which option do you think is better? The idea is to use them as the core of the network,to route between several VLANs.
Options:
1 - Two 3560 with HSRP
2 - Two 3750 stacked with cross-stack etherchannel to the access switches
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
I'm troubleshooting a 3750 switch stack problem where computers are showing input and CRC errors. I'd like to be able to execute a "show interface" command that will show me only the line showing the switch port and the line showing the input errors, but so far I can't figure out a way of combining those two parameters.
If I do "show interface | include Ethernet[0-9]�" I get all the lines showing the port numbers:
GigabitEthernet1/0/1 is up, line protocol is up (connected)
GigabitEthernet1/0/2 is up, line protocol is up (connected)
GigabitEthernet1/0/3 is up, line protocol is up (connected)
[Code].....
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies View RelatedMy actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1
-----------------------------------
| 4500 |
-----------------------------------
interface Vlan1
ip address 10.10.0.2 255.255.0.0
ip helper-address 10.10.0.1
standby 1 ip 10.10.0.1
[code]....
I will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
View 2 Replies View RelatedI am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies View RelatedI'd like to establish a more robust border router/switch redundancy plan and would like to know if this seems like it would be reliable.I'm looking at using a couple of 3945 routers and 3750 switches in the configuration shown below.
The article found at [URL] outlines the config between a single switch and router but I am looking at doing this with dual routers and switches.
I plan to build improved redundancy in to my LAN by stacking two 3750s and teaming pairs of NICs on my Dell PowerEdge servers, with each cable of the pair going to a different switch.In my mind this provides redundancy for the NICs and the switches. Does this configuration will work, and also what type of teaming is supported, as I was planning to have one NIC active and one standby, but can I run this configuration with both NICs in the team as active with load balancing?
View 1 Replies View RelatedMy network consist of that network device. cisco catalyst 3750 with stackwise, 2xnexsus 5000 series and servers.servers connected to nexsus switch. nexsus connect to 3750.
Each server have two link, one of them connect nexsus1 and other connect to nexsus2 switch.(same traffic) each nexsus have one link to 3750. At 3750 the nexsus link configurate etherchannel. but the flapping occur at 3750.
i understand that at 2 nexsus link have the same server source mac address so the flapping occur at 3750. how i solve this problem?
Is it possible to use Port Security mechanism between two switch (3750 or 3560) ports while trunk has been configured? If it's not possible, is there any other way to ensure that no other Switch can be connected other then the one switch which has been configured/placed by a network engineer?
View 4 Replies View RelatedYesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
View 4 Replies View Relateddoes cisco switch 3560 or 3750 supports MC-LAg ? if yes, then on what IOS? if no, then what are the devices which supports MC-lag?
View 1 Replies View RelatedI am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
We have a couple of Cisco switches and connected a (Windows 7) laptop to one of them and it gets its IP address from a DHCP server.I can now ping the IP from all of the switches, no problem, also not when I log on to the core switch in the same VLAN as both notebooks. But from my (Windows 7) laptop, which is in the same VLAN as the target laptop, I cannot ping it.
I checked, default gateway is good on both sides, as are DNS servers.
Target notebook ---- Catalyst 3560 V2 switch === Core Catalyst 3750 switch (stack) === Catalyst 3560G switch --- My notebook
I have a 2611XM that I am using as a terminal server for my lab setup. Async is using octal cables. It works great with routers of all different models, but when I connect a switch of any model, it does not work. The connectivity LEDs don't even light (they do for the routers). The switches in question are 3750s and 3560s.
I have tried straight through from the octal cable to the console port of the switch, as well as a rollover with a converter, no luck. This does seem to be independent of configuration on the console port - even before the console port of the routers were properly configured, I at least had indication of physical connectivity.
We have ip arp inspection and dhcp snooping enable in couple of 3750 and 3560 switches. Everything works fine, excepted few case that DAI packet rate trigger and errdisable the port. Later on we found out that most of computer that trigger DAI is Windows 7 and especially when they are in sleep mode. Not sure if anyone experiencing it with Windows 7. Also we have it rate limit at 64.
View 2 Replies View RelatedI understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 Replies View RelatedI feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0
srr-queue bandwidth limit 50
On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps
On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
I believe the answer is yes, but incorperating more layer 3 features of our 3750's, I want to know if they fully support EIGRP or OSPF?
Also for a small business of 4 locations, each with a 10mbps fiber and a 1.5mbps mpls... wouldn't you say EIGRP would be easier? Want to look at making the failover automatic if the 10mbps fiber goes down between a site, then the network fails over to 1.5mbps mpls. When the fiber returns in service then the network automatically preferr the fiber again.
Currently we use static routes and if there is a provider outage we have to manually edit the config to flip flop the routes.
I heard that the WS-C3560E-24PD-S and the WS-C3750-48PS-S have a limitation on the number of 7945s supported (ie i can only run 10 or 15 on each switch before the power runs out). Any knowledge with these pieces of equipment verify the maximum supported? I'm having trouble finding documentation showing any maximums.
View 3 Replies View RelatedI have more than 20 Cisco switches in my office which is basically a soap manufacturing factory. The switches include Cisco 2950, 2960, 3560, 3750 etc. We have routers also which include 2821, 2951 etc. We also have Cisco WLC 2125 and LAP 1262 series. Sometimes all these devices management comes very tough to us.
We need to log on to different devices for troubleshooting/network management which sometimes becomes very tough to us. So I wonder if there any Cisco applications or tools by which we can centrally manage all these devices.
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
I have a 1-Port 3rd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1 in a 2901 that I want to configure for data only (T1 connection to the Internet)I don't see any options in the IOS for using this thing as a serial interface (data), only options for configuring PRI/ISDN.
View 5 Replies View RelatedI just recently got out of school and started my first job in the IT field. I'm at a small company and part of a 2-man IT team.One of our current projects is to look into upgrading our software based firewall (ClearOS free version) for a better hardware one. I was wondering what would be some good options?Our company has around 120 users that access our network. We have one 10Mbps internet line that comes to our head office, and is then shared with our six other branches. We're hoping to just get one device we put at our head office.some of the nicer features we'd like are AD integration, usage reports by user, easy to use interface, spam-filtering, and ability to block specific applications on websites (eg, only chat on Facebook).
View 1 Replies View RelatedI'm putting together a design for a new office with the following requirements:
10 VPN users.For Ethernet – 24 ports POE 10/100/1000
Probably go with VZ FIOS so EthernetAbout 2000 square feet so 2 WAP's should do it I'm thinking a CISCO881W-GN-A-K9 ISR with a SRW224G4P-K9-NA switch should do the trick. This will give me an integrated AP but I need a second one. Do I need to order an autonomous one or does the 881W do some sort of WLC function?
I was pondering on getting a certificate fro ma public CA to maintain easier configuration for end users. There will be a multitude of devices on this wireless network configured with 802.1x PEAP. (iPhones, iPADs, Droids, and PC's of course).
If you were to get a certificate from a public CA, I'm assuming this would be just a regular server certificate from GoDaddy, or Verisgn?
what is DOS command to list all servers related to network we are on home network not used to connect to any work network. Yet there are many different network and local servers and services listed as active in task mgr.Do not u have to hire servers
View 7 Replies View RelatedAfter moving my PC for the 3rd over the past year ive decided that having a more wire-"less" option may be the better option as supposed my previous method of having a 10m ethernet cable from my switch to my PC. ive looked at two options, first the powerline HD (was drawn toward the belkin 1gigabit ones as i have a gigabit switch) or to remove the cable completely and using a USB wireless dongle (similar to the Edimax EW-7811UN Wireless 802.11b/g/n 150Mbps Nano USB Adaptor) . i havent had much experience with these USB wireless things as i used be put off by the compatibility and config (software stuff). i have a 3com wireless 54mbps.. PCI card but i cannot install the drivers for it on my xp 64bit machine.
View 2 Replies View RelatedSo my router, the "Siemens Gigaset SE567", doesn't seem to want to allow me to access the router page.
Everywhere I've looked online tell me that the IP is http://192.168.1.254/ and default PW "default" and "telus". But no matter how many times I reset the router...going to http://192.168.1.254/ loads nothing.
The router SAYS Gigaset SE567 on it, and looks identical to the one in the picture...so theres no mistaking it for another router.
I have been using the old standard networking devices for years, 10/100 over CAT5 with Walmart off-the-shelf routers. Let's say I want to speed my network overall. I notice there are many systems and routers offering ten times that speed over wired and WiFi.I'm primarily interested in wired.
View 1 Replies View RelatedI brought a friend's computer home, thinking I could solve her problem but I'm at my wit's end. I cannot open Internet Explorer and Internet Options does not open from Control Panel. I followed other suggestions I found on your forum and on the net but nothing works. I cannot access the internet in any way (on that computer) and therefore cannot even supply you with a HiJack file. I tried several restore points and the only malware pgm on that computer is MalmareBytes (which found nothing). I cannot even run a anti-virus scan because that is no longer running - which is the reason I brougth her computer to my house in the first place. After several attempts of trying to open IE some times it stays open for a few seconds but most times it just flashes, then closes.
View 1 Replies View RelatedI recently upgraded an ASA 5505 that has the Advanced Endpoint Assessment License to 8.4(3) and ASDM 6.4(7). Now there are no options in ASDM for adding AV, Firewall or AntiSpyware versions and definition levels etc? I have checked Host Scan Extensions and enabled 'Advanced Endpoint Assessment ver 3.5.3.1' however when I click configure and attempt to add any AV etc there are none to select - the 'Add Products' box is just blank.I have AnyConnect 3.0.5075, CSD 3.6.4021 and have tried with the integrated AnyConnect Host Scan image and with the standalone Host Scan image (3.0.5077) and the behaviour is the same ?
View 4 Replies View Related
