cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2535
Views
0
Helpful
9
Replies

SG300 and problem with IPv6

CrackedJack1
Level 1
Level 1

I've got a bunch of SG300 Switches that are uplinked to a 2960s (some users need more ports at their desks than I have available ports at their desks). If someone has their pc plugged into the SG300 it seems every 24 hours they lose network access via IPv6. If I ping the domain controller from their PC (the domain controller is on a different vlan) it times out. Force the ping with IPv4 and it's ok. The fix is either disbale ipv6 (which I prefer to avoid) or they just need to unplug/re-plug their network connection and then it's fine.

The SG300 is setup in layer 2 mode.

If I disable IPv6 on PCs the everything is fine.

If I remove IPv6 from management vlan of switch (there is only the default vlan on the sg300) then I see the following behavior on PC:

Ping something else on same vlan and it will go by IPv6
Ping domain controller on different vlan and it uses IPv4 (not 100% sue about this)

If the SG300 is in layer 2 mode, why does it seem to be interfering with traffic? I have mld and igmp snooping enabled but I don't think that should cause a problem.
An unmanaged netgear that was in place before didn't exhibit these issues to the best of my knowledge.

I'm still trying testing to try and figure out exactly what's going on but perhaps someone has faced this issue before and can point me in the right direction?

Thanks

9 Replies 9

DJX995
Level 3
Level 3

Never had this particular issue but I have to pass along the same support advice I usually got from Cisco SMB division:

Upgrade to latest firmware and factory default the device.

Strangely enough, I have had this work for weird issues on their SMB gear.

Make sure to reconfigure by hand though, don't use a backup.

Just try one and see if it helps at all.

I know it sucks but Cisco SMB is not the same quality as their IOS stuff.

Thanks for the suggestions. In this case the switches were upgraded to the newest firmware when they were unpacked and configured at command line (easier to copy/paste a few lines than mess around in the web page). Maybe I need to factory default them again even though they were factory fresh to begin with? :)

Dang, I don't know then.

I have worked with some manufacturers (don't remember who) that recommended factory defaulting their devices when you get them because they might of left some testing data on them from the factory. However, this seems like grasping at straws in your case.

Hopefully someone else chimes in

I'm looking at a little netgear (gs108T) to compare vs the cisco.

The previous switch that was in place was an unmanaged gs108e but hopefully the 't' version is close enough.

Anyway, in the netgear it has an IPv6 address auto configuration mode set to disabled and in the ipv6 gateway has an address that starts with fe80.

On the cisco when I check the IPv6 addresses, I see 4, two multicast, 1 global and 1 local-link. The local-link starts with fe80.

I was playing with the settings on the cisco and found an option that seems to remove the global one and still allows ipv6 to work as expected on a pc.

Unfortunately I don't know what any of this means (my ipv6 skills are lacking) but maybe i'm on to something??

The thing is, you said the switch is in L2 mode, so nothing IP or IPv6 should matter. The only reason you need to configure any addresses on it are for management (if it's only operating at layer 2). L2 only looks at the MAC address. However, if you look at Cisco's SMB record (specifically the firmware for their SG200-08), you will see that sometimes, their software sometimes doesn't make sense. The SG200-08 is a L2 only device yet for about a year they release firmware that was blocking a port for some NAS/SAN applications.

Quick run down on IPv6 addresses:

fe80 is your link local, used to communicate with directly attached/same subnet devices. think of this address as your APIPA address in IPv4. This address is not routable and will be dropped at the first router. Ironically, this is the proper way to define your default gateway (specify the default gateway's link local address not it's global address).

The global address is your public, routable address. You use this address link a normal IP. Since there is no need for NAT in IPv6 you can think of this address as your public IP in IPv4.

There is much more info than just this but hopefully this clears some of your IPv6 questions.

This is exactly my problem. It's layer 2 only so why is this switch getting in the way.

Another weird issue I'm seeing now if I have 2 machine elsewhere on the network which can't ping my test laptop via ipv6 (ipv4 is ok) but my laptop can ping both of the other machines. The firewall on the laptop is disabled.

Change switches to the netgear and problem solved, everything works.

I'm thinking something stinks with the SG300 firmware at this point.

I have a Cisco SG300-10 and it's actually working pretty well as an access layer switch so I can't relate to this problem but I've owned plenty of Cisco/Linksys SMB switches and have seen my fair share of firmware bugs. Going to D-Link or Netgear may not be a bad idea. If you can afford it, the 2960-C is a great little access layer switch that actually runs IOS.

In the case of netgear, there's a certain behavior which is problematic for us in certain cases. Might have to invesitgate d-link or just go HP next time.

I did look at the 2960-C but it was a bit expensive so couldn't do it.

I'm opening a case with Cisco, maybe they can get to the bottom of this issue in a couple months :)

I found part of the problem I think while working with Cisco on the phone. I have unknown multicast filtering turn on (except for the uplink port) as the switch doesn't work correctly for snooping (ie. if there's a sender on the switch but not receiver, it will flood the packets to all ports even though i have a multicast router elsewhere on the network).

as soon as I enable flooding, I can get the ping working both ways. Not sure if this is related to the network dying every 24 hours but it's still interesting and I don't understand it.

Review Cisco Networking for a $25 gift card