We have an SG350-28P as the core switch at one of our sites and intermittently, users connected to VLAN 7 (192.168.9.0/24) advise that they lose internet access. At the time of the issue, the switch cannot ping the router (Cisco 887VA, 10.1.9.1, VLAN7 192.168.9.1).This has happened three times in the past fortnight and remains unresolved until the switch is powercycled.There's one SF302-08PP behind, but this is just used for phones on VLAN 101, not using VLAN 7 at all.There was an ACL attached to this VLAN, I have temporarily disabled that for troubleshooting purposes. Detailed in the config below, but not attached to the VLAN.Feels like routing, but the default route is configured the same as our other sites. This config is virtually identical to that of other sites.FW: 2.5.9.54 (current).Recent changes:This was sitting on 2.4.5.71 for a long time, but updated within the past month to improve security. I haven't seen this problem with any other sites upgraded to 2.5.9.54.The SF302-08PP was reconfigured from an access VLAN 101 switch to L2 with VLAN 1/101 for manageability, but it's not used on VLAN 7.Some assistance would be greatly appreciated.I can't do a swap just yet, it's a 4 hour round trip and I don't have any spare SG350s to rule out hardware, and I don't have space in this rack to replace it with a CBS350 (deeper).Config follows, business-identifying and other irrelevant data have been removed & port configs condensed.config-file-headersw-sitename-adminv2.5.9.54 / RCBS3.1_930_871_120CLI v1.0file SSD indicator encrypted@ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 !!unit-type-control-start unit-type unit 1 network gi uplink none unit-type-control-end !vlan databasevlan 7,55,101 exit...ip dhcp server ...ip dhcp excluded-address 192.168.9.1 192.168.9.30ip dhcp excluded-address 192.168.9.250 192.168.9.254ip dhcp pool network BUSINESS-DHCP-POOLaddress low 10.1.9.1 high 10.1.9.254 255.255.255.0 lease 7 domain-name domainname.com.audefault-router 10.1.9.1dns-server 10.1.3.58 10.1.3.59 10.1.1.48 10.1.1.49exitip dhcp pool network FREEWIFI-DHCP-POOLaddress low 192.168.9.1 high 192.168.9.254 255.255.255.0 lease 7 domain-name freewifi.domainname.com.audefault-router 192.168.9.1dns-server 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4exit...no boot host auto-config no boot host auto-update bonjour interface range vlan 1...ip access-list extended ACL-IN-VLAN7permit ip any 172.24.0.44 0.0.0.0 ace-priority 20permit ip any 10.1.3.56 0.0.0.0 ace-priority 25permit ip any 10.1.3.147 0.0.0.0 ace-priority 30deny ip any 10.1.0.0 0.0.255.255 ace-priority 40deny ip any 10.55.0.0 0.0.255.255 ace-priority 60deny ip any 10.101.0.0 0.0.255.255 ace-priority 80permit ip any any ace-priority 160exit...ip domain name [removed]ip name-server [removed]ip domain polling-interval 8!interface vlan 1ip address 10.1.9.254 255.255.255.0 no ip address dhcp !interface vlan 7name PUBLIC_WIFI ip address 192.168.9.254 255.255.255.0 !...interface range GigabitEthernet1-8, 11-19power inline never [these are access VLAN 1 ports]!interface range GigabitEthernet9-10,20-22description TRUNK-TO-APswitchport mode trunk switchport trunk allowed vlan 1,7,55 !interface GigabitEthernet23switchport access vlan 101 power inline never !interface GigabitEthernet24description LINK-TO-PHONE-SWITCHip dhcp snooping trust switchport mode trunk switchport trunk allowed vlan 1,101 power inline never !interface GigabitEthernet26description LINK-TO-ROUTERswitchport mode trunk switchport trunk allowed vlan 1,7,55,101 !exitip dhcp snooping ip dhcp snooping vlan 1 ip dhcp snooping vlan 7 ip dhcp snooping vlan 55 ip dhcp snooping vlan 101 ip route 0.0.0.0 /0 10.1.9.1 metric 1
View more