Solved

SG-300 and Small workgroup switch

Posted on 2013-12-04
14
275 Views
Last Modified: 2013-12-11
Hope this is a simple question but it's driving me nuts.

I have a Cisco SG-300 switch which feeds several offices. In our training room because of lack of quantity of switch ports in that office we use a small workgroup switch (cisco 5 port) to connect 3 workstations. With a workstation connected directly to the SG-300 all is working fine. But when I connect these workstations through the workgroup switch things get weird.

All workstations use DHCP which is located on one of our servers on a different vlan. All other servers (resources) are generally on another vlan.

When the workstation is plugged into the WG switch it will receive the DHCP address ok but cannot connect to any resources on the network (printers, servers, internet, etc).
When that same workstation is plugged directly into the SG-300 everything works correctly.

This problem just started and it was working fine a few days ago.
The only change to the SG-300 was to add redundency through a LAG.
I have other workstations that plug directly into the SG-300 and they are working properly.

Thanks.
Richard
0
Comment
Question by:RichardPWolf
  • 8
  • 6
14 Comments
 
LVL 10

Expert Comment

by:djcanter
ID: 39696607
Do you have any port security enabled? smart port roles ?
0
 

Author Comment

by:RichardPWolf
ID: 39698257
None that I can find. The only thing that has changed recently is I LAGed two ports to our core switch.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39701151
Do you have any other problems with the LAG? Is it connected to another SG switch ?

Cant think of any reason that should affect the workgroup switch. Is the native vlan of the switch ports for the LAG the same on all 4 ports ? Is native VLAN of LAG the same on both switches as the original ports ?

The workgroup switch is not vlan aware, the SG  may be sending tagged traffic which the WG switch will process as native vlan traffic. Return traffic will not reach its destination in this case.
0
 

Author Comment

by:RichardPWolf
ID: 39701822
No observed problems with the LAG. I've got 4 SG-300s LAGed into a 3750G. All show as being up and I don't see any errors on any of the switches.

Your last comment might be the key. On the SG-300 on all ports "except" the LAG is vlan 9 only. On the LAG is vlan 1 and vlan 9. vlan 1 being the native. vlan 9 is tagged.

Should I set the port that the WG switch is on to untagged?
0
 

Author Comment

by:RichardPWolf
ID: 39701843
I spoke a little bit soon. Here's my SG-300 port configuration. The port that the WG switch is on is 7.
SG300-port-setup.docx
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39701845
if the wg switch needs to be in vlan 9, try setting the sg port to access mode vlan 9 untagged
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39701872
Interesting, all ports are access mode vlan 9 untagged. Are the ports configured the same as before the LAG was created? Or,was the single port that was the link to the core configured with as  trunk mode vlan 1 untagged, vlan 9 tagged?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:RichardPWolf
ID: 39701928
Not a hundred percent sure on the trunk ports as to which vlan was tagged or untagged. All other ports are access.
0
 

Author Comment

by:RichardPWolf
ID: 39701991
Could it be that because the ports are "untagged" for vlan 9 and the LAG is "tagged" be causing the issue?
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39702056
It shouldnt matter. Once the ports are joined to a channel-group, the channel-group should define the vlans.

try connecting a workstation to the wg switch. Look in the sg-300 address table and confirm the mac of the workstation is listed in the correct vlan. Check the core switch for the same thing.

At the core, is the lag configured the same, trunk mode, vlan 1 untagged, vlan 9 tagged?
0
 

Author Comment

by:RichardPWolf
ID: 39706834
I'll check the address more accurately. Right now I only see one MAC address on that port but I believe it's the WG switch mac. On the core switch (3750G) I don't see anywhere that it's defines tagged or untagged. Here is the config for the 3750->SG300 on the 3750.

port-channel load-balance src-dst-ip


interface GigabitEthernet1/0/1
 description Vlan 7 Primary
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,7
 switchport mode trunk
 channel-group 7 mode desirable non-silent

[edit]- Just checked and I can't get to the workstation (ping) from the 3750. Not sure where the ping is on the SG-300.
0
 

Author Comment

by:RichardPWolf
ID: 39708500
I got it working but I don't understand why. In going through everything from start to finish I found that my LAGs were not up in a bundle. I had connectivity with all workstations on that vlan but not through the WG switch which is what caused me to create this question. Well after a minor change to the core switch which allowed the LAGs to bundle up the WG switch started working. Below is a basic depiction of how the network is setup.


Core-Switch ------> SG-300--------->WG-switch-------->Workstations(3)

I'd appreciate some insight as to why this simple change allowed everything to work.

Thanks.
0
 
LVL 10

Accepted Solution

by:
djcanter earned 500 total points
ID: 39711817
Without looking at packet captures and arp tables in the switch, I cant definitively answer that question.

Glad to hear you found the issue.
0
 

Author Closing Comment

by:RichardPWolf
ID: 39711996
Thanks. I appreciate your help.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now