Announcement

Collapse
No announcement yet.

Cisco SG200-08P Smartswitch

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco SG200-08P Smartswitch

    Hi
    I have working on the configuration of the above switch which is being used as a stopgap solution until conventional Cisco POE switches can be purchased to power up new Cisco Aironet 1140 WAP. The smartswitch is connected to a 3750 with a trunk port configured: Native VLAN1, and a further 3 VLANS 51 & 52 secure & guest wireless and 254 Management.
    In order to get the smartswitch and WAP to work I have:
    Port 1 (POE) configured as trunk with a PVID 254, VLAN1 tagged,VLAN51 tagged,VLAN52 tagged,VLAN 254 untagged and is connected to the WAP
    Port 8 is configured PVID 1 VLAN1 untagged, and VLANS 51,52 & 254 tagged and connected to the 3750.

    I would have assumed that both these ports should have been configured identically. Unfortunately attempting to do so results in failure. I have tried various permutations without success. If someone could throw some light on why this could be it would be appreciated particularly as I have several SG200's to roll out.

    Thanks in advance.
    Last edited by agedmcse; 25th October 2012, 11:35.

  • #2
    Re: Cisco SG200-08P Smartswitch

    So vlan 254 is your native vlan from the AP to the SG200 right? The BVI interface on the AP has an ip in the vlan 254 subnet? The native vlan is configured correctly on the radio subinterface and the ethernet interface? All your vlans are configured on both switches and they show in the vlan database? You have dhcp configured for the subnets and any dhcp relay as well on the 3750? Routing is configured correctly on the 3750?

    Hard to say what the issue is here. You really dont specify what/what isn't working with your current config.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Cisco SG200-08P Smartswitch

      Hi Auglan,

      Thanks for the prompt response, I confirm that your understanding is correct. Everything works fine when configured as I have described, both devices can be managed and DHCP traffic can be passed on all ports regardless of whether tagging is configured for VLAN1 or not.

      The issue is that should I change the config of port 1 to match port 8 I lose connectivity to the WAP and if I change the config of port 8 to match port 1 I lose connectivity to the switch management (cannot ping) although I can still manage WAP.

      Am I missing something, as I say it all appears to work but I cannot understand why both trunk ports on SG-200 have to be configured differently.

      Comment


      • #4
        Re: Cisco SG200-08P Smartswitch

        The only difference I see in the trunks is the native vlan difference. The native vlan must be the same on both sides of the trunk. Also on the AP, if the native vlan is vlan 254 then the BVI interface used for management must also have an ip address in vlan 254. All traffic from the native vlan goes through the trunk untagged, hence why it has to be the same on both sides of the trunk. You could have used vlan 254 as your native on all your devices, or set vlan 1 (cisco default) as your native on all devices to keep some consistency. Typically from a security standpoint, is to not use the native vlan for any traffic. Normally cisco recommends to change the native vlan from the default of 1 to some other vlan and not use that vlan at all. Then create a separate vlan for your management traffic etc...
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Cisco SG200-08P Smartswitch

          Thanks for your comprehensive response.This would seem to indicate that it is the 1140 is the issue.I am confused particularly by the GUI when it refers to the Native VLAN as the management VLAN. I have tried toggling between both VLAN1 & VLAN254 and it makes no difference. I am wondering whether I should explicitly create VLAN1 in the assigned VLAN list shown as attachment. I am just running out of ideas.
          Attached Files

          Comment


          • #6
            Re: Cisco SG200-08P Smartswitch

            This link may help you out with the config via the cli.



            http://www.firewall.cx/cisco-wireles...242-mssid.html


            The native vlan does not have to be the same as the management vlan on switches and routers. The AP's however require that the native vlan be the management vlan as the BVI has to have an ip address in the native vlan subnet.
            Last edited by auglan; 26th October 2012, 13:20.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Cisco SG200-08P Smartswitch

              Hi,
              Yes, the link was useful and served to confirm that the 1140 config. was correct. You did however hit the "nail on the head" when you stated the native vlan should be the management VLAN on the WAP. I have changed the native VLAN on the 3750 port to VLAN254 and now both trunk ports on the SG 200 serving the WAP and the inbound from the 3750 are identical. The trade-off is no DHCP traffic is passed. I think I can live with that at least for the time being so thanks again for your help.

              !
              ! Last configuration change at 12:50:12 UTC Fri Oct 26 2012 by en
              ! NVRAM config last updated at 12:50:12 UTC Fri Oct 26 2012 by en
              !
              version 12.4
              no service pad
              service timestamps debug datetime msec
              service timestamps log datetime msec
              service password-encryption
              !
              hostname WAP-42-xxxx-xxx
              !
              bridge irb
              !
              interface Dot11Radio0
              no ip address
              no ip route-cache
              !
              encryption vlan 51 mode ciphers tkip
              !
              encryption vlan 52 mode ciphers tkip
              !
              ssid xxxx-Wireless
              !
              ssid xxxxxxxxxxxx
              !
              antenna gain 0
              station-role root
              !
              interface Dot11Radio0.1
              encapsulation dot1Q 1 native
              no ip route-cache
              bridge-group 1
              bridge-group 1 subscriber-loop-control
              bridge-group 1 block-unknown-source
              no bridge-group 1 source-learning
              no bridge-group 1 unicast-flooding
              bridge-group 1 spanning-disabled
              !
              interface Dot11Radio0.51
              encapsulation dot1Q 51
              no ip route-cache
              bridge-group 51
              bridge-group 51 subscriber-loop-control
              bridge-group 51 block-unknown-source
              no bridge-group 51 source-learning
              no bridge-group 51 unicast-flooding
              bridge-group 51 spanning-disabled
              !
              interface Dot11Radio0.52
              encapsulation dot1Q 52
              no ip route-cache
              bridge-group 52
              bridge-group 52 subscriber-loop-control
              bridge-group 52 block-unknown-source
              no bridge-group 52 source-learning
              no bridge-group 52 unicast-flooding
              bridge-group 52 spanning-disabled
              !
              interface Dot11Radio0.254
              encapsulation dot1Q 254
              no ip route-cache
              bridge-group 254
              bridge-group 254 block-unknown-source
              no bridge-group 254 source-learning
              no bridge-group 254 unicast-flooding
              bridge-group 254 spanning-disabled
              !
              interface Dot11Radio1
              no ip address
              no ip route-cache
              !
              encryption vlan 51 mode ciphers tkip
              !
              encryption vlan 52 mode ciphers tkip
              !
              ssid xxxxxx-Wireless
              !
              ssid xxxxxxxxxxxxxx
              !
              antenna gain 0
              no dfs band block
              channel dfs
              station-role root
              !
              interface Dot11Radio1.1
              encapsulation dot1Q 1 native
              no ip route-cache
              bridge-group 1
              bridge-group 1 subscriber-loop-control
              bridge-group 1 block-unknown-source
              no bridge-group 1 source-learning
              no bridge-group 1 unicast-flooding
              bridge-group 1 spanning-disabled
              !
              interface Dot11Radio1.51
              encapsulation dot1Q 51
              no ip route-cache
              bridge-group 51
              bridge-group 51 subscriber-loop-control
              bridge-group 51 block-unknown-source
              no bridge-group 51 source-learning
              no bridge-group 51 unicast-flooding
              bridge-group 51 spanning-disabled
              !
              interface Dot11Radio1.52
              encapsulation dot1Q 52
              no ip route-cache
              bridge-group 52
              bridge-group 52 subscriber-loop-control
              bridge-group 52 block-unknown-source
              no bridge-group 52 source-learning
              no bridge-group 52 unicast-flooding
              bridge-group 52 spanning-disabled
              !
              interface Dot11Radio1.254
              encapsulation dot1Q 254
              no ip route-cache
              bridge-group 254
              bridge-group 254 block-unknown-source
              no bridge-group 254 source-learning
              no bridge-group 254 unicast-flooding
              bridge-group 254 spanning-disabled
              !
              interface GigabitEthernet0
              no ip address
              no ip route-cache
              duplex auto
              speed auto
              no keepalive
              !
              interface GigabitEthernet0.1
              encapsulation dot1Q 1 native
              no ip route-cache
              bridge-group 1
              no bridge-group 1 source-learning
              bridge-group 1 spanning-disabled
              !
              interface GigabitEthernet0.51
              encapsulation dot1Q 51
              no ip route-cache
              bridge-group 51
              no bridge-group 51 source-learning
              bridge-group 51 spanning-disabled
              !
              interface GigabitEthernet0.52
              encapsulation dot1Q 52
              no ip route-cache
              bridge-group 52
              no bridge-group 52 source-learning
              bridge-group 52 spanning-disabled
              !
              interface GigabitEthernet0.254
              encapsulation dot1Q 254
              no ip route-cache
              bridge-group 254
              no bridge-group 254 source-learning
              bridge-group 254 spanning-disabled
              !
              interface BVI1
              ip address 192.168.254.241 255.255.252.0
              no ip route-cache
              !
              ip default-gateway 192.168.254.254
              ip http server
              no ip http secure-server

              Comment

              Working...
              X