Re: 3750G configuration - Page 2

D3savage · ‎03-11-2019

Hi I am a bit of a super noob ...... the long and short is I purchased a second hand pre loved 3750G 24 switch for home use. In all honesty I don't really want to dig deep into cisco programming...although I can see lots of good things are available. To give you some background......... I want to use the switch for connecting 7 ethernet cat 6 points situated across my house - these are used for:- general computing, smart TV's, DVR's,streamers etc. So I have seven cables coming into the switch, 3 more from a unifi wireless system - (2 ap's and one cloud key) I also intend in the near future to install a digital security system - using poe cameras from ubiquiti G3's AF models.

So my thoughts were - I would need more ports - poe - and the possibility of maybe creating a vlan for 4 security cameras so that the traffic generated by constant streams - did not effect my general network traffic.

I am hoping somebody here could hold my hand advise me - and help me set up the switch.

I have been told my switch has been set to its base factory config - and I have tried it with my laptop it found the laptop and connected to the internet just fine. Currently my cisco switch is connected via one of the lan ports to my Asus router DSL AC68U ........

It would be very much appreciated if somebody - could advise me and help me through this step by step - kind regards

D3savage · ‎04-16-2019

Hi I have copied and pasted - bits of code in ....... is this correct so far before I upload and write to my cisco???.......... I will try and check out poe options....

D3savage · ‎04-17-2019

Hi as no ip is currently set ........ is this why currently my 3750 will not work with other small switches connected to it??? (It appears to me that it cannot allocate an address properly as it has no base ip to work from......)

Regarding dchp does it auto assign the range ........ mine is x.x.x. 2 - 254 do I manually need to define the range........??? If so can you send me the command......

Mark Malone · ‎04-17-2019

Hi you need to fill in name and a password , dont leave them like that , that will be the username for the switch to login

example ---- username mark secret c1sc0

an IP on a layer 2 switch is purely for management reasons only like remote connectivity ,
not actually required on a layer 2 switch , without it its called an unmanaged switch
but is useful if you want to monitor it etc
if you want it managed you can give it an IP address on vlan 1

i think a quick read of this may help you get setup too , concept will be exact same as connecting real switchs same config style
http://blog.dornea.nu/2015/10/21/basic-layer-2-switching-using-cisco-packet-tracer/

are the other small switches on vlan 1 by default , they need to be , and the devices connected to them need to be on the subnet that is vlan 1 on the router so everything can communicate , first make sure devices on the same switch can talk to each other before connecting hubs , make sure HUBS are not dual, linked to the switch either as they dont understand STP in Cisco and a loop will form

D3savage · ‎04-25-2019

Hi .. I have not tried your suggested configuration yet ......... I did try plugging in my Ubiquiti G3 camera using a POE converter which takes 48v poe to 24v poe - it is an af compliant converter. It failed to work..........and connect. I checked the forums ....... and apparently there is a known ... fix....see below ... does this look ok. See my notes in the doc file.....(taken from .... https://community.ubnt.com/t5/UniFi-Wireless/Workaround-for-UAP-AC-802-3at-non-compliance-POE-power-problems/td-p/1053905)

Re: Workaround for UAP-AC 802.3at non-compliance (POE power problems, reboots) for newer Cisco catal

[ Edited ]

‎10-14-2014 11:57 PM - edited ‎10-15-2014 12:02 AM

Hi,

thanks for this post.

I hope this is not hijacking your thread but we are having similar issues with UAP-AC, fw 3.2.5, and a DELL Powerconnect 7000 stack with fw 5.1.5.1.

We occasionally find some ports shut down and this error reported in the logs:

TRAPMGR PoE: Gi1/0/23 power down (Overload Condition)

To resolve the issue, temporaritly, I log in to the stack via SSH and run the below:

configure

interface Gi1/0/23

power inline reset

This resets the port and powers on the AP again.

I had also set the below parameters on each port range where the APs are connected

power inline high-power (i think this is equivalent to 2x-mode in cisco)

power inline limit none

power inline priority critical

I am not sure if I had done a shut / no shut on the ports but I did it now after reading this thread.

Below is the current show power inline output of the port I reset arlier

Port Powered Device State Priority Status Class Power[mW]
--------- ------------------------ ----- -------- ---------- ------- ---------
Gi1/0/21 auto Critical On Class4 10000

Overload Counter............................... 5
Short Counter ................................. 0
Denied Counter................................. 1
Absent Counter................................. 0
Invalid Signature Counter...................... 0
Output Volts................................... 53
Output Current................................. 188
Temperature.................................... 41

I still have the issue re communicating properly with the unmanaged switches ........ with the gateway setting solve this??

Hope you can advise ........ I will try the config shortly....

Kind regards

Richard

D3savage · ‎04-29-2019

Hi i have had a go at sorting the Vlan ..... can anybody please advise........does this look ok for my 3750G switch ......... I am a complete noob so please forgive any howlers

hostname Switch
enable secret ********* (put in my password)
username RCW secret ******** (put in my user name)

vlan database

vlan 2 name RCWDesign (Put in my name for Vlan)
VLAN 2 modified:
Name: RCWDesign (Vlan name added from above)
exit

int vlan 2
ip address 192.168.1.1 255.255.255.0
exit

ip dhcp pool vlan2
network 192.168.1.1 255.255.255.0
default-router 192.168.1.1 (This is my Huawei router)
dns-server 208.67.222.222 208.67.220.220 (This is will need to be changed to Huawei router DNS settings)
lease 7
exit

ip dhcp excluded 192.168.8.1 192.168.8.254 (??????)
ip dhcp excluded 192.168.9.1 192.168.9.254 (??????)

ip dhcp snooping
ip dhcp snooping vlan 2

interface range f0/1 - 24
switchport access vlan 2
switchport mode access
spanning-tree portfast
ip dhcp snooping trust
exit

interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan all
exit

interface Gi1/0/24
power inline reset
power inline high-power
power inline limit none
power inline priority critical
exit

end

D3savage · ‎04-30-2019

Hi .... hope I can get some constructive feed back ...... I want to use the 3750G as my key networking switch from which point ....... some little un-managed switches connect to it - to feed in peripheral sources in various rooms. My Huawei B525 modem router is configured with 5 fixed ip's and the rest DCHP 192.168.1.6 to 255 The router's IP is 192.168.1.1

I intend to give this switch an ip of 192.168.1.3

Presently my switch has no config at all.

I think i need to create a Vlan1 for un-managed routers to connect to .....

I also want to use POE for various ubiquity peripherals ........ I think I need

to apply - some code to force the ports to deliver max power....I have included a line just before the end to accommodate this..........

At the start I thought it a good idea to set up basic passwords........

Please bear in mind this is the first attempt at trying to configure my switch....can I have some advice - feel free to modify my attempt ....... kind regard

Richard

Mark Malone · ‎04-30-2019

seen your mail

I think i need to create a Vlan1 for un-managed routers to connect to .....
Already enabled by default , all switches come with vlan 1 , cant be turned off but you can enable vlan 1 interface put and iip address on it for reach ability , thats all it does on a layer 2 switch

I also want to use POE for various ubiquity peripherals ........ I think I need
to apply - some code to force the ports to deliver max power....I have included a line just before the end to accommodate this..........
if there not using default POE settings , each interafce may require command , power inline max wattage x , use the ? function to see what commands are available under the switch

here is some basic switch config to get it going

service tcp-keepalives-in
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
service compress-config

enable secret (Yourpassword)

username netsupport secret (yourpassword2)

line vty 0 4
login local
exec-timeout 30 0
length 0
transport input ssh

########################
backup config every day to flash

archive
log config
logging enable
path flash:Archive.cfg
maximum 2
write-memory
time-period 1440

#######################
Interface config

interface GigabitEthernet12
switchport access vlan 1
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable

#####################

ip default-gateway 192.168.1.1

#####################
turn on ssh

ip domain-name test.com
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface xxxxx
ip ssh version 2

crypto key generate rsa (hit return type 2048 and hit return again to generate keys)

#########################

D3savage · ‎05-01-2019

1) Many thanks for this .......... just a couple of noob things.......is it ok to compile a complete config .... then cut and paste it in all at once.
2) When I go into the switch ...... I get Switch# ........ should i go into console mode before putting in commands..........I seem to get "% Invalid input detected at '^' marker"
3) If I do a command like line
vty 0 4
login local
exec-timeout 30 0
length 0
transport input ssh

then separately go onto other things ........ in other words compiling a fragmented config ........ can I the use the wr command to write - - - will the whole config be written.

Richard

Mark Malone · ‎05-01-2019

Hi
1 you may run into issue trying paste the whole lot in , section by section is better few lines at a time , or save it as a .txt or .cfg file and upload it to flash then copy file from flash to startup then startup to running config and save it , another method i use when rebuilding switches if its a massive config like few thousand lines

2 your in the correct mode already # ,you need to be in configure mode to add config --- type configure terminal --- hit return . code will take then

3 wr saves the config you have put in so far or copy run start

D3savage · ‎05-08-2019

I have been checking out what I think I need to do .......... to get my unmanaged switches to work on the end of the cisco............

I think i may need 2 Vlans, Vlan 1 would be a specific trusted dchp port from my router which serves out ip addresses - this would plug into port 1

Vlan 2 would be a dchp trust all - this would be ports 2 to 24

Q. is the above ok??? if I did the above - it feels clunky as Vlans need hard wired jumpers...(don't they??)- to communicate - therefore I would end up having 2 ports on Vlan1 and 1 on Vlan 2 to get this to work.........

I am keen not to get port forwarding loops .... with the various unmanaged switches I have....or am i worrying over nothing???

Mark Malone · ‎05-08-2019

unmanaged switches should just work on vlan 1 and all you should have to do is connect it to any port on the switch thats in the default vlan and has not been changed , to prevent STP loops do not dual link the unmanaged switches as they dont understand STP , you can then add bpdfilter to that port too , this will prevent loops

D3savage · ‎05-08-2019

Hi the problem I am having is my Cisco switch with virtually no config .......... (ie clean) will not let through ip's from my local peripheral switches ......... it will work with a single computer....not an un-managed switch. So i need to config switch to allow the ip to pass through .......... I think I need to use..........

enable

configure consul

ip dchp relay information trust all

(also possibly enable dchp snooping trust???)

I have enc a mini diagram of my network......

D3savage · ‎05-08-2019

Hi the problem I am having is my Cisco switch with virtually no config .......... (ie clean) will not let through ip's from my local peripheral switches ......... it will work with a single computer....not an un-managed switch. So i need to config switch to allow the ip to pass through .......... I think I need to use..........

enable

configure consul

ip dchp relay information trust all

(also possibly enable dchp snooping trust???)

I have enc a mini diagram of my network......

Georg Pauwen · ‎05-08-2019

Hello,

all ports are using Vlan 1 by default, so even without any configuration, the switch should allow all traffic. How are the ports linking the unmanaged switches to the 3750 configured ? Post the full configuration of the 3750...

And what brand/model are the unmanaged switches ?

Mark Malone · ‎05-08-2019

as Georg said the switch does not block anything by default , its open completely
why dont you run the DHCP off the switch then instead of the router as an option , maybe the devices are having an issue speaking with Huawei via DHCP , you could check this with a wireshark of debug the DHCP traffic