Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
3
Replies

SG300-28 hangs upon delete ACL binding

bdp-cisco
Level 1
Level 1

‎02-26-2018 02:29 PM - edited ‎03-21-2019 11:21 AM

G'day cisco SMB switchers,

 

I have run a couple SG300 devices for ~9 months as a test deployment. I have had a majority of the features including ACL working perfectly without issue until now. Presently, my SG300-28 is working however whenever I remove an ACL on vlan 200 to block a couple IPs the switch hangs and requires power-cycling to become responsive again. I have tried multiple times from both the GUI and command line to remove the troublesome ACL, always resulting in a complete hardware hang (no ping, no response).

 

Curiously, the ACL is related to vlan 200 which is a wireless vlan that has nothing to do with my wired management of the device via vlan 1. Further, the IPs which the offending ACL are related to a network across town accessible via VPN only, so they have nothing to do with my local network. As such, I really don't think I am making a mistake by locking myself out, and think the hardware is problematic. Presently I am using the switch on the edge of my network, and for now it is working as long as I don't delete that offensive ACL.

 

Normally the next step I would take would be to reload the config from file, then reload the firmware (already latest version, has been working for months as is), and finally google how to hard-reset the switch. But if I were to do so, I would lose trust in the SG300 line, and hesitate to roll it out across networks as I originally planned to do in a few months after completing this testing phase.

 

Can anybody restore my confidence in the SG300 line, such that we can understand what is wrong, so I can avoid writing off the hardware and trying another solution?

 

Many thanks,

-Brian

1 person had this problem
Labels:
0 Helpful
3 Replies 3

bdp-cisco
Level 1
Level 1

‎02-26-2018 03:25 PM

The full description of the offensive vlan is as follows:

interface vlan 200
name wifi_public
ip address 10.4.200.1 255.255.255.0
service-acl input "200 block ingress"
0 Helpful

bdp-cisco
Level 1
Level 1
In response to bdp-cisco

‎02-26-2018 03:29 PM

and

ip access-list extended "200 block ingress"
deny ip any 10.50.0.0 0.0.255.255 ace-priority 100
deny ip any 10.51.0.0 0.0.255.255 ace-priority 101
permit ip any any ace-priority 2000
exit
0 Helpful

CSCO12393593
Level 1
Level 1

‎10-02-2018 01:38 AM

Hello bdp-cisco,

 

I have the same issue with my sg300-48p. mainly it is related to the software release. as the issue appeared after the software upgrade from version 1.4.0.88 to the latest version 1.4.9.4

 

What is the running software version on your SWs ?

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents