Having an issue getting my DMZ vlan working. Running my ASA5505 and i have configured e0/2 for DMZ w/ VLAN ID 3. Connected to my 2716 on port2.Inside e0/1 w/ VLAN ID 1. Connected to my 2716 on port1.
I am trying to get my DMZ Vlan to ports3&4 (LAG1) but when i assign the LAG group to PVID 3 i lose connectivity on VLAN1. I want to send both VLANs to that host because the teamed adaptor is used for Hyper-v Network Switch.
If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
Does it depend on the switch? We have new 2960's running 12.2 and a few older 2950's running 12.1
Unfortunately I do not remember the model and the switch is a couple of hours away without remote access.I have 4 vlans on a procurve switch.
VLAN1 - Network Devices (Server, printers, WAPs)
VLAN100 - Admin (Office workers)
VLAN200 - Teachers
VLAN300 - Students
There is a server doing DHCP. There are 4 ranges of IPs 1 for each VLAN.
The router is on Port 44. VLAN 1, 100, 200, 300 - Tagged
The Server is on Port 46. VLAN 1 - Untagged
The WAPs are on Ports 1, 11, 31 VLAN 1, 100, 200, 300 - Tagged
All other ports are on VLANs 100, 200 or 300 - Untagged
The WAPs all have VLANs 100, 200, 300. Each VLAN on a different SSID.
I have IP helper with the server IP on VLANs 100, 200, 300.
There are IPs from the different subnets on their respective VLANs in the switch.
The gateway for each subnet is on a different subinterface on the router.
The router is a linux box. (Untangle)
The WAPs are not able to talk to the server, therefore no computers on the wireless networks can get an IP.The server can only talk to the router if I change port 44 to untagged.What combination of tagged and untagged ports do I need to make everything talk?
Do I need to put the VLANs on the subinterfaces of the router?
We are having one HP core switch and VLAN is configured on it. Four Nortel BES1010(24port) switches will be connected to this HP switch. We need to configure the VLAN tagging in the Nortel switches in order to make deices connected to nortel switches can communicate with devices in the VLAN.
View 3 Replies View RelatedI need some assistance in setting up VLAN's (802.1Q) accross two switchs, I want the same 2 vlan's on both switchs, how do i configure them to be connected and pass both vlan's traffic.VLANs from firewall are tagged at 3 and 8.Single port out from the firewall.The first switch is simple enough, port is connect at port 52 and configured from both vlan's then the individual ports are either on one or the other. The question is how do i connect the second switch so that it can also do both vlans. Assume I connect switch1 at port 51 to switch 2 port 52. Do I configure both ports to be on the same VLAN's. or do i setup LAG's.
View 3 Replies View RelatedI am currently tasked with setting up a network, pretty much from scratch, that requires some fairly hefty VLAN deployment. My hardware on hand (already existed so can't can't change anything easily) 5x ESW-540-48 Switches, 1x3750g switch, 1x2811 router. I don't believe the router should be required as the 3750 is capable of intervlan routing. [code]
Now at one point I actually had the VLAN's *working* in that I could specify an IP address and could ping to and from it! However DHCP wasn't passing despite numerous attempts with DHCP relay and IP-Helper configurations.Also I was having issues with VLAN 1 as the native VLAN, the ESW switches don't allow you to do much with them, as they 'weren't created by the user'. So tried switching that out to VLAN11 also but with very little success there (I had to change the native vlan on all trunks to VLAN 11)All the 10.x.x.x addresses need to be able to communicate with each other.All the ESW switches need to be able to handle their respective VLAN's as well as VLAN 1 (for Printers and wireless access points distributed around the building).
I'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.
Would like to know where actually this tagging happens ?
and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?
I have a sf300 with (2) vlans (1) ] vlan for data and vlan (100) is my voice vlan I have Vlan (100) tagged traffic, and my VoIP pbx as an access port only to vlan (100) all other ports are trunk ports with vlan (100) tagged and vlan (1) untagged traffic. I get no outbound audio on calls I can call out hear them fine they cant hear me. I am wondering if my tagged traffic leaving the phone is being striped and if so were. I have CDP turned off.
View 1 Replies View RelatedI rencently bought the E4200v1 router, to be wired together with my WRT610nv2 to form gigabit network for different floor network.However with the recent installation of fiber to home network offered by my local ISP, I would need router that capable for performing vlan tagging (500 for internet & 600 for IPTV).Would like to know if Cisco have any development plan to enable the VLAN option for:-
1. E4200
2. WRT610nv2
At the moment, I'm still stuck with the provider "home-made" router which lacks of Gigabit & dual band wireless.
We are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
View 2 Replies View Relatedwe have a base license ASA 5510, and been trying to get ICMP working to check that we're routing and not hitting any NAT translation. We have a VLAN280 setup to ISP for VPN link to remote site and another VLAN281 for internet access for internal users.
Users can browse internet from (name _inside interface e0/1 access port) which is fine. When I do a ping to remote office through the VPN I get a response pinging from VLAN280 name VPN_Link. When I do a ping from name inside interface I don't get a response both are security level 100 with same-security-traffic permit inter-interface configured.
Config:
!
interface Ethernet0/0
speed 100
no nameif
[Code]....
I have a 2960 switch connected to another. The I need to verify that vlan0010 on one switch is forwarding tagged traffic between the other switch it is hooked up to through the Gi0/1 port. How do I verify this? I have a server that's multihomed (Broadcom) on the other side an it is supposed to be on this vlan with one of it's network interfaces. We had a pwer outage and now it cannot communicate on this vlan. However, everything else on the vlan can reach all the other nodes accept this server in the front of my building. All the devices in the same room are linked to the same switch which has one port (fa0/17) on vlan0010 and can ping eachother just fine. The server is hooked to port 24 on my server room switch and Gigabit port one goes to a fiber converter all the way to the back. It then gets converted from fiber to cat5e again and links into the switch (2960) in the backroom.
View 5 Replies View RelatedI'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again
View 2 Replies View RelatedWe have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
I have a Cisco 1700 series router (i dont know exact series number) running:
ROM: System Bootstrap, Version 12.2(7r)XM4, RELEASE SOFTWARE (fc1)
ROM: Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(7)XR3, RELEASE SOFTWARE (fc2)
installed is a WIC-4ESW card.
This should be simple, cant get it working. in a nutshell... I'm trying to configure fa0 as a vlan "trunk" port trunking vlans 1 and 20 from my managed switch (switch is configured correctly) and i want fa1 on vlan 1 and fa2 on vlan 20.
another words:
fa0 tagged with vlan 1 & 20
fa1 untagged with vlan 1
fa2 untagged with vlan 20
Code:
! Last configuration change at 20:35:48 EST Sat Feb 12 2011
! NVRAM config last updated at 20:47:38 EST Sat Feb 12 2011
version 12.3
[Code] .....
I have a rather large network with multiple VLANs and routing. Here's the layout:
5540 subinterface = gi0/2.18 = 10.16.18.1/24 TRUNKED to a 2960
2960 has an interface set to VLAN 18 (no IP) goes to a Cisco 4507 with an int. set to VLAN 18 (no IP)
4507 then has a trunk to a Cisco 7206
7206 then trunks to a Cisco 3845
3845 trunks to a 3750 (single)
3750 (single) trunks to a 3750 Stack
3750 Stack has int. set to VLAN 18 that goes to a 3750(lab) w/ int set to VLAN 18 w/ IP 10.16.18.251/24, VLAN502 = 10.202.255.1/30,
VLAN510 = 10.203.255.1/30
3750(lab) then has a trunk that connects to ASA 5510 w/ subinterfaces: e0/1.18 = 10.16.18.253/24, e0/1.510 = 10.203.255.2/30, e0/1.502 = 10.202.255.2/30
ASA5510 then goes to Internet
Any trunks are set to allow all VLANs. From the 2960 to the 3750 stack it's obviously all Layer 2 with trunking.
Issue:If I sit at the 5540, I can ping 10.16.18.251 and .253 with no problems. I can also ping 10.203.255.1 with no problems. Problem is that I cannot get to the other subinterfaces on the 5510 for VLANs 502 and 510. How do I ensure that my trunk is set up right? I have a route in the 5540 pointing to the 10.203 and 10.202 using the 10.16.18.251 address. It seems like a traceroute gets to the 10.16.18.251 address but then it stops. What route should be on the 5510 to make sure it gets back? The default route on the 5510 points to the Outside. I think it's something to do with the trunk that's just something I don't understand yet.
5510:
show int ip bri:
Ethernet0/1.18 10.16.18.253 YES manual up up
Ethernet0/1.502 10.202.255.2 YES manual up up
Ethernet0/1.510 10.203.255.2 YES manual up up
[code]....
does SG200 support VLAN Trunking?
View 1 Replies View RelatedGetting a AIR-AP1141N to work with an existing SRP526.
The SRP has two VLANs and two SSIDS
- VLAN1 - Corporate Wireless
- VLAN100 - Guest Wireless
So far so good. Now we need to extend the Range of the Wireless and bought an AIR-AP1141N. And this AccessPoint works like a charm, BUT only with one SSID,
I configured in the Port Management Area of the SRP526 both VLANs on one Port and configured the Access Point for multiple SSID use, but i don't get an IP from the DHCP Server Range of the VLAN100.
Could it be possible, that die Access Point can not get the tag Information?
I have a number of class-'c's as a hand-off from my data center fiber to my 2960, which then sprawls the racks with about many 2950 switches, mostly 20 machines per switch. To allow machines on one 2950 to push data to another 2950 without routing back to my ISP's router(which costs money for bandwidth) isn't is possible to trunk one port on each 2950 to another 2950 and adding a addititional vlan8 to them. Then data jumps from 2950 to 2950 without going back to the 2960 or mainly not going back to my ISP's router. Is this the correct way to accoplish this with extra vlan and trunking the 2950's to each other or am I looking at this all wrong?
View 1 Replies View RelatedWe have two Cisco switches with one 3560 and one 3750 we have created a new Vlan 4 with IP 10.1.3.x 255.255.255.0 - no shut then assigne to gi 2/0/46 on the 3560 Vlan 4 ip address 10.1.3.x 255.255.255.0 no shut then assign to FA0/45. All interfaces are up up along with the Vlan up up, we can ping the local IP address bu not able to pint the other switch.
View 2 Replies View RelatedHaving problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
I have a HP Procurve 5406 connected to a Cisco 3560 on a temporary cat5e connection and I have Mitel IP phones needing to go on the Cisco switch.Ive configured the HP Procurve port to TAGGING both VLAN 10 (data) and VLAN 20 (Voice). NO is selected for default VLAN 1.The Cisco is configured on the port with switchport encap dot1q and switchport mode trunk.
Ive configured an IP for interface VLAN 10 and i cannot ping it from across the network. The interfaces are up and happy. I have tried changing the VTP status from transparent to server (VTP pruning is off) ive tried setting allowed vlans 10,20. Still not a think. The worse thing is that i have a working Cisco switch with the HP procurve that i checked the config on and its the same! The only difference is that the media type is SX over SFP in that case.
p.s not that im at this stage yet but i initially configure the FastE ports as trunks with native vlans because i was using non-cisco phones. On a spare port i convigured the voice vlan 20 and i say on the mitel phone that it was looking on vlan20! I didnt expect that, i thought the Voice VLAN ID was carried on CDP enabled devices only.
[URL] I am not savy configuring ASAs at all and I can't get it to work. We are switching to a SIP trunk phone system and I am in charge of setting up the ASA to not only make it work but also make sure that there's packet priority or QoS.I've never configured something like this and I was giving another set of instructions to make sure that this is working:
[URL]
Configuration:
My configuration is very basic:
3 interfaces - Outside/Inside/Guest
ASA Version: 7.2(3)
ASDM Version 5.2(3)
Firewall Mode: Routed
Solution: When I tried following the instructions on brian-kayser's blog I get an error when I'm sending the following command:
shape average
^ Invalid marker
service-policy PRIORITY-POLICY
^ Incomplete command
I think it's because my version of ASA doesn't have this functionality but I don't know.
Region : Malaysia
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP : Maxis
I bought the TL-WDR4300 almost 6 months ago using it on my TM Streamyx broadband service, it worked perfectly and this is indeed a very good product very reasonably priced too Kudos to TP-Link. The thing is shortly after purchasing it, I moved to Maxis Home Fibre Internet (more bandwidth). Following the ISP change the router has since went back into the box and had been there for 5 months now. This is because without the VLAN tagging feature or a Maxis mode, it is currently incompatible with Maxis Home Fibre Internet and will stay that way.I understand this is by no mean TP-Link's fault but I and many other WDR4300 owners on Maxis, if TP-Link could look into ENABLING VLAN TAGGING FEATURE/MAXIS MODE on this device. This I am sure would work with TP-Link sales as there are not many routers out there with this feature set and price range that could work with Maxis Home Fibre Internet.
I have a power conncet 6224 with routing enabled with several VLANs setup.VLAN Database: 6,8,10,90-254VLAN 6 is our management vlan10 is for our core network services (DNS, Domain, Exchange etc)90-254 are isolated vlans.What I need to accomplish is to prevent vlans 90-254 from communicating with each other and only allow communication to VLAN 10 and the internet. All internet firewall work will be handled by our Sonicwall. [code]
View 1 Replies View RelatedIm currently working on setting up a small network at home. I have a Dell 2716 and a dell 2650 server running windows server 2003. Ive already setup the dns and domain controller on my server. I have 3 desktops that will connect to the server. so far I have the following setup. ISP---> Dell 2716 --->dell 2650/ computers. I set the computers prefered dns to the servers ip. Im able to join the domain and log in but is there a better way to set it up. Also the server and computers are set to static ip.
View 2 Replies View RelatedI recently purchased a used 2716, and I just can't seem to access the web interface.i have a Cat5e cable running from my router to Port 1 of the switch. I have my laptop connected to Port 16 via a Cat6 cable.
I have internet access both on managed and unmanaged modes, so that's working just fine. I can't seem to access the web interface however. I've tried both IE9 and FF4.
I followed the instructions to hold down the "Managed Mode" button for 30 seconds, and then wait for the switch to reboot. I've done this a few times just to be sure. This should reset it, but when I try to access 192.168.2.1, it just tells me it cannot access this page.
How Can i Connect two switches 4505 using the trunking method,…
View 1 Replies View RelatedI have no previous Cisco switch experience. I just received a brand new SG200-08 switch. It replaces a small blue Trendnet 5 port switch. I configured the SG200-08 with a static IP address which is on the same subnet as all our wired devices, then I installed it and connected a computer and printer and another switch to it. The other switch is a Dell PowerConnect 2716. I suddenly have no network connectivity with the router any longer. When I plug the network cable that runs from the PowerConnect 2716 into the SG200-08, the link status light will not go on for that port. I am going to be replacing the Dell PowerConnect with a Cisco switch as well, the SG300-10.
View 6 Replies View RelatedI have a problem with the Cisco 881 router at one of our customers.It seems that after a "no shutdown" has been given on the Vlan interface, it still goes back to "administratevly down" after a reboot.So when I restart the router I always have to manually "no shutdown" the Vlan interface to come back up.While rebooting the router it also gives the following info in the console screen every time which is strange:
new interface Vlan1 placed in "shutdown" state.We tried several different firmware releases.
Replacing the router with a new Cisco 881 router did not work either. After they sent back the old Cisco 881 router we tested it here and there were no problems, we weren't able to replicate the problem.The configuration we use for the router is correct, we use it for hundreds of customers, so that can't be it either.The customer uses a fortinet firewall behind the router. Could it be that something inside the LAN of the customer that triggers the Vlan to shut down?
I bougth a used ASA 5505 on ebay which is experiencing this problem [url]... LEVELS or at least the described problem, if i touch the appliance while it is running it will somtimes go to this non working state as well
View 11 Replies View RelatedFirmware asa805-k8 was installed and saved on an ASA5505. Upon power failure the ASA5505 reverts to an older firmware, asa724-k8. 1) Is it normal for ASA5505's to revert to older version upon power failure. 2) ASDM/web browser doesn't work using IE--username and password brings to empty screen. how to revert back to later image.
"
# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
[Code]......
