Wednesday, September 29, 2010

Review of the Cisco SF 300-08 Small Business Switch


Yesterday I received the first new switch for our stable of test switches in a couple years. It's on of a brand new series from Cisco that was just announced last week called the Cisco Small Business 300 Series Managed Switches, and I'll have to say - I'm impressed.

I opened the box and found all the hardware I needed to either rack mount it, mount it on a wall or table and a 'wall wart' style AC adapter power supply. The first thing I noticed about the AC adapter was that it was narrow and had the AC prongs turned 90 degrees from usual - this allowed me to drop it right into a standard power strip without wasting two or more places in the power strip. I did thumb through the Quick Start Guide to get the login info and learn about the configuration.

So after powering down most of the computers, I put the new SF 300-08 8 port switch into our network. I'm replacing (sort-of) a workhorse HP Procurve 2524 with this Cisco switch because it uses less power and is less noisy - no fans - I really only use 7 ports on a daily basis. The older switch is still there for testing and expansion when needed.

As soon as I put it in, the switch used DHCP to get a network address from our server. This was handy, but I will be changing it to a static IP later. The fact that it can use DHCP is a very nice feature because this means you don't have to connect the included serial port cable or take a laptop and change the laptop IP/mask to match the factory defaults.

The next thing I need to do was test it with our Managed Switch Port Mapping Tool. A quick check with the tool determined that SNMP is not active out of the box. So using IE8, I logged in with the default credentials that I found in the Quick Start Guide and the first thing it asked me to do was change the password. Right away I was presented with a change password window complete with a Password Strength meter that shows the strength in red-yellow-green. After getting past that point, the web based interface was clean and well organized, in fact much better organized than I expected. The web interface can best be described as 'outlook' style with a control panel on the left and user interaction windows on the right.

I also found it easy to set the switch time clock by having it get the time from the computer from the Administration controls. I could have also selected SNTP options.

Since the Managed Switch Port Mapping Tool uses SNMPv1 or v2c (v3 coming soon), I had to enable SNMP. I found that to do this, I had to change settings in two places. The first was to enable SNMP, this is done on the Security - TCP/UDP Services window. Next I had to create access to the OID data by creating an SNMPv1/v2c 'community' associated with a 'view'. The default 'View' gives you access to the whole .1 OID structure, so that's the one I chose. There are many other options for excluding portions of the OID tree depending on the 'view'. Essentially what I chose amounts to allowing full read access via SNMP v1/v2c for my computer's specific IP address (SNMP Management Station). once those settings were in place, I was able to run the Managed Switch Port Mapping Tool.

Right away I had the results I expected to see. The list of 8 ethernet ports with MAC addressess and IP addresses. The duplex mode info showed up (always an issue since standardization eludes switch manufacturers) and the Spanning Tree Protocol info was there and appeared correct. There are two things I need to look into: First, every port that had a MAC address had a VLAN 1 entry as I would expect, but what I didn't expect to see was a second VLAN '0' not associated with any MAC address below it. I'll have to find out where that is coming from. It does not seem to affect quality of the results. The second issue is that the physical ports are called e1-e8 and there are a second set of ports ch1-ch8 that are also labeled as ethernet. They are disabled and have an ifIndex beginning with 1000. The e1-8 ports are ifIndex 1 through 8. I also noted that BRIDGE-MIB::dot1dBaseNumPorts.0 = 16 which means the software probably supports the 16 port version even though this is an 8 port device. Just an interesting observation.

It appears that the SNMP implementation of this device is a departure from other Cisco switches in that 'community name indexing' is not supported. This has been historically used in Cisco switches to obtain the Bridge Mib information on a per VLAN basis. This does not affect our results since the device appears to fully support Q-Bridge Mib and that gives us access to VLAN specific port assignments.

Here is a screenshot of the Switch Port Mapping Tool results for this switch.









This is our web analysis report of the Switch Port Mapping Tool results.



Bottom Line: This is a very powerful switch for the money. I've barely scratched the surface with its capabilities. There is direct support for IPv6, QOS settings, access lists by IP or MAC address, logging and actually far more than I expected for under $200. I used the help system and found that it was very readable and clear unlike much online help you find today. I highly recommend this switch series based on what I've seen so far.

Reviewed with switch firmware version 1.0.0.27.

Tuesday, September 28, 2010

Friday, September 24, 2010

Week Recap

It's been a busy week. I spent alot of time dealing with CRT issues moving the SNMP tool set into NetScanTools Pro 11. The final set of SNMP tools will be put in there today, then I have to finish up a few tools that were left unfinished.

Yesterday I ordered a new Cisco 300 Series Managed Switch from Newegg to see how it performs with the Managed Switch Port Mapping Tool. This is a new series of switch that Cisco announced on Wednesday. The documentation says that it supports SNMP v1, 2c and 3, so I want to see if it can be mapped from the switch port mapper. I should be getting it on Tuesday, so I'll replace an old Linksys Etherfast 4116 with it, then we'll see what happens. I'm curious to know if the SNMP implementation follows the Cisco codebase or is a continuation of the old Linksys code. I guess I'll find out.

I'm also looking for boxshot software - I don't know which is the best, so I'll take any comments.

Tuesday, September 21, 2010

Managed Switch Port Mapping Tool v1.99.1 Released

I have not said much about this tool in this blog. Here is a brief synopsis. Network Switches come in generally two flavors: managed and unmanaged. Managed Switches have an IP address and can have all kinds of internal parameters monitored and changed, as opposed to unmanaged switches that simply they do what they do without any user control.

Managed Switches usually have more than one way to manage them, the most common being a web interface, followed by SNMP v1, v2c and sometimes v3, CLI through telnet and finally a console connector on the front or back. Our tool uses SNMP v1 or v2c to communicate with the switch (or switches). [we will be adding support for SNMP v3 in the next major release of the program]

What it does: The Managed Switch Port Mapping Tools talks with the switch and 'maps' or analyzes the information to remotely find out the mac addresses of devices attached to the physical ports. It also attempts to find the IPv4 addresses that match the mac addresses and shows you many other parameters from the switch.

This tool is very useful to network technicians who must figure out what devices are attached to switch ports.

This new release fixes a few problems and enhances the speed and ability to map switches. You can read about it two places:
http://www.switchportmapper.com/
or
http://www.netscantools.com/spmapmain.html

Download a 30 day trial copy today from either site.

Tuesday, September 14, 2010

XBox 360 Slim Wireless MAC Address Problem?

Last night at midnight my son bought Halo Reach and the new XBox 360 Slim. When I got up he told me he couldn't connect to the wireless router. The first thing I did was check his XBox wireless settings which looked OK. Then I had him note down the XBox wireless MAC address from advanced settings - while he did that I noticed that the 'Wired MAC address' was significantly different.

Then we went to the router and checked the MAC he had entered in the list of authorized MACs in the MAC Filtering list. Fine - he typed it in right. Then I had him view the router logs. I saw right away that the MAC address that the XBox was trying to connect with was not the 'wireless' MAC address - it was the Wired MAC address. He change the router filter MAC list to match the Wired MAC address - problem solved.

Seems like an OOPS! Hope this helps someone.

Kirk

Thursday, September 9, 2010

Podcast with Keith Parsons wirelesslanprofessionals.com

On September 7th, Keith Parsons of wirelesslanprofessionals.com interviewed Kirk Thomas about NetScanTools Pro and how it can be used by wireless LAN professionals. We covered a wide range of topics including using the Managed Switch Port Mapping tool and we even touched on NetScanTools LE. Keith operates almost entirely in a free roaming wireless world and focusses on the Wireless Lan aspects of life. He teaches classes, is a consultant and is an authority on wireless networking.

Now that I have your interest, please check out: wirelesslanprofessionals.com

If you blink, you might miss the 40% discounts for NetScanTools Pro and the Managed Switch Port Mapping tool that are talked about on that page. Go listen to the podcast today!

Kirk

Thursday, September 2, 2010

NetScanTools LE Reviewed Aug 31, 2010

Kevin Beaver of 'Hacking for Dummies' and other 'for Dummies' books fame wrote an excellent review of NetScanTools LE on August 31. Please check it out here on his blog:

http://securityonwheels.blogspot.com/2010/08/netscan-tools-le-must-have-for.html

Thanks Kevin!

NetScanTools LE 1.30 Released Sept 1, 2010

Yesterday we released NetScanTools LE 1.30. This new release has many minor fixes and at least one fairly major bug fix: if you were using Automated tools and entered a long domain name AND had 'IP to Country' checked, it would shut down when it got to the IP/Country section. This problem has been fixed. We also did a lot of minor user interface fixes. We also updated WinPcap to 4.1.2 and SQLite to 3.7.2. As usual we updated the whois server and IP to Country databases.

If you already have NetScanTools LE 1.2 or earlier, simply start it, look for the notice that a new version is available and follow the instructions. If you have a purchased copy, it will find your keys. If you have a trial copy, you will get a new 30 day trial.