Yes, we have enabled all services, including ssh in the TCP/UDP services - but SSH (TCP, 22) does not show up in the service table, and can't be accessed

Nedless to say - the Access Profile allows access to _all_ services...

The answer can be found - on the console only! While there is a default SSL certificagte for SSL (https), there is _none_ for SSH. what a joke (!), and the RSA and if required DSA keys must be generated first from the console. I should have remembered this process for the older Linksys switches:

                             SSH Server Status
                             =================

SSH Server is running on port 22, PK Authentication is disabled

RSA key was not generated, DSA key was not generated

No open SSH sessions
--------------------------------------------------------------------------------
USER  IP ADDRESS                     CIPHER         HMAC        CLIENT SOFTWARE
--------------------------------------------------------------------------------

Action->  Quit   Refresh

ArrowKey/TAB/BACK=Move  SPACE=Toggle  ENTER=Select  ESC=Back

This is definitively not customer friendly!

The logical subsequent questions while speaking for certificates:

1. How to generate certificate requests to sign by a CA (PKI)?
2. How to import certificates?
3. How to enable certificate based authentication?

(Okokok, we have designed and implemented the very likely lagest PKI projects since the late 1990ties...)

Good to see: The ssh perfromance is not fast, but useable. One advantage over the SWR20xx models for sure!

Maybe a moderator would be so nice and split this thread...TIA

Hard to say, why there are no default keys for SSH, nor is the key generation included in the Web UI.

The bare minimum we can expect from a Cisco product would be at least a warning or information, that enabling SSH service requires key, to be generated from the console....

Sorry my frieinds from the Cisco Small Business crew: This is why we have never evne considered Linksys for any deployments in SMB before... The times have changed now - hurry up and accellerate to Cisco speed now!

Thank you - works as already edited in my previous posts before.

When looking at the Cisco Small Business 300 Series Managed Switch Administration Guide on page 45/46, we wind the Sx300 Series is just a Cisco SB reincarnation of the Linksys SRW Series - see the PID.

Similar, the ESW were built using s slightly modded software feature set - on the same hardware platforms again, too.

The ESWs are horrible switches.  They come so locked down they're unusable in their default state.  As for this topic, I think the issue here is a lack of understanding, a long time lack of understanding, on what Small Businesses need.  Case in point, why are they still making 100Base-T switches when gigabit is so cheap?  They have 15 models of these 300 switches listed when they "might" need 4.

Hi Brian,

Boy ah boy we are copping flak here

Since we make low cost SPA5XX phones with integrated  10/100 switch ports, there still is a need for 10/100 POE switches.

If Cisco wasn't selling them or if demand was slow,  wouldn't be worth making them

We can't win folks would complain if we didn't have them.  

regards Dave

Dear Dave,

The real difference ist the price-per-port - certainly still a critical factor for businesses for example in the developing regions probably. But not convinced, if they invest in managed switches at all if "good enough" QoS can be achieved anyway thanks to the higher bandwidth.

In the year 2010, a VoIP phone with a loop-through two-port switch not supporting GbE can no longer be deployed in this context with almost any typical desktop systems anymore. Thus, not offering a GbE there is a showstopper, and is anything but helpful with the argumentation of the existing single Ethernet installation in the building to the desktop... The real problem is not the offering of FE switches - it's a miss-spec of the phones in my opinion. The biggest cost factor is no longer GbE - it's the cost of universal cabling installations nowadays!  Don't worry - Cisco SB is not alone in this line of fire, "heavy" Cisco, and other vendors hear the same thing. What was nice say in the 1990ties has changed in the last ten years: GbE _is_ absolutely affordable, and the de-facto standard.

When going towards a secured network by deploying 802.1X port-based authentication with automatic VLAN assignments, we experience additional challenges. Having two systems on one port, and not all VoIP phone manufacturer phones wee able to pick-up the correct port, and get access to the voice VLAN, especially when paired with a guest VLAN (used as a trap VLAN for non-identified devices), configuring the VLAN ID on thousands of phones is not fun either - and not free. Worse, not only here in Europe, employees tend to move their "own" phones when moving desks (due to dirt, custom configurations, ...) and with a growing size of the network, the voice VLAN is not the same everywhere. A new source for help desk calls, not free either.

For now, I would like to see Cisco focusing on the original complaint on the DNS configuration and documentation with this thread.

TIA,

-Kurt.

>>>>

For now, I would like to see Cisco focusing on the original complaint on the DNS configuration and documentation with this thread.

<<<<

The orginal post here is absolutely correct. There's no excuse for not hitting one DNS server after another.  I have cusotmers that will often run 3 or 4 DNS servers internally which means I can safely do maintenance on one without affecting any DNS services.

But you can make 10/100/1000 swtiches for next to nothing more than 10/100 and it's the rest of the ports that matter to businesses.  VoIP is nice but it's not in huge demand.  Care to share deployment numbers vs. POTS lines in the US?  The key here is businesses buy new PCs that come with gigabit and want to know what it will cost them to go to gigabit.  Cisco's competitors have very reliable gigabit switches for 1/4 or less the cost of switches like ESWs (of course we've not seen pricing on the 300 series yet, but I'm still betting they'll be double Dell's and still more than buying a non-PoE switch and using a PoE injector for the few devices needed).  Phones will run just fine on a 10/100/1000 switch but gigabit PCs of course will not so if we sell them a 10/100 switch today and next year they buy a dozen new PCs with gigabit they're going to be VERY unhappy with us and Cisco.  Dump the 10/100.  It's 15 year old,outdated technology with no place in modern businesses.

OEM manufacturing costs per Ethernet switch port (two to four trunking GbE ports are "free" in this calculation) are about US$ 7.50 for 10/100 Mb/s, and about US$ 10 per 10/100/1000 Mb/s. These numbers include a share in a half (7.7 W) 802.3a-2003 PoE supply - and can be lowered by about 2 US$ orsomewhat less without PoE. Add all marekting, support, and life time warranty, and you see how the end user prices

Of course I agree with Brian: FastEthernet has reached the end of it's life, and is no longer required on this Ethernet switch class anymore.

Beyond, GbE for trunking will be replaced in the SMB business 10/100/1000 Mb/s units by 10 GbE within a few years, too.

Most complaints we recieve on NAS performance are caused by poor networking infrastructures, based on 10/100 Mb/s only...and Cisco SB just lanuched the new NAS family, too.

I've started a new thread, https://supportforums.cisco.com/thread/2033015, to discuss FE vs. GbE to get it out of the DNS issues here...

.