Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
0
Replies

Reboot of SG300 28PP POE switch causes connection issues.

GarethGriffiths91
Level 1
Level 1

‎03-29-2018 06:36 AM - edited ‎03-08-2019 02:26 PM

Hi All,

 

I'm looking for some clarification on a very strange issue we're seeing with a Cisco SG300 POE switch at a customer site.

 

Quick overview:

Fortigate FW at site provide internet connection and a VPN for Management traffic (VLAN 500 172.20.19.0/24)

 

SG300 in Layer 3 mode providing inter-VLAN routing between two customer Vlans (100 - 172.16.1.0/24 & 200 172.16.2.0/24)

 

SG300 switch also providing DHCP for VLAN 100 and 300 (300 is guest wifi 192.168.1.0/24)

 

I've attached a diagram for clarity.

 

Our issue is that after a reboot, we lose management connection to the switch (We can still access the FW on it's 172.20.19.x address, so there is no issue with the VPN at site).

 

Logging on locally we can see that there is no config changes caused by the reboot.

 

To restore access we need to remove VLAN 500 from the trunk port to the Firewall (VLAN 500), save config, then Tag VLAN 500 in the trunk port again and then we have management access again.

 

The second issue we see is that DHCP stops working for Both VLANS 100 & 300.VLAN 100 is fixed by choosing any untagged port in VLAN 100, changing this to VLAN 200 (for example), the untagging it back in 100 and then DHCP works for all untagged 100 ports.

 

Similar issue is fixed the same way on VLAN 300.

 

We've upgraded the switch to it's latest firmware and still see the issue, I'll post the Config below to see if anyone can see any mistakes:

 

config-file-header
Wild-Flame-SW-01
v1.4.8.6 / R800_NIK_1_4_202_008
CLI v1.0
set system mode router

file SSD indicator plaintext
@
spanning-tree mode mst
vlan database
default-vlan vlan 500
exit
vlan database
vlan 1,100,200,300,400
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Guest
address low 192.168.1.1 high 192.168.1.252 255.255.255.0
lease 7
default-router 192.168.1.254
dns-server 8.8.8.8
exit
ip dhcp pool network InternalWAN
address low 172.16.1.1 high 172.16.1.253 255.255.255.0
lease 7
default-router 172.16.1.254
dns-server 8.8.8.8
exit
bonjour interface range vlan 1
hostname Wild-Flame-SW-01
username cisco password encrypted 92dcf5b65b5dc60d74740fee1337b30dbeb2067c privilege 15
ip ssh server
!
interface vlan 1
 no ip address dhcp
!
interface vlan 100
 name "Wild Flame"
 ip address 172.16.1.254 255.255.255.0
!
interface vlan 200
 name "Picture Exchange"
 ip address 172.16.2.254 255.255.255.0
!
interface vlan 300
 name "Guest Wifi"
 ip address 192.168.1.253 255.255.255.0
!
interface vlan 400
 ip address 192.168.0.254 255.255.255.0
!
interface vlan 500
 name Management
 ip address 172.20.19.253 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet3
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet4
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet5
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet6
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet7
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet8
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet9
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet10
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet11
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet12
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet13
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet14
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet16
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet17
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet18
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet19
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet20
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet21
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet22
 switchport mode access
 switchport access vlan 100
!
interface gigabitethernet23
 switchport trunk allowed vlan add 100,300
!
interface gigabitethernet24
 switchport trunk allowed vlan add 100,300
!
interface gigabitethernet25
 switchport trunk allowed vlan add 100
!
interface gigabitethernet26
 switchport trunk allowed vlan add 100
!
interface gigabitethernet27
 switchport mode access
 switchport access vlan 200
!
interface gigabitethernet28
 ip address 10.0.0.2 255.255.255.252
 switchport trunk allowed vlan add 100,200,300
 switchport default-vlan tagged
!
exit
ip default-gateway 10.0.0.1

 

Labels:
Preview file
53 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents