SG 300-20

Unanswered Question
Mar 13th, 2011

HI guys, I have a questions: I replaced a HP2626 Layer 3 switch with an SG 300-20 which is also configured to act as Layer3 Switch.

Now I have two Issues and maybe I'm just too blind to see the solution, but at the moment it's driving me nuts.

1. Behind the Switch are 2 Microsoft Forefornt Firewalls behing tagged Ports acting as a Loadbalancer/Failover. They have a common IP working over IGMP Multicase. Which is not reachable.

2. If I'm doing a traceroute for example to the Headquater the first Hop, the SG 300-20 is not shown.

1     *        *        *     Zeitüberschreitung der Anforderung.
2    <1 ms    <1 ms     *     10.127.199.21
3    27 ms    26 ms    26 ms  10.127.198.3
4    27 ms    28 ms    27 ms  10.127.201.114

If I'm changing the Microsoft Forefont Firewall to work over Unicast the all problems nearly disappear. Traceroutes to the Company are working and the Loadbalanced IP is reachable, but the performance of the Forefronts is not usable, timeouts over and over again, thats why we where using IGMP Multicasts bevor.

Also over Unicasts the IP of the SG 300-20 is shown in the traceroute.

Thanks for your help.

Regards

Martin

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
alissitz Sun, 03/13/2011 - 20:22

Hello,

Unicast works and mcast does not ... hummm.

When you say mcast does not work, does this mean that one side will not see the other side when using mcast?  Meaning that the messages are not getting from one device to the other?

You have a L3 boundary between the two firewalls?  You also mentioned they are tagged ports ... are you running multiple vlans to each firewall?

I am not sure I understand your setup and how your have implemented lb.

Any chance you can have a single vlan for which both firewalls reside in?

What is the lb protocol?  VRRP? 

Many thanks,

Andrew Lissitz

mknecht1984 Mon, 03/14/2011 - 03:09

Yes, when MCast is enabled they cannot see each other and no messages are send. Yes we are running Multiple VLans to the Firewall. Also the Firewalls are Virtual Machnines, thats why we are using VLans. Both sit on Citrix XenServers. As a loadbalancing setup, it#s the basic Windows 2008 loadbalancing technic, I'm not quit sure which technic and protocoll they are using.

nimusell Sun, 03/13/2011 - 23:19

Hello Martin,

Did you configure both ports connecting to the Microsoft Firewall(s) as a LAG (link aggregation) ? This could be the issue here.

I would suggest to try configuring these ports as a LAG and also verify the multicast filtering settings.

Best regards,

Nico Muselle

Sr. Network Engineer - CCNA

mknecht1984 Mon, 03/14/2011 - 03:55

If I configure LAG, it makes no diffrence.

Is multicast filtering enabled by default?

Regards

Martin

alissitz Wed, 03/16/2011 - 07:52

Sorry for the delay in my response.

It sounds a bit that you are crossing L3 boundaries ...

When unicast works, what unicast addresses do you use?  Same subnet or different?

You have me intrigued to say the least.  Can you email me your contact info and perhaps a quick call?  Not sure if this would work, as I am just outside of NYC.

Thanks

Andrew

mknecht1984 Wed, 03/16/2011 - 07:55

I'm in Germany, but this should be no problem. Just tell me where to send the details.

alissitz Wed, 03/16/2011 - 08:18

Wowsers!

I loved Germany, cannot wait to go back on day.  I sent you a PM, but I may not be the right resource for you since we are in such different timezones.

Hummm .. the contact support numbers can be found here:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Can you confirm If you have different vlans and intervlan routing running?  Mcast on the same vlan is no problem, however when you want to route the mcast messages, then this become more of a config.  Do please let me know.

Andrew

alissitz Wed, 03/16/2011 - 15:54

Hello Wonderful Community,

Martin and I are working this offline ... and will post an answer once we make some progress.

All suggestions are appreciated, however stay tuned and a solution will soon be posted.

Many thanks,

Andrew Lee Lissitz

Actions

Login or Register to take actions

This Discussion

Posted March 13, 2011 at 12:23 PM
Stats:
Replies:8 Avg. Rating:
Views:864 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard