Cisco Application :: ASA 3750 - ACE Routing Mode Designing

Mar 12, 2012

clients ---asa--3750--cisco ace--- servers behind vip
|
visa card transaction servers

I am able to setup a vip on ace using routing mode on ACE,as the  servers need to see the client ip ,so we are not  performing SNAT,this  part is working fine.
 
when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.
 
but if the transaction from the servers need to go to the visa card transaction servers ,how can we acheive this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.

View 2 Replies


ADVERTISEMENT

Cisco Application :: 3750 / Unable To Ping VIP In Bridge Mode

Feb 28, 2012

I am trying to setup ACE in bridge mode. Network topology is as follows:
 
1. ACE Gi 1/2 (client-side vlan) is connected to 3750 (vlan 40)
2. ACE Gi 1/3 (server-side vlan) is connected to 3750 (vlan 50)
3. Two real servers are connected to 3750 (vlan 50)
4. One client device (linux box) is connected to 3750 (vlan 40)
 
I am not using admin context. I have created a new one for user. I am unable to ping VIP (10.10.50.15) either from client linux box or from within ACE. 

access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
 probe http PROBE_CGNMS_WEB
  port 80
  interval 15
  passdetect interval 60

[code]....

View 6 Replies View Related

Cisco Switching/Routing :: 3750 - ASA Multiple Context Mode

Nov 16, 2011

Im looking for some clarification regarding running a Cisco ASA in transparent mode with multiple contexts.  To give you an insight into the network design we have the following -
 
Collapsed Core/Aggregation Layer running Cisco 3750s.  The 2 Cisco 3750s are using SVIs with HSRP for default gateways per customer with a total of 8 customers.  Each customer is segregated into seperate VLANs with Cisco 2960 switches used in the Access layer.  Each customer has 2 Cisco 2960 switches with redundant uplinks to the Core/Aggregation layer.  Customers are spanning tree loadbalanced between core/aggregation switches.
 
What i need to now do is add two transparent firewalls into the mix in either an active/active or active/standby setup.  I need the firewalls to support all 8 customers,  therefore I am guessing they need to run in multiple context mode.  Having read into this it has left me somewhat confused as to how to integrate them into the above setup as a bump in the wire so to speak. 

View 2 Replies View Related

Cisco Switching/Routing :: Single Mode Fiber Support For WS-3750 Switches?

Mar 5, 2012

I'm looking for switches that support single mode fiber connections and would like to know if "WS-C3750-FS-S Catalyst 3750 24 100BaseFX + 2 SFP" and "WS-C3750G-12S-S Catalyst 3750 12 SFP" can serve the purpose?

View 6 Replies View Related

Cisco Switching/Routing :: 3750 - Transition From Multicast Dense To Sparse Mode

Jun 19, 2012

A multisite network is currently supporting muticast using PIM dense mode, which is enabled on router/switch LAN and WAN interfaces across all locations. I am about to introduce Nexus switches to the main LAN. How can I make dense and sparse mode coexist to ensure flow of muticast traffic between devices supporting and dense and sparse mode? Eventually, I want to transition  to the sparse mode; however, it has to be done gradually, even within a single site. The leacy equipment includes Cat 3750 and  4500s.

View 2 Replies View Related

Cisco Switching/Routing :: Duplex Mode On HSRP Routed Port On 3750

Nov 15, 2012

What should the duplex mode to be set on a routed port gi0/21 that are running HSRP ? I try setting the gi0/21 to full, but it caused the port to be down. The only way for the port to be up is setting it to half duplex.
 
Cisco 3750 Switch
==============
interface GigabitEthernet0/21
no switchport
ip address 10.200.104.34 255.255.255.248

[Code].....

View 2 Replies View Related

Cisco Switching/Routing :: 3750 - 24TS / PAgP Port In Stand-alone Mode

Mar 23, 2013

Devices are 3750-24TS Switches, software version is 12.2(55)SE6. how to troubleshoot this issue, I have a pair of ports which are not bundling, no matter what. Is the same behavior with LACP or PAgP. In this outputs I have only the PAgP case.
 
Output is similar to:

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
12     Po12(SD)        PAgP      Fa1/0/23(I) Fa1/0/24(I)
 
Configuration on ports is simple:
 
SW1:
interface FastEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 12 mode desirable

[code]....

View 3 Replies View Related

Cisco Switching/Routing :: Create New Vlan On 3750 Switch With Trunk Mode

Jan 16, 2013

This is regarding VLAN creation on C3750E switch.I want to create new Vlan 94 on this switch and also I want to allowed same interfaces like Vlan 95 & Vlan 96. [code]

View 7 Replies View Related

Cisco Switching/Routing :: 3750 - Two Switches Connected With Single Mode Cable

Jun 4, 2012

I am troubleshooting a fiber connectivity issue.Now I have two switches, one is 3750, and another is small biz 300 series switch. Both switch has a single mode smf gbic. Now I have two swtiches face to face and connect with a single mode cable. Do you think if I would get a link light on? Both ports are no shutdown.

View 3 Replies View Related

Cisco :: Designing A Network Using Subnets?

May 5, 2011

I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets

View 9 Replies View Related

Cisco :: Designing Hierarchical Network - 300 Computers?

Apr 8, 2013

i am creating a network using the hierarchical for a small to medium business. basically i need, file server, sql database, web server, account server, app server, back able to use a phone. the network will have around 300 computers

View 2 Replies View Related

Designing A Small Home Network

Mar 7, 2012

I need to connect 4 desktops wired 2 laptops wireless, one led TV wired.I have beam 10mbps internet and I want to share it to all devices.I want one desktop to act admin for internet sharing on all other devices.

View 1 Replies View Related

Cisco Wireless :: 5508 WLC Designing - Interfaces And VLans

Oct 8, 2012

just have  few questions about designing WLC 5508
 
The  scenario is  that currently one of the client has a firewall Tie ring T1 internet facing and T2 internal which has multiple DMZ connected.
 
T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
 
Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
 
Now my question is as follow.
 
1- Keeping in mind that there is only one WLC where should i physically put it?
2- How guest users will work ? How the authentication will be done?
3-There are 8 SFP ports in WLC how physical topology will look like?
4-How many Vlans i have to make for wirless users  will that be 10? (1 at each site) ?
 
my last question is that how these ports work on WLC are they just like switch e.g  one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfaces concept)

View 3 Replies View Related

Cisco Application Networking :: Does ACE SM In L2 Mode Need Default Gateway

Jun 6, 2012

if ACE SM in L2 mode need the default gateway? We're running v. 3.2a.

View 8 Replies View Related

Cisco Application :: ACE-20 Module In Bridged Mode With Client NAT

Apr 15, 2012

Whatever a NAT is supported for ACE-20 module? I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure if the configuration below is correct. ACE module should be configured in bridge mode with two vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36. NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding "policy-map type loadbalance". Check two parts of configs and if the ACE config is properly converted from CSM and will be working in the same way (especialy for NAT). [code]

View 2 Replies View Related

Cisco Application :: Does ACE-30 Support Multicast In Routed Mode

Aug 30, 2012

We currently have ACE20's, which only support multicast in bridge mode.Was wondering if it's the same on ACE30's, or if Cisco finally implemented support for mcast in routed mode.

View 3 Replies View Related

Cisco Application :: 6509 - ACE Module In Bridge Mode?

May 16, 2011

We have a 6509 with an ACE module. For reasons I don't fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.

[Code]...

I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509. I have all the routes configured properly on the 6509 pointing to the ACE for these subnets. The question is though the config has been excepted, is there a limit to the number of secondary on a BVI. 

View 1 Replies View Related

Cisco Application :: ACE 6509 In Routed Mode Design For Deployment

Sep 4, 2011

Current topology in network is such: web servers with content needing to be load balanced are in vlan 35 and these servers are directly connected to Core switch (two 6509 VSS) via 20 Gb EtherChannel. Vlan 35 also spans some other switches with other servers residing in this vlan. Additionally, there are dozens of another vlans (including external users) that need to communicate with web servers. IP addresses of these two web servers are: 192.168.35.1/24 and 192.168.35.2/24 accordingly with default gateway 192.168.35.254/24 (SVI on Core switch). Currently these ip addresses are used by management and other purposes and need to be reachable for same purposes after configuring load balancing with ACEs - it is needed to have direct access to servers behind ACE. How I can do that using ACE in routed mode?

View 3 Replies View Related

Cisco Application :: ACE 4710 Context Configured On Bridge Mode

Sep 20, 2012

I have two ACE working on active-standby mode, I have one context configured on bridge mode, with two vlans, the client (vlan 100) and server (vlan 101) sides.I need to balance another service for two servers (different from the ones on the first context ) on the vlan 101, so as the documentation says i can't configure the same vlan on another context because it is already configured on the 1st context as bridge.so my question is the only way i could balance this service is to configure it on the same context??. or there is another way?.These are the design limitations that i have to do this:

1.- I can't change the servers IP address.

2.- The VIP which will answer the clients request is on the same IP network segment as the servers, for example: server1: 192.168.100.125, server2: 192. 168. 100.126, VIP: 192.168.100.124

View 1 Replies View Related

Cisco Application :: Managing CSS11500 Loadbalancers In Cluster Mode

Jul 1, 2012

This is a newbie question regarding CSS11500 series loadbalancers as I trying to get up to speed with managing them as part of my job.  I noticed that there are a couple of CSS "clustered together" since I see they are managed using a single ip address.
 
My question is around how to establish a session to each individual device in this cluster, if at all possible?  If is not possible, how do manage the secondary device in this cluster to perform tasks such as copying new software to it, backing it up, etc.?        

View 1 Replies View Related

Cisco Application :: 6509 - ACE Module Context On Bridged Mode

May 8, 2013

I am desiging a topology with two Cat 6509 and Two ACE Module, one ACE per Catalyst. I am thinking to  use bridge mode for the customer contexts, I would like to know if the Bridged mode is an Assymetric topology.
 
The server gateway is the ip address of the ACE or the Router?

View 6 Replies View Related

Cisco Application :: 3750 - FT Failover Not Working

May 1, 2012

We have 2 ACEs configured as Active/Standby.  FT vlan is configured directly using a crossover cable , not using a switch for the FT vlan.ACE is setup in routed mode ,vlan 29 is client vlan and 28 is server vlan ,both are being trunked on ACE-- trunk  3750 switch.
 
When I shutdown the port on 3750 for the primary ACE , data connectivity wise ,primary ACE is down ,but the secondary is not taking over ,and also when I do sh ft group status  on the secondary ACE,I see the status of  STANDBY_HOT and the peer state: ACTIVE.

View 5 Replies View Related

Cisco Application :: ACE 4710 And HA On Stackable 3750

Nov 8, 2011

I am running 4.2.1a and my topology is one subnet only so using one-arm thereby management svi, VIP, ft interface, and host server are all on same subnet.
 
With above scenario, is the ACE 4710 HA support on 3750 stack?
 
On 3750, I use port channel 10. Likwise channel 10 is config on both ACE and HA WILL NOT WORK
 
On 3750, I then use port channel 10 and 11. Thereby, channel 10 is on primary ACE and channel 11 on standby ACE and it works but with following observation:
 
-  standby ACE is configured channel 11 and it syncs up but replace 11 with channel 10 then shutdown 10 and all interface has "channel-mode 11" removed. I have to put "channel-mode 10" on each interface instead of 11 and then unshut the "inter port-channel 10" - then add "ft-port vlan xxx" to get it to work
 
- standby ACE has "switch/admin" default hostname but I expect after sync that it would have the hostname I defined "ACE-COLO/Admin" instead
 
Looking for other discrepency as this is my lab environment before I implement into production as to decrease downtime.

View 3 Replies View Related

Cisco Application :: ACE20-MOD-K9 With Base Licenses In FT Configuration In Layer2 Mode

Oct 6, 2011

During high throughput times (nightly, when backup runs) we see packet drops on the network. We think it's the ACE module that  drops. We use 2 ACE 20-MOD-K9 with base licenses in a FT configuration in Layer2 Mode.Now I found an interesting statistic on the ACE: [code] How to reset this counter?

View 4 Replies View Related

Cisco Application :: ACE30 Normal Load Balancing In Routed Mode

Sep 23, 2012

We are in the situation we have a active configuration with ACE30 doing normal load balancing in routed mode, we have tons of rservers going out on a VIP.we now had to add a new private network to a provider that strangely enough does not want to see our public or private addresses. we need to loadbalance towards him on a priovided subnet (still rfc1918) (IOS VRF bug? is that correct?)I have two options, add the network (new interface) to the active loadbalancers (contexts) and then tie in new policies to the active serverfarms or make a new context just to load balance towards this provider.(preferred)Now - If I do this, the rservers see the client source addresses from this new provider. as the loadbalancer does not "hide" the client IP's. I would then have to add static routers toward the new context - I would want to skip that.
 
is there a way, to make the loadbalancer hide the client addresses towards the rservers ? perhaps I'm just needing the correct search term to find the config example.

View 1 Replies View Related

Cisco Application :: ACE 4710 / Module Routed Versus Bridged Mode

Nov 10, 2010

I understand routed vs bridged mode configuration fairly well, however, I do not understand the pros/cons between using them.

View 6 Replies View Related

Cisco Application :: ACE30 Module Integrated With Nexus 7000 In Routed Mode

Sep 10, 2012

I am trying to get documentation on how to integrate an ACE30 module in a service chassis design integrated with the Nexus 7000 in routed mode.  Only documentation I could find shows this design with the ACE30 module in a one arm mode. Any documentation that shows this implementation of this design?

View 2 Replies View Related

Cisco WAN :: SFP Unsupported Mode In Catalyst 3750-X?

Jun 8, 2010

I am looking to uplink an HP Blade Chassis to a Cisco 3750-X with SFP+ for 10Gig on each end.I would like to use Direct Attached SFP+ cables if possible.I already know that the HP Virtual Connect module will not accept a Cisco Direct Attached cable at the current firmware.Cisco Nexus 5000 has a feature allowing connectivity with the HP Direct Attached cable using "unsupported" mode.

View 3 Replies View Related

Cisco Switching/Routing :: Changing 4510-SUP-6E Redundant Mode To Share-Backplane Mode

Mar 12, 2013

I received the following info from Cisco's TAC and wanted to inquire further before I start reconfiguring the switch:
 
In a redundant Sup-6E setup, the following configuration is supported :
 
- 1 TenGig uplink on Active Sup and 1 TenGig uplink on Standby Sup
- 1 TenGig uplink on Active Sup and 2 Gig uplinks on Standby Sup
- 2 Gig uplinks on Active Sup and 1 TenGig uplink on Standby Sup
- 2 Gig uplink on Active Sup and 2 Gig uplinks on Standby Sup
 
If you invoke shared backplane mode, the following configuration can also be supported:
 
- 2 TenGig uplinks(blocking) on Active Sup and 2 TenGig uplinks on Standby Sup
- 2 TenGig uplink(blocking) on Active Sup and 4 Gig uplinks on Standby Sup
- 4 Gig uplinks on Active Sup and 2 TenGig uplinks(blocking) on Standby Sup
- 4 Gig uplink on Active Sup and 4 Gig uplinks on Standby Sup
 
Here's the command and information about the "shared-backplane" mode :- [URL]
 
Currently, we have 2  SUP 6-Es(Module 5 - Active and Module 6 - Stand-by) setup in a redundent mode. I am planning on changing the redundent mode to the shared backplane mode so I can use 2 TenGig converters to uplink 2 access-switches. We purchased 2 TenGig converters and here is how I am planning on using them:

1- One will be used  to uplink to two 3750 switches(stacked)
2- One will be used to uplink to a 2960 using a Gig SFP
 
My questions are:

1- Do I have to install the 2 TenGig converters(4-Gig Uplinks) in the same Module? Or can I use one one in module 5 and the second one in module 6?
2- Will changing the redundant mode to the shared backplane mode require rebooting the switch or disrupt the funtionality of the other linecards?

View 2 Replies View Related

Cisco Switching/Routing :: Perform STFTP On 3750 Or 3750-X?

Jun 30, 2012

Do I need the Universal image to perform stftp on a 3750 or 3750-X?

View 8 Replies View Related

Cisco WAN :: 3750 - Use Two Core Switch 6500 With Single Mode Fiber As Transport Equipment?

Nov 30, 2012

I have a requirement to connect two 3750 switch with 10G speed between two sites with 150km distance. We will lay-out our own fiber (48 core) between two sites. I just want to consult the following:
 
1. Could i use two core switch 6500 with single mode fiber as a transport equipment?

2. Or i need to use SDH equipment because of the distance concern? If so do i need a repeater?Could i use Cisco Metro Core ONS, which one?

3. Any other option to achieve this requirement?

View 4 Replies View Related

Cisco Switching/Routing :: Stacking 3750-X With Universal Image With 3750-G Running BIN Image?

Oct 10, 2011

I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?

View 9 Replies View Related

Cisco Switching/Routing :: Replacing 3750 24 Port With 3750 48 Port?

May 21, 2012

We have a stack of switches that is at the max number of members allowed in the stack. Problem is we are running out of port density and need to add more ports. So instead of adding a whole new stack I would rather replace 2 of the 24-port swicthes with 48-port switches.
 
If the two 24-port swicthes we are removing are stack members and neither of them are the stack master, I should be able to replace the 24-port switches with the 48-port switches without bringing the master offline? If the new 48-port switches are running the same IOS version as the current 24-port swicthes, they should add themselves to the stack?Would I have to tell the new 48-port swicthes what switch numbers they are replacing in order for them to be added to the stack since we are at the max number of members?Also since the 48-port swicthes are replacing 24-port switches will the master give the 48-port switches the configuration for only the 24-ports?

View 11 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved