Cisco Firewall :: 6509 Core Switch - How To Create DMZ Vlan

Oct 31, 2012

I need to create a DMZ Vlan.  Core switch is a 6509.  FW is an ASA5520.  Need to create a VLAN for DMZ purposes for outside facing servers.  NAT is used on ASA.

View 7 Replies


ADVERTISEMENT

Cisco :: Core Switch 6509 - Route Each Vlan To Exit From Spacific DSL

Jan 26, 2012

i'm already has one internet connection is connecting directly to the Core Switch 6509,Vlan 500 (1921.168.1.0) and the Switch is route any internet request with default route:
 
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.170.10.10
10.170.10.10 is --> Next hop for the DSL router internal IP, and it's working fine.
 
The Problem: We have a new internet connection with new Vlan 600 (172.16.1.0) another ISP/ with another DSL router, so i need your kindly support and suggest how to connect both of them to exit from the Core Switch 6509. is it ok if i make another default route to the Next hop to the new DSL router as:
 
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.80.10.10
10.80.10.10 is --> Next hop for the new DSL router internal IP.
 
is there any way like default route , route-map or any other features to :

route Vlan 500 (192.168.1.0) to exit from DSL 1 --> 10.170.10.10
route Vlan 600 (172.16.1.0) to exit from DSL 2 --> 10.80.10.10

View 3 Replies View Related

Cisco Firewall :: ASA Firewall Positioning In Transparent Mode Between 6509 Core Switch And WLC

Apr 26, 2011

I do have the below setup,,
 
1. I have 6509 switch
 
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
 
3. On switch side i have configured the port as Trunk
 
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
 
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
 
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?

View 2 Replies View Related

Cisco WAN :: 6509 - MAC Address Flapping In Core Switch

Dec 28, 2010

I am getting following error in Cisco 6509 switch.BUt there is no impact in the switch.
 
: %MAC_MOVE-SP-4-NOTIF: Host 0000.0c07.ac01 in vlan 694 is flapping between port Te8/1 and port Te7/1
29:33.959: %MAC_MOVE-SP-4-NOTIF: Host 0000.0c07.ac01 in vlan 269 is flapping between port Te7/1 and port Te8/1

[Code].....

View 2 Replies View Related

Cisco WAN :: VPC Configuration Template With Two Core 6509 Switch

Jan 3, 2013

What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.

View 3 Replies View Related

Cisco Switching/Routing :: 2 Internet Connection Connected To Same Core Switch 6509

Jan 25, 2012

i'm already has one internet connection is conecting directily to the Core Switch 6509, and the Switch is route any internet request with default route:
 
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.170.10.10
 
10.170.10.10 is --> Next hop for the DSL router internal IP, and it's working fine.
 
We have a new internet connection with another ISP/ with another DSL router, how to connect both of them to exit from the Core Switch 6509.
 
is it ok if i make another default route to the Next hop to the new DSL router as:
 
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.80.10.10
 
10.80.10.10 is --> Next hop for the new DSL router internal IP.

View 6 Replies View Related

Cisco :: L3 Core Switch VLAN Monitoring With IPS?

Jun 10, 2012

We have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?

View 3 Replies View Related

Cisco Switching/Routing :: 3750 / 6509 - Upgrade Core Switch Without Disrupting Network?

Feb 2, 2013

I am planning to upgrade the current core switch(3750) to 6509 series switch. Since we have a production network running we have to plan for an online core switch upgrade.

View 7 Replies View Related

Cisco Switching/Routing :: 6509 Core Switch Command / IP PIM Sparse-dense-mode

Oct 23, 2011

What is PIM? give me an example when I will use and not use the PIM command.

View 4 Replies View Related

L3 Core Switch VLAN Traffic Monitoring With IPS

Jun 9, 2012

I have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?

View 19 Replies View Related

Cisco Switching/Routing :: Limit For Creation Of Port Chanel In Core Switch 6509 And 6513

Feb 20, 2012

How much is the limit for the creation of PortChanel in a Core Switch 6509 and 6513?Is there a limitation byu hardware?

View 7 Replies View Related

Cisco Firewall :: 6509 - High Utilization On Core

May 22, 2012

We have a 6509 core with the below modules running for a long time and the utilization used to be always 10 to 13 percent checking with the supplier it was told to us that due to the firewall modue we have and its normal Now 2 days back i noticed the utilzation had jumped to 90 % and now it happened again
 
I see that on runnung proc cpu
 
16407    56.1%   56.5%    55.9% ios-base
 
16430    35.3%   35.2%    33.9% iprouting.iosproc  
 
the modules present
 
Mod Ports Card Type                              Model              Serial No.--- ----- -------------------------------------- ------------------ -----------  1    6  Firewall Module                        WS-SVC-FWM-1       SAD140901XA  3   16  16 port 1000mb GBIC ethernet      

[Code].....

View 1 Replies View Related

Cisco Firewall :: FSWM Active / Standby Installed In 6509-E Core Switches

May 9, 2011

I have FSWM active/standby installed in 6509-E core switches running following FWSM Firewall Version 3.1(3) Device Manager Version 5.0(2)F..I want to upgrade to latest FWSM version as well as ASDM, I downloaded asdm-622f.bin and c6svc-fwm-k9.4-1-5.bin from cisco portal. When i checked the show version of FWSM, it says..The Running Activation Key is not valid, using default settings: Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
 
I have gone through threads on CSC about how to upgrade FWSM in failover mode, now my concern is, Do i have to take care about activation key or keep as it is ? I have maintenance contract with cisco for all devices.

View 3 Replies View Related

Cisco Firewall :: 6509 / FWSM VLAN Configuration Mismatch And Some VLAN Deleted

Aug 12, 2012

We  have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level.  All VLAN Gateways are configured in context level.
 
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During  migration of devices from one Dc to a new DC  we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC  and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
 
During the activity ( Primary switch movement )We powered off the Primary switch  and mean time before shifting into new Data center  We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
 
Later  we had moved  Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE  and  primary device was not responding and devices  went off network and immediatly we  removed the VSL link and brought up  primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original  VLAN  ip 10.200.112.1 has become  10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
 
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.

View 1 Replies View Related

Cisco Switches :: Used Two SF-300 Switch And Create 4 VLans And Inter-VLan Routing

Apr 8, 2013

I used two sf-300 switch and create 4 vlans and intervlan routing is working fine.
 
Port 1 - 10 -------------> Vlan 1
Port 2 -20----------------> Vlan 2
Port 3 - 30------------------> Vlan 3
Port 4 - 40--------------------> Vlan 4
 
giga1  -----------------> connected to router (This router used for intervlan routing).
 
SF-300 Port 1 is connected to Internet Modem.  This modem worked as dhcp server also for vlan 1, my problem is that when vlan 1 is not communicate to vlan2,3,4 and 2,3,4 are not communicating. 
 
How i can communicate vlan 1 to 2,3,4 vlan. 
 
how i can connect the modem in switch?  Access port or Trunk port ( Presently available in vlan 1 Access port)Any route i need to make? sf-300 or modem or router?

View 1 Replies View Related

Cisco WAN :: 6509 - Connecting To Other Switch Using VLAN 1002

Feb 19, 2012

Are there any solution to connect VLAN 1002 configured in non-cisco switch to connect to Catalyst 6509?

View 2 Replies View Related

Cisco Switching/Routing :: Create New Vlan On 3750 Switch With Trunk Mode

Jan 16, 2013

This is regarding VLAN creation on C3750E switch.I want to create new Vlan 94 on this switch and also I want to allowed same interfaces like Vlan 95 & Vlan 96. [code]

View 7 Replies View Related

Cisco LAN :: 6509-e Switch And IDF Closets Have 3750 - Creating Isolated VLan

May 6, 2012

My core switch is a 6509-e and my IDF closets have 3750's.I have a couple of vlans currently setup, that can communicate with each other.VTP is setup Client/Server where as my core is Server, all IDF's are Client.
 
What i'm trying to do is create an isolated VLAN.  I want to setup a DHCP scope and use helper address.  When i plug in a client to that VLAN, i want it to get an IP, but not have any other network access.
 
Is this possible to do without switching to Transparent mode? If not - what reprocussions will i see by switching to transparent mode?

View 9 Replies View Related

Cisco Firewall :: Create VLan On ASA 5510 (8.2)?

Feb 25, 2013

User want to create on 5 network , 100.x , 200.x , 210.x , 250.x , 220.x .at the ASA5510, no enough port for 5 network.So I want to create 4 vlans on eth 0/3. I can create vlan but i cannot run this command " switchport mode trunk"   " "switchport trunk allowed vlan list" how can be done for that?

Actually i want to use like thisASA5510-----4 vlans on eth 0/3------switch----vlan200,vlan210,vlan250,vlan220.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Cannot Create A Interface VLAN

Mar 23, 2013

May I know the reason why we cannot create interface vlan on Cisco ASA 5510?

View 2 Replies View Related

Cisco Switching/Routing :: Slow File Transfer Speed In Same Vlan Of 6509 Switch

Mar 16, 2013

I am getting very slow window file transfer speed (4 Mbps per second) between two connecting servers in Cisco 6509 switch. I have connect the two laptops in 6509 switch in same module using the same vlan and try to copy the files from one laptop to another and vice versa and got the same speed on 4 to 5 Mbps per second. Switch utilization is not more than 10% and both the laptops are connected in 1 Gbps full duplex.
 
I have checked by removing the gateway in both laptop but the output is same.

View 7 Replies View Related

Cisco Switching/Routing :: Connecting Core Switch To Firewall 3750x

Apr 13, 2013

I have a 3750X four-switch stack acting as the core of a fairly simple LAN. All I need to achieve (and this seems inordinately hard, but it is entirely likely that I'm just being dense) is to get access to the internet through my core switch, through the firewall and out through my VSAT. I've spoken at some length with the firewall providers (Cyberoam) and they tell me all I need to do when I migrate onto my new system (Cyberoam is currently in place at the entrance to our existing LAN) is change the local IP address of the Firewall, plug in the new switch to the LAN port, and away I go. Tried that, didn't work, so obviously I'm missing something.

View 22 Replies View Related

Cisco Firewall :: ASA 5510 Connected To MPLS And LAN Via 6506-E Core Switch

Apr 19, 2011

I am attempting to install an asa 5510 at my hq.  Our MPLS network is provided by our ISP and the routers are managed by them.  They will be working with me to add the needed routes to the routers. Using version 8.4.1  That said, here is my challenge:
 
I am connecting the MPLS routers and WAAS device to my core switch(also performing inter-vlan routing) in VLAN 2. There are 3 connections needed for the mpls equipment and they are all in vlan 2 on my core switch.  The firewall (ASA 5510 with security plus licensing) also has an interface (outside) in vlan 2.

e0/0
shutdown
no nameif

[Code]....   
 
configuration guides or suggest TAC as they have been a bit inconsistent with this issue thus far.  What am I missing because I cannot get to where inside interface of the firewall is pingable by the lan and the outside interface of the firewall is pingable by the lan.

View 1 Replies View Related

Cisco Firewall :: Unable To Create VLAN Interfaces In ASA 5510

Nov 13, 2011

Unable to create VLAN interfaces in ASA 5510

View 1 Replies View Related

Cisco Switching/Routing :: 6509 - 802.1x And Voice VLAN / Enable Dot1x On User's Ports On The Switch

Sep 17, 2012

I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
 
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
 
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
 
let me know what should I do to get dot1x working?
 
Note: I have connected a laptop directly to the port and dot1x is working fine.

View 5 Replies View Related

Cisco WAN :: Using 6509 As Core Router?

May 6, 2011

One of the pur client want to use Cisco 6509 as core Router. STM Module they want to install in it and used as Core Routing through it. Is it ok with core network ?

View 2 Replies View Related

Cisco Firewall :: 6509 / Interface VLAN Stop Responding On FWSM Automatically

Aug 8, 2012

i  have been facing strange issue on FWSM (6509 switch). we have created a  vlan inteface for  server farm on fwsm and its stop responding  automatically and we need to give shut/ no shut command under that  interface to back into normal .

View 11 Replies View Related

Cisco Switching/Routing :: 3560 Possible To Create Vlan Inside Transport Vlan?

Jan 10, 2012

Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?

View 3 Replies View Related

Cisco :: 3750 Via Vlan250 From Core 6509 - Getting Connection Refused?

Apr 11, 2013

We just replaced our ancient 6509 dedicated SAN switch with a Nexus 5548UP (with 4 2248 FEXs).Our old SAN 6509 was completely separated from the Core 6509, and that Core 6509 doubled as a Datacenter switch. We've now segmented the "Datacenter" and "Core." The SAN and servers are connected to the Nexus gear rather than the Core. The old SAN had only 3 vlans. One for SAN data (Vlan16), one for management interfaces (Vlan250), and one for switch management (Vlan15).

As part of my cleanup, I want to get rid of that Vlan15 and use vlan250 for switch management. In another building, we have a 3750 that provides SAN (Vlan16) and management (Vlan250) connectivity to a single Equallogic box and a Dell PowerVault tape drive for backup purpose. That 3750 is the only device that still has an address on Vlan15 (other than the core). Refer to the drawing below.

The Core 6509 is the gateway for Vlan250 and Vlan15. I have created an interface for Vlan250 on the 3750. ACLs exist on vty connections of each switch allowing telnet access ONLY from the Mgmt 2960. There are no ACLs on the Vlans themselves.From the Mgmt 2960, I can telnet to the 3750 using either its Vlan250 IP address or its Vlan15 IP address. However, if I shut down Interface Vlan15 on the Core 6509, I can no longer telnet to the 3750, not even using its Vlan250 IP address.

The connection times out. If I attempt to telnet to the 3750 via Vlan250 from the Core 6509, I get connection refused (which I should get due to the ACL on the vty connections). I can still telnet to other devices on Vlan250 (such as the management interfaces on the Nexus 5Ks). Why am I able to telnet to the 3750's Vlan250 Interface only when the Core's Vlan15 Interface is Up?

View 5 Replies View Related

Cisco Switching/Routing :: Using 6509 Series As Core Switches

Jun 2, 2012

we are using cisco 6509 series switches as core switches. and Cisco 4510,4507 series switches as edge switches. all the vlans are created at core switches and propogating to edge switches through VTP. we are using OSPF as routing protocol at core switch for internal routing. till now we are using 4510,4507 switches as layer 2 switches. Since, 4510 & 4507 switches are hign end swithces i want use them as layer 3 switches instead of layer 2.if i change these switches from layer 2 to layer 3 does it make any impact on our network or better to keep them as layer 2 switches.if i change these switches to layer 3 is there any advantage i will have.

View 3 Replies View Related

Cisco Switching/Routing :: 6509 VSS Implementation As A Service Module Core

Jun 8, 2011

I m planning to implement VSS in core but want some inputs on IOS as i have FWSM as a service module Core :- Ii am running 12.2(33)SXH2a on my Core 6509  and i checkd cisco sites and Fwsm release notes but it states only  I-Train of IOS while mine is H-Train so can I directly upgrade to  I-Train or I was thinking of SXH8b IOS.

View 2 Replies View Related

Cisco Switching/Routing :: Adding UCS 6248UP To 6509 Core Switches?

Apr 21, 2013

In the next couple weekends I'm planning to add 2 CISCO UCS 6248UP Interconnects to 6509 Core Switches via 10G links.
 
Is there any impact anticipated?  It's a production environment and no loss of up-time is acceptable.

View 1 Replies View Related

Cisco Switching/Routing :: Connecting 5548 Pair To 2 6509 Core Switches / No Vss

Jun 8, 2012

connecting a 5548 pair to our core 6509s.  Just want to be sure we don't introduce any issues into the network.The 6509's are connected and perform all the routing.  Essentially, we're moving away from a 3750 stack in the data center and the 5548s are the replacement.  We'd want to limit the vlans to the specific server network vlans. Our current setup is a port channel between the 3750 and each of the 2 6509s for redundancy. I'd like to use the same functionality when we connect the 5548's but I'm looking for what the config should look like to ensure no spanning tree loops are introduced and that it is configured optimally.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved