Cisco 3560G - LAN Party Network Setup?
May 20, 2012
I'm responsible for designing the network for a LAN party that will be held in October. There will be up to 400 participants and 25-30 crew members. 10 table rows, 40 participants and one 48-port gigabit switch on each table. Core network will be a couple of Cisco 3560G or similar. There will be 2xGbit between the table and core switches.So, how to set up VLANs and subnets for a 400+ people network?
1) Everything on one /23 subnet, or
2) Participants on one /23 subnet, separate subnets for servers, crew and wireless, or
3) Participants on two /24 subnets, separate subnets for servers/crew/wireless, or
4) Separate /26 subnets for each table switch and for servers/crew/wireless?
As far as I can see, the main disadvantage of all participants on one subnet is troubleshooting and isolating network problems - and the main disadvantages of separate subnets is more complex setup and that people cannot browse LAN games other than those on the same switch.
View 19 Replies
ADVERTISEMENT
May 24, 2012
I use wireless internet connection and I see “third party setup = Yes under configuration. Is it about sharing data or being monitored
View 1 Replies
View Related
Nov 22, 2009
I am trying to get a NAC demo running and am having some issues with a Layer 2 OOB, Virtual GW configuration. Currently I have 3560G switches and would like to assign ports to a vlan based on user roles.
My Auth VLAN is 110 and maps to VLAN 11
Guest VLAN is 11 (172.16.1.0/24)
Employee VLAN is 1
NAS Mgmt VLAN is 20 - CAS is 10.10.20.5 (this ip is setup on both eth0 and eth1 per documentation for L2 OOB Virtual GW)
NAM Mgmt VLAN is 30 - CAM is 10.10.30.5
Untrusted (Eth1) switchport is setup as a trunk allowing only vlan 110 and has a native vlan 999 to blackhole traffic.
Trusted (Eth0) switchport is setup as a trunk allowing vlan 1, 11, 20 and has a native vlan 998 to blackhole traffic.
I also setup a Managed Subnet on the CAS with IP 172.16.1.254 and VLAN 110.Switchport controlled by NAC is access vlan 110. When a machine connects an snmp trap is sent to CAM and is forced into vlan 110. If I try to put the port in another vlan CAM puts it back to 110 immediately. This all seems to be working well.The machine connected to the port gets a DHCP address from VLAN 11. When I initiate traffic from this machine, everything is blocked. If I open a web browser I do not get an authentication page. I also installed CCA 4.1.10 on the machine but it does not find a discovery host and the Login option is grayed out. The only way to get this machine to send traffic is to add a filter for it and force it to the ALLOW option. I did setup a default web login page but I seem to be missing something to get authentication to work. I am running version 4.1.8 with a demo license. The host running CCA is Windows Vista.
View 7 Replies
View Related
May 14, 2013
I'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
interface GigabitEthernet0/12
description Internal-FW Eth0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 109
switchport mode trunk(Code )
View 1 Replies
View Related
Apr 19, 2012
I have a 3560G connected to an ASA FW, both running layer 3 and hosting 6 or so VLANs. The switch is the default gateway for all VLANs (client request) and therefore see's all networks as connected. I used route maps to push the traffic from the switch to the FW so that it got firewalled before being delivered, but I cannot use one of the commands for failover should the FW fail (I wanted to route locally should the FW fail). If I placed all VLANs in their own vrf, NETA would not longer see NETB as a connected network and would follow the route to the FW's NETA interface. I could then inject the connected into each vrf but adjust theirf metric so that they are less preferable than the route to the FW. Should the FW route die, the next route would become active and traffic would route internally to the switch.
View 5 Replies
View Related
Mar 25, 2013
i have 2 no of 3560G in our core, now my requirement is to establish the redunent network like for the edge 2960G using stack or some other way ...
View 6 Replies
View Related
Mar 27, 2013
Any 3rd party CA to provide a root cert for the ACS & verify csr's generated by the 7925's? I've spoken with customer service at Verisign and GeoTrust and either i'm explaining it totally wrong or their not providing CA services for this type of secured environment. sHA1 using EAP-TLS.
View 1 Replies
View Related
Feb 21, 2013
I would like to use the NCS 1.2 to monitor Juniper SRX 210 firewall. When I try to import the MIB File from NCS, which show "Error: Failed to load MIB File "mib-802" because it is not in the resource path.what I can upload the MIB File from Juniper. [code]
View 0 Replies
View Related
May 2, 2011
I have came across some third-party ws-g5483's that I was thinking of using. But when I go to plug them in, nothing seems to happen. I have tried them in ws-c3548-xl-en and also a ws-c3524-pwr-xl-en with the same results. I know on the newer switches you can do the serviice unsupported-transceiver command but is there anything I can do to get these to work with older switches?
View 5 Replies
View Related
Oct 24, 2011
I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.In the connection profile i have set up that users should authenticate using both certificate and AAA.Due to a high security requirement, the user certificate is issued from a 3rd party. This is working fine and the user now need a valid certificate and a username/password to authenticate successfully.I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.Problem:If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password and her personal certificate.
View 1 Replies
View Related
Sep 4, 2011
Does any one used third party SPF in Cisco ASR 1002 series routers, does it supports them.
View 2 Replies
View Related
Apr 23, 2012
I am thinking about running some third-party unified communications apps under VMWare ESXi5 on a Cisco SRE 900 module. According to the Cisco docs, third-party apps are supported on these modules (see table below) but the app in question is NOT on Cisco's list below.
[URL]
Some questions:
1. As long as the third-party app is capable of running under VMWare/VSphere ESXi5, is there anything on the SRE that would prevent you from running this third-party app even though it's not on Cisco's list?
2. What is Cisco's policy on the use of third-party apps that are not on their list? For example, will they take a support call on the SRE running a non-listed app. (I don't want to void any sort of support contract through the use of a third-party app not on their list).
View 2 Replies
View Related
Oct 10, 2012
I have a school club, but our school does not allow any wireless networks within the school perimeters.Wired are allowed, but wireless are not allowed.I plan to host a LAN party for my club, and we will have about 20-30 people.We cannot have any internet access, and I have not touched a wired stuff, There is a 24 ethernet switch, and if I buy one, and suppose I buy another 24 ethernet switch (I know there is a 48 ethernet switch), can I connect those two 24 ethernet switches to make 47 ports?* For a LAN party without internet access, can we use an ethernet switch or do we use something else?* For 20-30 people, it is recommended that we have a ~8mbps upload speed. When ethernet switches advertise 10mbps, is that upstream & downstream? When all the computers are hooked to 24 ports, does the advertised 10mbps go lower? (I have seen 100/10 mbps, and I don't know what that means)
View 4 Replies
View Related
Jul 29, 2011
I'm trying to connect a few of my devices to the wireless internet at home.
1.Xbox 360
2.Galaxy Tab 10.1
3.My Touch 4g
All of them can recognize the the network they just will not connect. All my freq are good 2.4 or 2.5. WEP Key works no problem, just the minute I try to connect the galaxy tab and cell phone just says "remembered, secured with WPA/WPA2 PSK." The xbox when running the test connection fails as well.
Running vista x64 home premium on HP DV7 1270us.
View 14 Replies
View Related
Jan 13, 2012
I had something odd happen to my Dlink router DIR-651 model. During the early evening hours someone changed the SSID name of my Router. Nothing else changed that I could see right off. So I reset the router to Factory Defaults.
View 1 Replies
View Related
Sep 29, 2009
I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.
View 1 Replies
View Related
Nov 15, 2012
I have windows 7 clients (supplicants), D-link access point (authenticator), Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server). I want to setup EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password. I've done some configurations, but I did not get any result. in ACS 5.2 I get this error message: 11014 RADIUS packet contains invalid attribute(s): RADIUS Request dropped.
View 5 Replies
View Related
Apr 22, 2012
So since my web auth cert is expiring I got it renewed from VeriSign and they sent me back the file. Do I need to again combine the "myprivatekey.pem" file and the new one that I got and then load it on the WLC? Can't find any guidelines and instructions from Cisco on this. Or do I need to go through the whole regenration of CSR process again etc?
View 3 Replies
View Related
Feb 13, 2012
We have just installed a Cisco RV120W behind a third party firewall. All works correctly now, but we are struggling to get the Quick VPN clients connected. I have enabled port forwarding for PPTP & L2TP over IPSEC on the third party router, but still cannot connect (the RV120W was previously used as a primary router & worked perfectly). What ports do I need to open on the third party router to get this to work correctly?
View 4 Replies
View Related
Dec 16, 2011
I have a scenario.On our website, there is an option to pay mobile,electrycity etc bill from payment gateway (third party). when user click on that link, my servers(behind CSS) should go to paymrent gateway using their SSL cert (payment gateway SSL cert) and should provide payment gateway link to user on our website.
How to implement this scenario using CSS115003 ?
user access URL---click on Payment Gateway---My servers get authenticated from pyament gateway using their cert--revert back and provide payment gateway link to user on URL.
View 1 Replies
View Related
May 5, 2012
I'm fairly new to networking but I've learned quite a bit on my own without being educated. I'm trying to just figure things out on my gear. So for my LAN party i'm going to need an internet connection. I'm not going to rely on my venues subnet though so i want to create a new /24 subnet(250 hosts is good for a start). I want my subnet to be able to speak to the outside network too.
View 8 Replies
View Related
Oct 24, 2011
I am new to these forums and I have upgraded from firmware 1.00 on the DIR-815 to the 1.01 firmware and once I upgraded, I can log into Xbox, but can't host party chats or host game rooms. I also noticed that any and all messages sent from friends didnt show until I rebooted my console. Something is SERIOUSLY WRONG here and would like a MOD to comment on this.
View 12 Replies
View Related
Jun 22, 2011
Xbox works fine for some things, I can access Netflix, can download from live marketplace, etc, but cannot join a party and cannot play a game. Other people cannot join my party, cannot play my game. Error when I try to join a party is "Can't connect to xbox live party, there might be a network problem."
Xbox join party and games work fine when connected directly to comcast (motorola) modem.Dir-601, firware 1.02NA and 101NA. Hardware version A1.Port forwarding TCP 53,80,3074 and UDP 53,88,3074 - also included TCP 80 and 21 to no avail.
View 1 Replies
View Related
Mar 21, 2012
In CUCME if you do not configure any translation rules and leave the system mainly at default, when a call is routed to the PSTN the CUCME system sends the true calling party ID which would be a users extension number. Is it correct to assume that a CUCM server based system, when too left at the majority of default (without translation rules or stripping etc) that it will send the true calling ID to the gateway?
View 1 Replies
View Related
May 23, 2013
I've got a Cisco 1941 setup working fine for Cisco Anyconnect. Clients can connect to local resources fine. The issue I have is I need the remote clients to access a third party IP address but to do so they must do it through the VPN. At the moment only local resources are accessed across the vpn and if they need internet they use their own internet connection they are connecting with.I've added the below to make sure traffic going to the IP is going across the VPN.
View 4 Replies
View Related
Jun 8, 2013
how ISE support on third party LAN switch, if the requirement is doing 802.1X based flexauth.Refer to the diagram i attached; 01 topology.png
Concern 1: if the 3com switch with 802.1X feature, but still without the full feature to support FlexAuth, policy encforcement, DACL etc. In this kind of situation, will user still able to authenticate (using method PEAP-MSCHAP v2), but authorization just grant with permit any any?
Concern 2: Can i assume i authenticated the 3com switch using MAB? But this will cause endpoint with no 802.1X, am i right?
Concern 3: cisco switch C4507-E, loaded with IOS version Cat4500e-UNIVERSALK9-M, version 03.04 and Supervisor Engine :WS-X45-SUP7-E, is this platform is supported in Cisco TrusctSEC?
View 2 Replies
View Related
Nov 23, 2011
Contribute to our DCS IP Camera Third-Party Video Monitoring Software List.Do you have experience using third party software to monitor feeds from your DCS camera? Share your knowledge. post your contributions here: DCS Compatible Software(i.e. sticky at the top of the DCS Software board)
View 1 Replies
View Related
Sep 11, 2011
I have cisco 3560G with C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE1 Image. I want to configure it for EEM feature so that when my Gig 0/7 port goes on it will automatically shutdown the port Gig 0/1.
MPLS_WAN_NET#show event manager versionEmbedded Event Manager Version 3.20Component Versions:eem: (v320_throttle)2.1.50eem-gold: (v320_throttle)1.0.4eem-call-home: (v320_throttle)1.0.4Event
[Code]....
View 2 Replies
View Related
May 23, 2011
I am facing an issue with setting up dhcp server on a 3750G-24PS-S,IOS : c3560-ipbasek9-mz.122-58.SE.bin,the switch configuration is below,interface Vlan100 description ***Data Segment*** ip address 192.168.102.1 255.255.255.0 no shut!ip dhcp excluded-address 198.168.102.1 198.168.102.10! ,ip dhcp pool datalan network 198.168.102.0 255.255.255.0 default-router 198.168.102.1 dns-server 192.168.40.11,!,interface GigabitEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast.
View 2 Replies
View Related
Feb 17, 2011
I am not a network person, but I am not sure our Network Team is qualified either. For a long time we have been using a dying Cisco 2950 100/MB switch for imaging our computers using GhostCast. Multicasting on the 2950 was never an issue other than it was flooding the switch and making all the other ports unusable. But at least the multicast portion was imaging with decent times. We had two Intel Pro NICs teamed to get 200 MB/s and a typical multicast session was about 6.5 minutes. When using only 1 NIC, it takes about 8.5. Running two concurrent unicast or multicast sessions, well that is a different story. It then triples or quadruples the time.
Now we have a 3560G setup. A single session takes a little over 3 minutes. If we multicast off of this switch, the time is about 12.5 minutes. That is 4 minutes longer than the 2950! If I run 3 concurrent unicast sessions, it takes all of them between 3.5 to 4 minutes. So obviously there is an issue with multicasting.
The switch is in a lab separate from the production network. The server with our ghost images is plugged directly into the switch and so are the computers we are imaging. From what I was told from the Network Team is that IGMP snooping is on, but multicasting is off. He said that multicasting does not need to be turned on since all traffic is going through the local switch. Probably true since our old switch didn't have multicast turned on either, but it still imaged using multicast faster.
Below are some screen shots of the imaging. The first one is the 2950 using multicast to 3 laptops. The second one is the 3560 using multicast to 3 laptops. Finally is the 3560 using 3 unicast sessions to the same 3 laptops.
View 19 Replies
View Related
Feb 1, 2012
Where can the following information be found?
1. CEF table capacity (maximum)
2. Route table capacity (maximum)
I can issue "show ip cef sum", "show ip route sum" to see the current usage.
View 2 Replies
View Related
Feb 13, 2011
I want to setup a DC++ HUB for sharing data within the university local network. We have addresses of the form 172.31.*.*. These addressed are accessible within the university bu non routable outside on the internet. My plan is to setup a local HUB for DC++ for sharing data within the university intranet. So even if internet is unavailable data can be exchanged through LAN. This HUB must not be accessable outsied the university network.how should I do this all..implementing network sharing other than DC++. My basic idea is that everybody can share their data and the data is searchable from one common interface( Web interface is better option, if possible). And data featching should prefferably be from many hosts, using multiple connections so that speed can be improved..
View 4 Replies
View Related
Apr 19, 2013
I am currently working on my first ASA5510 configuration and am running into some issues. The ASA is running 8.2(5). The network setup is as follows:Layer 3 switch with 4 VLANs with ip routing enabled.All systems are pointing to the 3560 as their default gateway. ip route 0.0.0.0 0.0.0.0 10.20.100.30 (asa)The ASA is directly connected to the L3 switch on one of the VLANs. The other VLANs are not established on the ASA, but static routes have been created for them on the ASA.I am able to ping the ASA from the switches, etc.I am able to ping the switches from the ASA When connected to VPN Client to ASA, I am unable to reach anything behind it. When at the office, I am unable to reach the internet from the ASA.The following NAT configuration is in place on the ASA;
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
View 1 Replies
View Related
