Recently I have installed near a hundred of SF-300 with the latest 18.104.22.168 firmware and the simple config: opt82 with arp inspection for access ports, rstp, management vlan. SSH and HTTP are disabled. Management IP addresses are statically assigned. Switches are in L2 mode. The problem is that after the random time period (from 15 min till 4-5 hours) switches suddenly stops to answer on ping, I can't access them via telnet. But the users on access ports are working without problems, they can renew addresses via dhcp, the binding table on switch is correctly updating. So, the problem is refers to the switch management access only. I can access the switch via console, and see, that:
1. TCAM is used by 7-15%
2. STP is correctly working
3. CPU load is 2-3%
4. Ping to gateway of other switches give the error: "PING: unable-to-send"
5. There is not ARP resolving
6. Even if ARP entry exists, ping failed with error from #4
I've make the mirror by "port monitor" from uplink port, and see via tcpdump, that:
1. Ping requests are coming from the uplink port
2. Switch didn't send an ARP requests when I try to ping something from it's console
3. STP packets and client's traffic are running without problems
4. At that moment, when the switch became inaccessible, there are any "strange" packets, switch just stops to answer on ping
If I reboot switch by "reload" or power cycle, it becomes available again for a random time period.
Can anybody helps to make permanent management access to the SF-300?
Hi Pavel, is this every switch or just a couple switches?
If you isolate one of the switches that has the symptom (disconnect all connections, does the management clear up after some time? Do you see a high increment of broadcast or multicast packets on any given interfaces?
-Tom Please mark answered for helpful posts
Please mark answered for helpful posts
SF-300 were installed to the new network segments, there are any another switch types, and there are 8..15 switches per vlan. There is the clear "star" topology, without rings. RSTP is running over the whole network.
Even without any clients on access ports, this problem is present.
I've connected single SF-300 to the uplink's Cisco port, without clients and downlinks, the problem consistently repeated. When I've connect the same SF-300 into the isolated test lab environment: server-cisco-SF-300-client, the problem disappear.
I've tested the different firmwares, so, from 22.214.171.124 till 126.96.36.199 this problem exists. On 188.8.131.52 this problem is absent, but I need an opt82+DHCP snooping+ARP inspection. Switching L2-L3 mode (switch-router) nothing has changed.
So, I'm sure, that the problem depends on some network traffic, but there are any strange or abnormal packets were captured by tcpdump. When I've connected to the "freezed" switch through console, the only problem I see, is that all L3 functionality terminated.
Article ID:4006 Configure Secure Shell (SSH) Server Authentication
Settings on a Switch Objective Secure Shell (SSH) is a protocol that
provides a secure remote connection to specific network devices. This
connection provides functionality that is similar...
Article ID:4982 Access an SMB Switch CLI using SSH or Telnet Objective
The Cisco Small Business Managed Switches can be remotely accessed and
configured through the Command Line Interface (CLI). Accessing the CLI
allows commands to be entered in a termina...
Article ID:5735 Convert Configuration Files using the Configuration
Migration Tool on Cisco Small Business Switches Introduction The Cisco
Configuration Migration Tool allows you to convert configuration files
from previous generation of Cisco Small Busin...