Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
1
Replies

SG200-50P Forwarding Issue

Go to solution
JD91415
Level 1
Level 1

‎04-11-2019 12:48 PM - edited ‎04-11-2019 12:51 PM

Hi guys, new here, signed up as can't figure this one out. I suspect a firmware bug for this switch.

 

I've identified that our 2 SG200-50Ps are failing to forward frames between trunk port ingress (from router) and host port egress. VID10T on trunk link to router, 10U (and 20T voice) on host port (with in-line IP-phone).

 

We run a few VLANs between a DrayTek 2960 and this switch (VID10 being user workstations), as well as inter-LAN routing [site A's VID99 (mgmt) and VID10 (PCs) to branch site B's equivalents] over a L2L IPSec tunnel. This all works fine and has not changed for months.

 

If a host on site A's VID10 (untagged to switch, tagged over trunk to DrayTek) pings a server in site B's mgmt LAN, a reply is received fine. However, anything UDP or TCP-based such as DNS or RDP fails.

 

Using Wireshark I can see that actually, packets are reaching the destination, and even returning some distance, but they only get as far back as the switch's trunk port ingress (from router), they are not forwarded to the interface of the connected host. I've identified this by port-mirroring on the switch.

 

I've ruled out the basic things that spring to mind, such as:

  • Interface VLAN config (confirmed 10U on host port, 10T over trunk). A successful ping reply proves connectivity is there.
  • Firewall on the routers (as we can see packets are passing unimpeded in both directions).
  • DoS defence on routers (temporarily disabled anyway).
  • MTU (especially considering IPSec tunnel overheads) but return frames seen reaching the switch's trunk port ingress are only around 60 bytes. This is over a DSL-based EoFTTC WAN circuit.
  • MAC address table shows host's correct MAC address on correct interface.
  • CPU utilisation very low, almost insignificant.

 

I have not yet factory reset the switch due to lack of maintenance windows, but this is happening on 2 identical switches so I don't really see this having any effect.

 

Switch firmware is 1.4.8.6. My next plan is to upgrade to 1.4.9.4 ASAP out-of-hours, as I suspect this is a firmware bug (though no relevant bug fix is noted in the newer version release notes). I have been through every setting in the management UI and can find nothing responsible for this issue. I realise this is a low-end switch with no CLI, so you can't really expect miracles, but basic functionality seems broke here.

 

Can anyone suggest anything I should check before digging deeper? I realise I haven't gone into great detail with my current config so apologies, but I've just got in from a 12-hour shift and at this point just wondered if anyone's seen this issue with this switch before?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JD91415
Level 1
Level 1

‎04-17-2019 02:43 PM

For what it's worth, solved.  Factory reset and reconfigured from scratch.  Must have been a config issue somewhere, though did reconfigure exactly the same.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
JD91415
Level 1
Level 1

‎04-17-2019 02:43 PM

For what it's worth, solved.  Factory reset and reconfigured from scratch.  Must have been a config issue somewhere, though did reconfigure exactly the same.

0 Helpful
Customers Also Viewed These Support Documents