Cisco Firewall :: 3560 / 2960 - QOS For ASA
Apr 17, 2013
I have a question regarding QOS and possibly dedicated bandwidth. The environment is ISP goes into an ASA that up links to a 3560 and fiber up links to other 2960s throughout the building for internet. My question is for certain sections of the building if I segment the network can I guarantee them a certain amount of bandwidth. For example, if 1 gigabit is coming into the building from the ISP and into the ASA, can I guarantee one room in the building no less than say 200 Mb of the full internet pipe at all times?
View 7 Replies
ADVERTISEMENT
Nov 30, 2011
have few doudts on MIB file upload.
1) What will be the extension of MIB file ? *.mib or *.my
2) I am running with 12.2(25)SEB IOS .Is thre any dependency with IOS for downloading MIB file.
3)I have 3560 switch and 2960 switch. Is thre any difference in the MIB file extension.
View 1 Replies
View Related
Apr 10, 2011
We had a new building thats gone up and complete now and we're trying to get a ip phone working down that end of the school on a vlan. We seem to be having trouble with the VLAN going through on the 2960 switch but it works fine on our core 3560 switch.
There looks like a slight variation in the config of the switches, the 3560 switch supports the "switchport trunk encapsulation dot1q" command on the interface where as the 2960 doesn't support the "switchport trunk encapsulation dot1q". Is this why the vlan is working on the 3560 and not the 2960, or is it something else?
Both switches are using the 12.2 IOS
Heres the trunk port configured on the 3560 going down to the new building and connecting into the 2960 with a 1gbit fiber link
interface GigabitEthernet1/2 description 3560X Port UpLink as Trunk Mode switchport trunk encapsulation dot1q switchport mode trunk udld port storm-control broadcast level 60.00 spanning-tree guard root
Heres the trunk port configured on the 3560 going to a Linksys switch which then connects to the DHCP server (The other end of the 3560 is also configued as trunk)
interface GigabitEthernet0/6 description Edge Switch port for clients switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast
Heres the working vlan port on the 3560, the ip phone is able to get an ip and ring all other phones etc
interface GigabitEthernet0/7 description Edge Switch port for clients switchport access vlan 2 switchport mode access spanning-tree portfast
Ok now heres the config for the 2960
Heres the trunk port configured on the 2960 going back upto the 3560 switch
interface GigabitEthernet1/0/25 description Port UpLink as Trunk Mode switchport mode trunk udld port storm-control broadcast level 60.00
Heres the access port configured on the 2960 which isn't passing on vlan information. Is there another command i need to use to enable encapsulation as dot1q?
interface GigabitEthernet1/0/19 description Edge Switch port for clients
switchport access vlan 2 switchport mode access spanning-tree portfast
View 11 Replies
View Related
Nov 12, 2011
3560--------------------------2960 connects via single mode Fiber and now will have another redundant Link between 3560 and 2960 with Ethernet interface ( Wireless). 3560------------trunk config---------2960 < Fiber Link >
what config I need on Ethernet interface on 3560 and 2960?what config is needed to alwayz have fiber as primary connection and Wireless as backup.
View 1 Replies
View Related
Dec 13, 2011
From the multiplexer 9 ethernet connections are terminating in Cisco 2960G 24 port swith and it is connected through fiber uplink to one Cisco 3560G 48 port switch in first floor, which is connected to server.
How I will configure the 3560G to make communicate with 2960G and bring all these 9 ethernet connections to server. All the 9 connections are from different IP. and server also have different IP.
View 1 Replies
View Related
Dec 28, 2012
It seems my 2960s and 3560s switches have enough flash space and memory to support the 15.0 IOS should I be OK to jump to this from 12.2(35)?
View 10 Replies
View Related
Feb 22, 2012
Im trying to Connect a 2960-S Catalyst Switch to a 3560 Catalyst Switch. It worth pointing out im newish to switching although i know some commands and what they do This is my first time connecting 2 switches together.They are connected via a crossover cable and have green lights flashing on the connected ports When i run "show CDP neighbours it sees the new switch Unable to ping new switch...just timesout Here is the the interface on the 3650
GigabitEthernet0/40 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001b.532f.8428 (bia 001b.532f.8428)
Description: Uplink to Switch 2
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
[code]....
View 6 Replies
View Related
May 15, 2012
I'm having issue with one stubborn process that is consuming nearly all the CPU on all of my switches. I tried googling it, but had no luck. The process is "hulc nrgyz PD di"
View 4 Replies
View Related
Jul 26, 2011
Yesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
View 4 Replies
View Related
Sep 13, 2012
I have CISCO RPS 600 (PWR-AC-RPS) is it support Catalyst 2960 and 3560 ? and which type of cable require since i have cable 22-18 pin and on my switch require 22-14 pin.
View 2 Replies
View Related
Mar 29, 2012
As per my attached diagram, I have three switches (Cat 3560-E and couple of Cat 2960-G)
Each PC is on different vlan
PC -1 on vlan 100
PC-2 on vlan 200
I need to connect PC-1 and PC-2 to the server. Server has no fixed vlan and can be changed.
Restrictions:
1) can’t change PCs vlan assignment.
2) can’t add 2nd NIC in the server.
I’ve tried private vlan but it requires separate physical ports for host and/or community vlan and somehow it did not work. I could be wrong Trunking using dot1q enabled on port 2 on all switches and connection works fine (server to PC-1 or server to PC-2) by enabling switchport access vlan 100 or switchport access vlan 200. However I need port 5 on switch-1 to respond to vlan 100 and 200.
View 11 Replies
View Related
Aug 6, 2012
When did this wonderful feature get introduced? Is it going to moved down to the 3560s/2960s type switches?
View 0 Replies
View Related
Jul 10, 2012
I would like to test the possibility to reload devices via SNMP for new switches like 2960, 3560 and so on.I know that the command "snmp-server system-shutdown" has to be configured, then I need to send the set query to the device via SNMP.
I have found on the net the OID 1.3.6.1.4.1.9.2.9.9.0 but it belongs to an old MIB and doesn't seem to work with new switch models.
View 4 Replies
View Related
Jan 16, 2013
I am implementing QoS on our MPLS network. Our environment exists of a mix of Cisco 2960 and 3560 switches. The IPT system is Avaya CM with Avaya phones.The WAN network is a MPLS network.Ports are configured for access and voice vlan (no trunking), one vlan for voice, one for data (vlan 1 is disabled).I dont have Qos coonfigured on LAN just wanted to configure on WAN Router where my Mpls link is connected.I have 45 Mb Mpls links on all sites connected to each other.
I have multiple sites connected via MPLS and i have control at both sides.Current config is mentioned below in which DSCP marking is not done for signaling. What is the best config with example.Current Config on all Cisco Router where MPLS link is terminated at all sites. [code]
View 10 Replies
View Related
Mar 12, 2013
I know only one method to restart Cisco switch through Telent using command " RELOAD". How can we restart Cisco 2960/3560 switch phyically....can i use mode button to restart cisco switch ?
View 11 Replies
View Related
Jan 3, 2012
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
View 3 Replies
View Related
Feb 6, 2012
Is it possible to daisy chain from a 3560 to 2960-S switch using a SFP interconnect cable (daisy chain cable)
View 1 Replies
View Related
Jun 7, 2011
lets you catalyst 3560 & 2960 remote login with a secure protocol
View 4 Replies
View Related
Jun 7, 2011
We have quite a few 3560 & 2960 on our edge network - what I have been looking at was to access switches via web-interface i.e. web-browser. Only problem with this is it always gives you access on privilige level 15 which is not ideal as not all who we decide to give access to these switches will be admin and allowed to configure these swicthes - In the 3560/2960 data-sheet states:
"Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators"
Where as there is no mention of how to configure these two levels of Web-based management in the configuration guide.
View 8 Replies
View Related
Jan 21, 2013
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
View 9 Replies
View Related
Oct 16, 2011
I have a Cisco 3560 running as a Level3 device in my network running 10 V LANs and routing between most of them (nothing complex with ACLs) and running spanning-tree mode pvst. The main network is run on a net gear GS748TPS stack of three switches running MSTP.
I have just bought an additional 3560 and a 2960 to plug in. I have set them up with IP addresses and then plugged them into the net gear. This brought the whole network down until I unplugged the new switches.
I have confirmed the IP addresses aren't duplicated and that DHCP is not running on the switches so I can only assume it's something to do with DHCP. I cannot afford for the network to go offline again, so is there anything I should check? Am I running incompatible spanning tree methods between the net gear and Cisco devices?
View 28 Replies
View Related
Oct 9, 2012
I am using Packet Tracer to simulate Cisco networking.As the existing IOS of the 3560 and 2960 switch are in older version which has no new feature in new IOS, how to upgarde the IOS of Cisco switch at Packet Tracer?
View 5 Replies
View Related
Aug 27, 2012
I have more than 20 Cisco switches in my office which is basically a soap manufacturing factory. The switches include Cisco 2950, 2960, 3560, 3750 etc. We have routers also which include 2821, 2951 etc. We also have Cisco WLC 2125 and LAP 1262 series. Sometimes all these devices management comes very tough to us.
We need to log on to different devices for troubleshooting/network management which sometimes becomes very tough to us. So I wonder if there any Cisco applications or tools by which we can centrally manage all these devices.
View 2 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Mar 29, 2012
I have the following setup.
host PC (192.168.9.3) -----> gateway (192.168.9.2) ----- Pix E1 (192.168.9.1)/Pix E0 (81.x.x.250) ------ Internet
The 192.168.9.2 gateway is a 3560 switch connected to the PIX. I can ping out to the Internet via IP from the PIX, but not via the host PC (192.168.9.3) on the LAN. PIX and gateway configs below. Am I missing something that's preventing me pinging out to the Internet from the internal LAN?
PIX config
test-cal-pix01# sh run
: Saved
:
PIX Version 8.0(3)
!
hostname test-cal-pix01
enable password btf1YD.Vq7mE6vEA encrypted
[code]....
View 1 Replies
View Related
Dec 27, 2011
In my lab setup i configured Cisco 3560 switch.
VLAN 20 and VLAN 30 i configured.
VLAN 20 interface IP : 192.168.20.1/24
VLAN 30 interface IP : 192.168.30.1/24.
Inter-vlan communication is happening fine.
For testing for purpose i configured extended ACLs. Here is my requirement: I want to stop communication from VLAN 30 to VLAN 20 but not vice-versa.
Here i configured like this:
access-list 111 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 111 permit ip any any
applied ACL in VLAN 30 interface 'in' direction.
ip access-group 111 in
In this scenario, communication is stopping in both directions. If i ping from one of the IP VLAN 20 to one of the ip of VLAN 30, i was gettng Requested time out. And if i ping from one of the IP VLAN 20 to VLAN 30 interface IP, i was able get pinging.
From VLAN 30 to VLAN 20, i was getting destination host unreachable from VLAN 30 ip( Its fine as its my requirement). So, solution needed to communicate from VLAN 20 to VLAN 30.
View 1 Replies
View Related
Mar 18, 2012
is it possible to configure an IOS Firewall IPS on a Catalyst 3560? Which IOS version would I need if it were possible?
View 3 Replies
View Related
Aug 20, 2012
ASA's G0/2 interface is connected to G0/1 interface of a 3560G switch in DMZ, below is the config and diagram
Switch Config
int g0/1
switchport mode trunk
switchport trunk encapsulation dot1q
int vlan 1
ip add 192.168.0.100 255.255.255.0
We are running out of IPs in 192.168.0.X network and planning on creating sub interfaces on the ASA and trunk it to the switch so that we can have multiple V LANs in DMZ. Tried the below config in LAB but that didn't work, can you have a look at it and let me know if I miss anything. No change on the switch config since G0/1 is already a trunk port.
ASA Config
interface GigabitEthernet0/2
description Trunk to DMZ networks
no nameif dmz
[code]...
If I change the V LAN on the switch from 1 to a different V LAN, say V LAN 50 for example, and configure the ASA accordingly its working fine.
View 5 Replies
View Related
Nov 29, 2012
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies
View Related
Apr 18, 2013
I'll start out with the fact I work mostly with Wi-Fi and not a lot in the security realm... If I plug my workstation into the 3560, my wired client adapter can get an IP address. But the WLAN adapter will not when associated to WLAN.Usually this is not a problem since you may only have two access points on the controller and a dozen or so hosts. In my case, however, I want to put a few of the ports on the 3560 into the same VLAN as the WLAN on the 2106 so I can give them the same guest access as the WLAN. The hosts plugged into the 3560 get an IP address without issue from the ASA. When I disable dhcp proxy, the WLAN clients get an IP address, but then the APs cannot get an IP address from the internal DHCP server on the WLAN controller, and cease to function when rebooted since they cannot get to the controller without an IP address.
Any way to configure the ASA to accept the modified DHCP packets from the WLAN controller? It appears to me that the ASA is not able to accept DHCP relayed packets.
View 21 Replies
View Related
Sep 16, 2012
I have an ASA which is managing internet access from mutiple VLANs configured on a 3560 switch. I want to be able to limit the 100MB internet connection on the ASA on a per subnet (VLAN) basis for the multiple subnets configured on the switch..
so for example
VLAN10 - 10.0.10.0 - limit to 5MB
VLAN20 - 10.0.20.0 - limit to 10MB
VLAN30 - 10.0.30.0 - limit to 3MB
View 7 Replies
View Related
May 12, 2010
I have a mysterious problem with my Internet connection. The Edge topology is in the attachment so are the most important "show" commands. We have a 50Mb/s symmetric Internet connection. When we use Internet through ASA the download speed does not exceed 3Mb/s whereas the upstream is at about 45Mb/s. When we connect our LAN directly to 2960 the downstream increases dramatically up to 47Mb/s whereas the upstream remains at about 45Mb/s. Duplex is manually set to 1000/full on all interfaces. All that I have noticed are dropped packets on outside interface (Gi0/0). The reason is unclear.
View 6 Replies
View Related
Aug 1, 2012
users behind asa5510 on both vlans10 and 20 have slow internet speeds (2Mbps down/170kbps up). carrier provides 13Mbps down/5mbps up and speed tests on another port on the asa 9Mbps/5mbps. There is no speed/duplex mismatch on the switch (cisco 2960) that asa port is connected to. what else could possible cause that ? cisco 2960 is in vtp transparent mode. mtu on both vlans is matched.
View 10 Replies
View Related
