cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


19999
Views
100
Helpful
106
Replies

Re: SG200-08 firmware issue

Hello,

Backup your firmware first and then you can donwload the old firmware here.

Regards,

Beginner

Re: SG200-08 firmware issue

Hi,

found the reason: the switch drops all (at least) syn-packets coming from privileged ports going to privileged ports. Had the problem with lpd.

tcpdump shows the packet going out (source port 900, dst port 515), but tcpdump at the remote machine doesn't get the packet.

Packets from port 1900 to 515 reach the destination, from port 900 (or other below 1024) don't.

Going back to 1.0.5.1 - all packets reach the destination machine.

nfs uses privileged ports, too, an so does lpr.

Regard,

Ucker

Beginner

SG200-08 firmware issue

I believe I am running into this same issue, but it does not appear to be related to using privileged ports for source and destination.  I just upgraded to 1.0.6.2 recently and my Fedora Linux based NFS stopped working (which has previously worked for a long time with no problems).  From my NFS client, I see the request being sent out to the server but no response:

# tcpdump -e -nnn -i eth0 host 10.0.4.13 and not port 22

tcpdump: WARNING: eth0: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

09:56:01.965079 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.6.751 > 10.0.4.13.2049: Flags [S], seq 905098269, win 14600, options [mss 1460,sackOK,TS val 157744724 ecr 0,nop,wscale 7], length 0

09:56:02.967154 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.6.751 > 10.0.4.13.2049: Flags [S], seq 905098269, win 14600, options [mss 1460,sackOK,TS val 157745726 ecr 0,nop,wscale 7], length 0

09:56:04.969156 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.6.751 > 10.0.4.13.2049: Flags [S], seq 905098269, win 14600, options [mss 1460,sackOK,TS val 157747728 ecr 0,nop,wscale 7], length 0

09:56:08.977150 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.6.751 > 10.0.4.13.2049: Flags [S], seq 905098269, win 14600, options [mss 1460,sackOK,TS val 157751736 ecr 0,nop,wscale 7], length 0

^C

4 packets captured

4 packets received by filter

0 packets dropped by kernel

Interestingly, if I try to telnet to the NFS server on TCP port 2049 it connects:

# telnet 10.0.4.13 2049

Trying 10.0.4.13...

Connected to 10.0.4.13.

Escape character is '^]'.

^]

telnet> q

Connection closed.

And tcpdump shows 2 way traffic:

# tcpdump -e -nnn -i eth0 host 10.0.4.13 and not port 22

tcpdump: WARNING: eth0: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

09:59:53.896925 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.6.39593 > 10.0.4.13.2049: Flags [S], seq 2887520180, win 14600, options [mss 1460,sackOK,TS val 157976655 ecr 0,nop,wscale 7], length 0

09:59:53.897102 00:1d:09:16:49:03 > 00:25:64:8b:e9:1f, ethertype 802.1Q (0x8100), length 78: vlan 4, p 0, ethertype IPv4, 10.0.4.13.2049 > 10.0.4.6.39593: Flags [S.], seq 3208462604, ack 2887520181, win 14480, options [mss 1460,sackOK,TS val 54742625 ecr 157976655,nop,wscale 7], length 0

09:59:53.897135 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 70: vlan 4, p 0, ethertype IPv4, 10.0.4.6.39593 > 10.0.4.13.2049: Flags [.], ack 1, win 115, options [nop,nop,TS val 157976656 ecr 54742625], length 0

09:59:54.902617 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 70: vlan 4, p 0, ethertype IPv4, 10.0.4.6.39593 > 10.0.4.13.2049: Flags [F.], seq 1, ack 1, win 115, options [nop,nop,TS val 157977661 ecr 54742625], length 0

09:59:54.902795 00:1d:09:16:49:03 > 00:25:64:8b:e9:1f, ethertype 802.1Q (0x8100), length 70: vlan 4, p 0, ethertype IPv4, 10.0.4.13.2049 > 10.0.4.6.39593: Flags [F.], seq 1, ack 2, win 114, options [nop,nop,TS val 54743630 ecr 157977661], length 0

09:59:54.902825 00:25:64:8b:e9:1f > 00:1d:09:16:49:03, ethertype 802.1Q (0x8100), length 70: vlan 4, p 0, ethertype IPv4, 10.0.4.6.39593 > 10.0.4.13.2049: Flags [.], ack 2, win 115, options [nop,nop,TS val 157977661 ecr 54743630], length 0

I tried changing the MTU on the client (it isn't an issue with the server, the other SG200-08 switch the server is connected to in my case never receives the SYN packet from the downstream switch) to 1492, that didn't help (same response):

# ifconfig eth0.4
eth0.4: flags=4163  mtu 1492
        inet6 fe80::225:64ff:fe8b:e91f  prefixlen 64  scopeid 0x20
        ether 00:25:64:8b:e9:1f  txqueuelen 0  (Ethernet)
        RX packets 66544845  bytes 4777394910 (4.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 70421924  bytes 978568608853 (911.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

When I do a port mirror on the SG200-08 and use tcpdump on the switch port  connected to the client I see the frame arrive.  When I do a port mirror  on the uplink trunk port, the frame is never transmitted, it is being  dropped by the switch for some reason.

Hope this helps.

Best regards,

Tommy de Grummond, CCIE #8138 R/S, SP, V & S

Beginner

Re: SG200-08 firmware issue

It is very disappointing to see how things are taken up here by Cisco.

This issue has been reported by me two months ago and there is still no action taken by Cisco as far as I can see.

In the meanwhile there are more people who confirmed the issue, with samples, so Cisco engineers should be able to reproduce this problem now, especially because the used configurations are not very complicated.

Kind regards,

Rene.

Advocate

Re: SG200-08 firmware issue

Hi Rene, one piece of information I do not see from anyone.

Have you completely factory default the switch (configure nothing) plug stuff in and see if it works?

Make a simple point to point connection. Assign static IP, only 2 things connecting to switch, the client and the server. No routers, no VLAN, no nothing (including no wireless from somewhere). Give this a try.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Re: SG200-08 firmware issue

Hi Tom,

I did try to reset the switch the its factory default but it does not work anyway.

If it can help, in my production environment, the NFS server and the NFS clients are on the same layer 2 even in the same VLAN.

Advocate

Re: SG200-08 firmware issue

Hi Guillaume, my personal concern is, since it is a layer 2 device, I'm very curious of the behavior without any other network influences.

Would it be possible to set up a point to point connection using static IP addresses?

Host A <=> Switch <=> Resource

If this fails at a factory default parameter this would need a good assessment. But the key is to make sure the switch is failing.

We need to rule out any external factors such as domain controllers, routing policies, or even firewall/security setting on the client/server environment.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Re: SG200-08 firmware issue

Hi Tom,

TL;DR I tried a very basic setup one client and one server both sides in static addressing but the NFS packets are still lost.

I did try this setup. Static IP addresses on both sides (IPv4 and IPv6) and it still fails.

The very basic setup, no router, nothing except the NFS server and the NFS client did not worked.

It still a strange behavior though since the switch is supposed to do L2 things only why a protocol such as NFS, which is L2, would fail after an upgrade while everything else still worked properly.

I checked everything on the network first before telling me "is it the switch?". And I can tell that I was suprise that after downgrading the switch firmware the NFS mounts came up.

I don't know how a switch firmware especially for the Small Business series but I don't see why it would filter/drop or do anything else but forward the packet on the right port. If someone could at least clarify some of these questions I would be grateful.

Regards,

Beginner

Re: SG200-08 firmware issue

Hi Tom,

My SG200-08 switch was working in factory defaults, and resetting again did not help.

By the way, I do not have the SG200-08 switches anymore, I have replaced them for SG300 switches.

But as you can see on this forum topic, I was not the only one experiencing this problem.

Kind regards,

Rene.

Beginner

Re: SG200-08 firmware issue

I had the exact same issue as the one above. This is a BUG. I too wasted 8 hours troubleshooting!

Details for Re-Pro:
Esxi 5.1 using NFS to Qnap ts-469pro. SG200-08 came with 1.0.5.x from Amazon.com. Everything worked before using the Cisco device, and with the Cisco device at the above firmware revision.

Update switch to 1.0.6.x (latest): Esxi NFS connection FAIL - "Cannot connect to nfs host". Mac connection via NFS to Qnap worked- it uses a dynamic outbound port. Esxi uses a fixed outbound port (under 1024).

To the Cisco moderators:
We're all advanced tech people here. PLEASE stop asking for the generic support info! Changing MTU size, removing external network variables, etc. should NOT be necessary.

Why?
Before upgrade=ok.
After upgrade: FAIL.

Can someone at Cisco please throw an SG200-08 into the test lab, update the firmware to the latest rev, plug an ESXi server and an NFS server into it, and see what happens? Your test lab should have this readily available.

The user community has done all the QA work for this bug - especially forum member "Degrummondt" who did the AWESOME Tcpdump caps!

Cisco - please finish our work, fix the bug, and push out an update to the firmware! A warning on the SG200-xx support page would also be appropriate.

Regards,
Steve Hornby, MCSE
Senior Systems Engineer

Sent from Cisco Technical Support iPhone App

Cisco Employee

SG200-08 firmware issue

Hello shornby,

Could you please reach out to the SBSC and open a Service Request for this issue? We would like to investigate this issue further. We have not seen this issue in our environment. We would like to capture your configuration and some additional information like captured packets when it happen so we can investigate further.

Please find the SBSC contact information below:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Thanks,

Li

Beginner

SG200-08 firmware issue

I would love to submit a service request, trouble ticket, etc. whatever you want to call it.  But see no way to do so.  Not interested in phone call or online chat.

Very poor support model. 

Beginner

SG200-08 firmware issue

I can confirm this bug: SG200-08 with 1.0.6.2 firmware.

You have not seen this in your production environment?

Really? If so, one might assume you haven't even tried yet...

Here is how to reproduce:

Setup a nfs client behind the switch and try to mount a nfs share. Works with udp, but fails with tcp.

Replace the SG200-08 with a dumb switch and everything works.

Easy to reproduce using a Linux Live-CD like http://grml.org or http://www.knoppix.org.

Beginner

Re: SG200-08 firmware issue

You have not seen this in your production environment?

Really? If so, one might assume you haven't even tried yet...

Ditto regarding the port mirror vlan tag issue.  In which the vlan tag is not removed from untagged member packets copied to a port mirror.

Very poor support.        

Beginner

SG200-08 firmware issue

I just wanted to say I am also having this issue on devices connected through this switch. I wish I would have found this thread a long time ago! I have this switch which feeds my entertainment center and a SG300-10 that my NAS etc is connected to. I just switched to NFS from samba/cifs because there is less overhead with nfs. My media player would not even see my NFS shares. I thought it was the media player so I bought another one and same issue. I didn't think it would be the switch because everything else that goes through it works fine except NFS. Today, just for the heck of it, I bypassed the switch and my media player all of a sudden detects my NFS shares. This has been the most irritating experience I've had. Since I never attempted using NFS until recently I never thought it was the firmware upgrade I did a couple of months ago! I will roll back my firmware and report back shortly.

****UPDATE****

So I rolled back to 1.0.5.1 and my NFS is working through this switch. I have wasted countless hours on this and bought a new media player when I didn't need to. The fact that this thread is months old and there isn't a fix yet is shocking.