30.31.0 255.255.255.0 172.16.0.250
ip route 10.42.2.0 255.255.255.0 192.168.1.251
Here is what I want to do with these switches:
Uplink between the 2 switches on fa 13 for the first and fa 12 on the second
Behind the fa 23 on the second switch, I have a SDSL line between my company and a datacenter wich is hosting my main software.
Behind the fa 24 on the second switch, I have my Firewall wich hosts the ADSL for Internet and which is translating all addresses of the VLAN 1 to the address 192.168.1.254 in order to communicate with the datacenter via the SDSL.
On the native VLAN 1, I have some PCs, servers, the firewal and WiFi controllers.
On the VLAN 2, I have only PCs.
My final objective is to migrate all of the WiFi controllers and PCs in VLAN 2 and to only have servers in VLAN 1.
VLAN 1 and 2 must communicate between them, so I activated IP routing.
I wonder why I accounter some problems of stability for the connection on the SDSL.
In fact: between 7:30 and 10:00 I have no problems of communication between my LAN and the datacenter, passed 10:00 some problems of communications are appearing.
These problems didn't happened before I changed my old SF200 for the SF300, so I really think the problem is coming from the switches configuration.
I turned off CDP because I had some messages about Native VLAN mismatch on fa23 (SDSL).
I hope someone could give me some clue about what goes wrong.

I'll try an update of the firmware tomorrow.
The duplex mode is set to auto negociation and in fact on the port fa 23 autoset to full.
Yesterday, I set all ports to mode access except for the uplink ones wich still set to trunk and I moved uplink to the gigabits ports.
Before I do the firmware update from v1.2.9.44 to 1.3.0.62, could you tell me how long this update should take, and, by the way, does it need to rebuild the configuration of the switch?
I'll update the post after the firmware update is done.

Trouble with reauthenticating NAC users after laptop is out of hibernation

Hi,
Have trouble with users logging back on to laptops that comes out of hibernate mode. NAC agent pops up saying " Client Access Server not available on the network"
The current solution I have now is to run Kerbtray.exe too clear the kerberos tkts. which i believe is expired.User logs in fine after clearing.
Is there any alternate permanent soln. in 4.7.2 ver
Thanks in advance
Satish

One more point i forgot to mention
Laptops have full disk encryption installed and encrypts the drive when it goes into hibernation .At the same time the sw port is set to move it to auth vlan after the link down trap is received by the sw.
thanks again
Satish

Trouble with CCME 4 and VIC2-2FXO; IOS 12.4(9)T

Trouble with CCME 4 and VIC2-2FXO; IOS 12.4(9)T
I am having trouble making outgoing call or answering incoming call.
When I try to call out from my IP 7961 phone, it fails with the message "unknown number".
For incoming call, it rings but when I pick up the call nothing happens,
Put the receiver back on hook, the phone carries on ringing. I am in UK
and just trying to set up test system with one analogue line. Any help will
be most appreciated. My config of the 2811 router is posted below. All calls ineternally works fine.
Thank you for your help.
hostname Test-CME
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp excluded-address 10.139.139.1 10.139.139.10
ip dhcp pool host
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
option 150 ip 10.10.10.1
ip dhcp pool data
network 10.139.139.0 255.255.255.0
default-router 10.139.139.1
dns-server 10.139.139.5
voice-card 0
no dspfarm
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
h323
sip
header-passing
registrar server expires max 3600 min 3600
interface FastEthernet0/1
no ip address
no ip mroute-cache
duplex auto
speed auto
no shut
interface FastEthernet0/1.2
description ** Data VLAN **
encapsulation dot1Q 2
ip address 10.139.139.1 255.255.255.0
interface FastEthernet0/1.3
description ** Voice VLAN **
encapsulation dot1Q 3
ip address 10.10.10.1 255.255.255.0
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:
tftp-server flash:S00104000100.sbn
tftp-server flash:TERM41.7-0-3-0S.loads
tftp-server flash:term61.default.loads
tftp-server flash:term41.default.loads
tftp-server flash:CVM41.2-0-2-26.sbn
tftp-server flash:cnu41.2-7-6-26.sbn
tftp-server flash:Jar41.2-9-2-26.sbn
tftp-server flash:term70.default.loads
tftp-server flash:term71.default.loads
tftp-server flash:cnu70.2-7-6-26.sbn
tftp-server flash:Jar70.2-9-2-26.sbn
tftp-server flash:TERM70.7-0-3-0S.loads
tftp-server flash:CVM70.2-0-2-26.sbn
control-plane
voice-port 0/3/0
connection plar opx 202
caller-id enable
dial-peer voice 1 pots
incoming called-number .
destination-pattern 9T
port 0/3/0
telephony-service
load 7914 S00104000100
load 7941 TERM41.7-0-3-0S
load 7961 TERM41.7-0-3-0S
load 7970 TERM70.7-0-3-0S
max-ephones 20
max-dn 40
ip source-address 10.10.10.1 port 2000
calling-number initiator
service phone videoCapability 1
system message MKC CME
url services http://10.10.10.1/voiceview/common/login.do
url authentication
http://10.10.10.1/voiceview/authentication/authenticate.do
time-zone 21
date-format dd-mm-yy
voicemail 600
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
moh music-on-hold.au
web admin system name admin secret 0 test
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
secondary-dialtone 9
create cnf-files
ephone-dn 1 dual-line
number 201
label 201
description Sarah
name Sarah
ephone-dn 2 dual-line
number 202
label 202
description Vitthal
name User2 Vitthal
ephone-dn 3 dual-line
number 203 secondary
label 203
description Neil
name User3 Neil
ephone 1
video
username "user1" password 201
mac-address 0018.18EE.947F
type 7961 addon 1 7914
button 1:1
ephone 2
video
username "user2" password 202
mac-address 0018.18BB.B973
type 7941
button 1:2
ephone 3
video
username "user3" password 203
mac-address 0018.1885.6BA2
type 7970
button 1:3

Hi
Please find enclosed debug attachment for voice ccapi and ephone. First, I called from outside. Extension 202 rings but when I answered on extension 202 nothing happens. Replace the rceiever and the pone starts ringing again.Second step. I tried to call out by dialing 9 and then number but after a while phone displays unknown number.
Thank you for your help.
Vitthal

I'm having trouble with syncing my iPod to my computer.

I'm having trouble with syncing my iPod. It gets stuck on the last step saying, "Waiting for changes to be applied." It's been doing this for the last half hour. Is there anything I can do to correct this or is am just going to have to restore my iPod?

You can sync/manually mange iphone with one and only one computer. If you sync/manually mange to anther, then it will erase the current content and replace with content from the new computer.
What "trouble" are you having?

RADIUS authentication SF300-24P

RADIUS authentication SF300-24P
We have just purchased 20x SF300-24P switches to be installed at our remote offices and we are unable to get RADIUS authentication to work. We already use RADIUS on all our primary network CISCO switches (e.g. 4506s¸ 3560s, 3750s, AP1231Gs,etc) and these work fine so we know the RADIUS server is working.
We are trying to use RADIUS authentication to gain management access onto these switches. Quite simply although we can see that the RADIUS server is accepting the username and password being sent, however the switch says “authentication failed” when to receives the response. We are using Microsoft NPS RADIUS Clients for authentication purposes.
We have upgrade the switches to the latest firmware 1.1.2.0, via the console it seems to have a very cut down IOS version so we cannot use the typical CISCO command set to configure the RADIUS as we normally would. Looking at the web GUI there seems to be a number of options missing including the Accounting port. When debugging is switch on there is no indication to say that any of the settings have been misconfigured.
Any advice you could offer would be gratefully received.
Mike Lewis

Here is the documentation excerpt-
For the RADIUS server to grant access to the web-based switch configuration
utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
If an authentication method fails or the user has insufficient privilege level, the user
is denied access to the switch. In other words, if authentication fails at an
authentication method, the switch stops the authentication attempt; it does not
continue and does not attempt to use the next authentication method.
Of course the point of interest here is the second paragraph. The initial wording is the behavior you want. The second portion is very open for interpretation (I do agree it is somewhat ambiguous but consistent with the switch behavior). When I read the example and it says the Radius is busy or not responding then you will authenticate locally. Which seems fair enough. But what it doesn't say, is if you can use one or the other, but instead it seems based on preference failure.
-Tom
Please rate helpful posts

Trouble with Ip redirect

I am having a bit of trouble with ip redirects on an airnet 1042N
Here is what happens, I turn off ip redirect, everything works fine, turn it on, everything works fine. The problem is when I apply an ACL to it.
If I apply an ACL, I can ping web sites, but I can not browse websites or telnet to port 80. This is simply a test configuration before I move it into production. 10.0.0.0/22 is our subnet. I want the guest ssid to allow access to the internet, but not the the internal network (with the exception of the gateway (10.0.1.254) , dhcp, and dns servers (same server 10.0.1.221)
Running config
Current configuration : 2475 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname testap
logging rate-limit console 9
enable secret 5 $1$PBvp$dH8HqNdXBTP7eCzYanRRo.
no aaa new-model
dot11 syslog
dot11 ssid main
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 1234567890abcdefghi
   ip redirection host 10.0.1.254 access-group 102 in
dot11 ssid secondary
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 075E731F1A5C4F524F4B5B0D06292F212E343D2B
   ip redirection host 10.0.1.254 access-group 103 in
username Cisco password 7 01300F175804
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid main
ssid secondary
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
ip address 10.0.2.150 255.255.252.0
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.0.2.150 255.255.252.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 101 permit ip any host 10.0.1.254
access-list 101 permit ip any host 10.0.1.221
access-list 101 deny   ip 10.0.0.0 0.0.3.255 10.0.0.0 0.0.3.255
access-list 101 permit ip any any
access-list 102 permit ip any 10.0.0.0 0.0.3.255
access-list 103 permit 80 any any
access-list 103 permit ip any host 10.0.1.254
access-list 103 permit ip any host 10.0.1.221
access-list 103 deny   ip 10.0.0.0 0.0.3.255 10.0.0.0 0.0.3.255
access-list 103 permit ip any any
access-list 120 permit ip host 10.0.3.41 any
access-list 120 permit ip any host 10.0.3.41
bridge 1 route ip
line con 0
logging synchronous
line vty 0 4
login local
end

James:
Welcome to the forum.
To enable both encrypted and unencrypted traffic on same radio you need to use VLANs. If you are using only the native VLAN then you are abide by only one encryption method for all SSIDs.
Check this for multiple SSIDs and multiple VLANs:
https://supportforums.cisco.com/docs/DOC-14496
For your network above, you should review the ACL and make sure it allows the needed traffic. Make sure both ports 80 and 23 are opened. Make sure to choose correct ports (udp, tcp) on the ACL.
You can also try configuring ip redirect from GUI. give a look to the ip redirect doc: http://tiny.cc/gdsekw.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"

I am having trouble with syncing my iPhone to another computer and I can't change the settings on the other computer to 'manually manage.....' because the computer is not working!

I am having trouble with syncing my iPhone to another computer because the computer that my iPhone is currently synced with is not working

You can sync/manually mange iphone with one and only one computer. If you sync/manually mange to anther, then it will erase the current content and replace with content from the new computer.
What "trouble" are you having?

Trouble with Mangement VLAN on SF300-24P

Similar Messages

Maybe you are looking for