Cisco Firewall :: ASA Redundancy With 3750 Stack
Oct 4, 2011
I will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
View 2 Replies
ADVERTISEMENT
Jan 15, 2013
A CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs.We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature.
- Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ?
- Do you recommend any other way?
- Any recommended CISCO resource/white paper to read about best practice
View 4 Replies
View Related
Oct 3, 2011
I have a pair of 3750-x switches stacked together. Using spanning tree with our upstream provider I have an active line in port GigE 1/0/25 and a blocked redundant line in GigE 2/0/25. I have setup a port based acl as below on 1/0/25 which is a port on the current master switch. Do I need to manually set this on 2/025 as well? Just wondering what would happen if the line to the master switch was to disappear or if the master disappeared completely whether the acl would automatically be applied to 2/0/25.
View 2 Replies
View Related
Jan 22, 2013
We currently have as our stack master a 24 port Non-PoE that we want to replace with a 48 port Non-PoE. The 48 port switch at one time was provisioned as switch 3 in the stack (not the master). Correct me if I am wrong, but theoretically all I should need to do to get this working is to shut off the existing master so it re-elects a master and then provision the 48 port switch as the new switch one and make sure switch 1 has a high priority?
Do I need to write erase the switch that is replacing the current master first?
View 4 Replies
View Related
Apr 24, 2012
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies
View Related
Mar 21, 2013
which option do you think is better? The idea is to use them as the core of the network,to route between several VLANs.
Options:
1 - Two 3560 with HSRP
2 - Two 3750 stacked with cross-stack etherchannel to the access switches
View 11 Replies
View Related
Aug 14, 2012
I am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies
View Related
Jan 30, 2012
I'd like to establish a more robust border router/switch redundancy plan and would like to know if this seems like it would be reliable.I'm looking at using a couple of 3945 routers and 3750 switches in the configuration shown below.
The article found at [URL] outlines the config between a single switch and router but I am looking at doing this with dual routers and switches.
View 3 Replies
View Related
May 1, 2012
I plan to build improved redundancy in to my LAN by stacking two 3750s and teaming pairs of NICs on my Dell PowerEdge servers, with each cable of the pair going to a different switch.In my mind this provides redundancy for the NICs and the switches. Does this configuration will work, and also what type of teaming is supported, as I was planning to have one NIC active and one standby, but can I run this configuration with both NICs in the team as active with load balancing?
View 1 Replies
View Related
Oct 31, 2012
My network consist of that network device. cisco catalyst 3750 with stackwise, 2xnexsus 5000 series and servers.servers connected to nexsus switch. nexsus connect to 3750.
Each server have two link, one of them connect nexsus1 and other connect to nexsus2 switch.(same traffic) each nexsus have one link to 3750. At 3750 the nexsus link configurate etherchannel. but the flapping occur at 3750.
i understand that at 2 nexsus link have the same server source mac address so the flapping occur at 3750. how i solve this problem?
View 5 Replies
View Related
May 1, 2011
I have been seeing high CPU on a 3750 stack we use for our phone system. I followed the documentation here:
[URL]
This documentation pointed out that the interrupt was very high and so I started looking at the CPU queues to debug. The icmp queue was dropping TONS of traffic.
The debug was full of these:
ICMP-Q:Dropped Not a candidate: Remote Port Blocked L3If:Vlan248 L2If:GigabitEthernet1/0/17 DI:0xB4, LT:7, Vlan:248 SrcGPN:17, SrcGID:17, ACLLogIdx:0x0, MacDA:001a.a1c4.1cd2, MacSA: 0013.192c.bb80 IP_SA:5.1.1.10
[Code].....
View 2 Replies
View Related
Apr 16, 2013
We have a current 3-stack 3750 ( 48-P,48-TS & 3750v2-48PS ) running fine. There is a plan to introduce a fourth stack member ( 3750X-48P ) into this stack.as per cisco documentation, it suggests to use 3750X as master for a mixed stack. In this case, we will need to upgrade current other 3 stack switches to a latest version.,Can we do a no-downtime ios upgrade on the existing 3-switch stack?, when this upgrade is done, is there any way to have the new ios pushed down to all three stack members at the same time or do we need to each member upgrade seperately?, for adding the fourth member, is it acceptable if master is ruuning ver eg. 12.2(55) and all rest of the members run ver 12.2(53) ? will this create any issues and will stacking be successful.
View 5 Replies
View Related
Oct 30, 2012
I have 4 switches of 3750. I need toupgrade all the switches, but I can't to disconnect the stack cable.How I can to upgrade the version without to disconnect the stack cable?
View 2 Replies
View Related
Mar 8, 2012
I have 3750 stack with 4 switches.I am trying to make change some port to new VLAN, but switch 2 & 3 new change never works, the ports stick with old VLAN. Other two switches works as I expected on new changed VLAN.Tried to reboot, no progress.
#Show VLAN command confirmed the VLAN changes are made.
#show switch detail
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
1 Member 0019.e752.xxxx 1 Ready
2 Member 0015.f9bf.xxxx 1 Ready
[code]......
View 4 Replies
View Related
Oct 3, 2006
I am building a few 3750 stacks, I want to be able to poll/monitor each individual switch in the stack but as it only has 1 ip associated with the stack how can I do this. I am polling the uplink interfaces but as I only have uplinks on the top and bottom switch I am blind to a switch going down in the middle of the stack.
View 4 Replies
View Related
Nov 7, 2012
I have 2 3750x switches connected via a pair of stackwise cables, but I keep seeing error messages about the stack&switch ports going up and down,Performance wise, it seems to work, but I'd like to eliminate this message... Sometimes it will go hours without bouncing, sometimes it does it a few times a minute....
*Mar 4 12:56:57.903: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
*Mar 4 13:16:48.070: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state UP
*Mar 4 13:16:49.093: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN
*Mar 4 13:38:55.802: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state UP
*Mar 4 13:38:56.809: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
[code]...
View 4 Replies
View Related
Jun 10, 2012
I have a switch stack with three WS-C3750X-48 switches running 12.2(55)SE. Recently, stack member 3 went offline for a few minutes, after being online for over a year. A show version on member 3 reports that the system returned to ROM by power-on.
Stack member 3 shares a UPS with a router that did not lose power and all three stack members have stack power with four 350 WATT power supplies between the three of them. There are no crashinfo files on any of the switches, log files show the stack ports on the other switches going offline then switch 3 being removed from the stack.
Surveillance recordings show there was no one near the switch during the time and AAA accounting shows no clues. Is it possible the switch crashed without leaving a trace in the logs, a crashinfo file and report that it returned to ROM by power-on?
I've read before that loose stack cables can cause stack member reboots. Would such an event generate log messages other than the stack ports changing states to down?
View 6 Replies
View Related
Dec 6, 2011
I have two 3750s stacked and one 3750 standalone all in one data closet. The both have the same versions. I want to combine them to make one stack. How do I force the standalone to be the master? sw 1 priority XX(Higher then the existing stack)? Both the stack and the standalone have management addresses. Would it be ok to delete the stack ip address? That way, the standalone(master's address will be the only management address)?How should I connect the standalone 3750 to the stack? At present, the 3750 stack is connected via a cascade cable going from the stack 1 port of the top switch to the stack 2 port of the bottom switch.
View 19 Replies
View Related
Jul 4, 2012
I have a 3750 stack of 4 switches that was installed about 2 years ago. Recently I was doing some work on the switch and realized that I am unable to save the config. I amobviously concerned that if the power fails or the switch reboots I will be reconfiguring it and that is not something I am interested in doing!
[code]...
View 1 Replies
View Related
May 19, 2013
I have a stack of 4 3750 Switches.
1. WS-C3750G-12S
2. WS-C3750G-12S
3. WS-C3750X-48P
4. WS-C3750X-48P
The stack cable connected to Switch 1 Port 1 and Switch 4 Port 2 will not come back online. The logs show that there was a Stack line change. I have replaced the 1 meter Stack cable from Switch 1 to Switch 4 three times and it still does not come back online. This is the part that is interesting.. I have disconnected Port 1 Switch 4 and connected it to Port 2 Switch 4 and then Switch 4 came back online. This made me think Port 2 on Switch 4 was working correctly. Then I disconnected Port 2 Switch 1 and connected it to Port 1 Switch 1 and then Switch 1 came back online.
View 1 Replies
View Related
Feb 20, 2013
i have two cisco 3750 in stack firts, master switch have all swports busy second have only 5 how can i see cpu utilizations of the second switch, and its reasonable to move somme devices from first switch to second for deacreases of cpu and memory utilisatio ns of the master? the stack tehnologies use both cpu as one? or its only for simple management ?
View 9 Replies
View Related
Mar 11, 2013
have a cable i think is bad, is it possiable to switch the cable out without causing any downtime to the switch or connected devices?
HQ-1st-Flr-Stack#show switch stack-ports summary
Switch#/ Stack Neighbor Cable Link Link Sync # In
Port# Port Length OK Active OK Changes Loopback
Status To LinkOK
[Code].....
View 15 Replies
View Related
Apr 29, 2012
I just need a little refreshing on upgrading a stack of 3750's. This stack only has 2 switches: [code]
1.) If I remember correctly I simply tftp the IOS to the flash of each switch and then reload the master only?
2.) Can I safely assume these are the 2 flash locations:
View 3 Replies
View Related
Jun 21, 2012
i want to remove an access layer 3750 48 POE master switch and replace with a new 3750 switch in the stack. i want to copy the same configuration to new switch since the old switch is having POE issue and I got replacement of the malfunctioned switch. we have VTP domain is configured in the network...
View 3 Replies
View Related
Mar 15, 2012
I have been given 2 3750 switches and need to put a config onto it wuld is for 2 3750's in a stack, how should I put this on the 2 switches? Is it bested to install it onto 1 switch first then physically attach the 2nd after?
View 3 Replies
View Related
Aug 6, 2012
We are trying to configure Etherchannel between four ports of cisco 3750 stack(2ports from one switch of stack and two ports from another switch of same stack). We are facing issues with this setup. The ports in WS-CBS3012 are going to err disable mode.
Is there any limitations associated with such a cross-stack etherchannel configuration. Any particular sequence of configuration involved.
Switch1 in stack
int gi 3/0/3
switchport mo trunk
switchport trunk allowed vlan 10-30
sw tr en dot1q
channel-group 1 mode on
spanning-tree guard root(code )
View 1 Replies
View Related
Jun 5, 2013
i was just asking if it is possible to create a L3 etherchannel between 2 single 3750 switches that act as our core, (running HSRP for the vlan and with a port-channel between the two) and a new switch stack of 3750s that will be routed to and managed by another party. Only i'd like to have the redundancy of 2 links connecting the new stack.If it is possible are there any best practices or preference in using PAgP or LACP or just going for ON.
View 7 Replies
View Related
Apr 17, 2012
I am running LMS 4.1 and have an issue with Inventory: I have a stack of four 3750 switches, but only two of them are showing up in CiscoView. If I right-click - Topology - Device Report ; I see all four switches. The switches are standard 3750 switches and should be included in the Device Packages for CiscoView
Also if I go Reports - Detailed Device ; I see the same two devices show up under Module Information. However when I go to Reports - Device Attributes ; I see all four devices correctly displayed.
I have tried and deleted and added the stack in CiscoPrime, but with same result.
View 3 Replies
View Related
Oct 10, 2012
I'm trying to use LMS to upgrade a stack of switches that have 1 or more 3750x's and other 3750's. In Software Distribution, if I choose Distrube to devices, basic, it finds the x switch, which is the master but says the others are not candidates. I don't see a place where I can tell it it is a mixes stack and choose multiple IOS's.
View 2 Replies
View Related
Mar 23, 2012
I have a Catalyst 3750 I want to add to an existing stack (same models) through the stackwise port We use some complex QoS and other features on our network, and I'm not sure how much configuration I need to do on the new switch before adding it to the stack. Since this is going into an existing setup?
View 9 Replies
View Related
Jul 10, 2012
One of the stack member has failed and we need to replace the same with the new one.
[code],....
View 7 Replies
View Related
Nov 21, 2011
I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
View 1 Replies
View Related
May 19, 2012
We have two 6k5 configured as vss and it is working fine. For each floor we have a 3750 stack. In each 3750 stack we have 4 switches. From the first 3750 we have a fiber link to the first 6k5 and from the fourth switch we have another fiber link to the other 6k5 switch, for each floor/3750 stack, both configured as etherchannel. We installled each 3750 stack/floor in different maintenance windows; in all these installations we have problems configuring the etherchannel. After we configure the etherchannel on 3750 stack and in the vss, the etherchannel does not go up/up. We see the etherchannel up/down; after a lot off work, try and error, configuring shut/ no shut, adding and excluding links from the etherchannel; in any aleatory moment the etherchannel goes up/up and works fine. Is there any bug related with these IOS versions, or is there any right procedure to configure etherchannel from vss to 3750 stack?
3750 stack config (IOS
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(50)SE1, RELEASE SOFTWARE (fc2))
interface GigabitEthernet1/0/1switchport trunk encapsulation dot1qswitchport trunk allowed vlan 100,101,371,372switchport mode trunkchannel-group 1 mode on!interface GigabitEthernet4/0/1switchport trunk encapsulation dot1qswitchport trunk allowed vlan 100,101,371,372switchport mode trunkchannel-group 1 mode on!interface Port-channel1switchport trunk encapsulation dot1qswitchport trunk allowed vlan 100,101,371,372switchport mode trunk
[code]....
View 7 Replies
View Related
