Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
2
Replies

SG300 ip source guard - Possible fw bug or shortcoming in documentation?

mmzzaq
Level 1
Level 1

‎07-25-2018 06:59 AM - edited ‎07-25-2018 07:15 AM

SG300 switch

 

Hi,

 

Currently testing the IP Source Guard feature and planning to eventually roll it out in our network if all works well. I'm doing minor steps and I'm currently trying to enable source guard through the web interface on a specific test port (GE13) but the switch wouldn't let me and throws me this specific error:

cisco.png 

-latest firmware
-dhcp snooping enabled and the port is untrusted
-no mac/ip acl's or ace's are present on the switch
-switch runs in layer 2
-tried first disabling the port and then enable source guard, same result
-port security not enabled
-arp inspection not enabled

 

There isn't any mention about an acl that needs to be set in the documentation:

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

 

I also saw this post from someone implementing this on an ios switch and while SG300 doesn't have real ios, he also doesn't use acl:
http://packetlife.net/blog/2009/may/25/ip-source-guard-without-dhcp/

 

What am I doing wrong? How can i make it work? Unless I'm overlooking something, this either looks like a firmware bug or a shortcoming in the documentation.

Labels:
0 Helpful
2 Replies 2

mmzzaq
Level 1
Level 1

‎07-26-2018 11:56 PM

Anyone?

0 Helpful

mmzzaq
Level 1
Level 1
In response to mmzzaq

‎08-03-2018 07:16 AM

There's really no Cisco representative who can answer this question?

0 Helpful
Customers Also Viewed These Support Documents