I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.
ASA:
ciscoasa# show run interface Ethernet0/1
!
interface Ethernet0/1
[Code].....
i have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies View RelatedIs it possible to trunk a SF300 switch with a 3750 switch? If so how? Whenever I turn trunking on the 3750 port I lose connection to the SF300.
View 5 Replies View RelatedThis is regarding VLAN creation on C3750E switch.I want to create new Vlan 94 on this switch and also I want to allowed same interfaces like Vlan 95 & Vlan 96. [code]
View 7 Replies View RelatedASA 5505, I got a security plus license which allows multiple VLANs.I want to be able to configure the ASA to allow only RDP session (One way) to another Switch where all the VLANs are. I've attached a pic of what I want but I'm struggling.
I looked at documentation saying you should have inside and outside interface but I'm not sure on this scenario.I've configured inside interface on ASA e0/1 and interface VLANs but not sure what to do between ASA and Switch?
Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?
View 3 Replies View Relatedi have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedI am writting in response to MAB issue which I noticed a few days ago and I am still not able to undestand what exactly happend. First of all I would like to say that I configured MAB authentication and according to the MAC the ISE configure a VLAN. All worked well: the test computer can change VLAN based on its MAC. The problem appear when I cut the connection to ISE server. Accourding to configuration the switch authorize the new device to VLAN 11 (critical VLAN) That is fine ! When the ISE server is up again I had a configuration which should reauthorize all ports assign in critical VLAN. But why that is not happend ??? It looks as the switch didn't notice that the RADIUS (ISE) was up and working again. [code]
View 1 Replies View Relatedim trying to move the config from an 3750 to 3750 PoE but without using the PoE options.I have allready download the config with tftp and upload it to the 3750 PoE. Now the new config is stored on the PoE switch but some of the old setting are still there. Not sure why, i think the config only overwrite the settings which are in the conf file and the setting which are not in the conf file but enabled on it will stay on the switch.After the upload of the config file I deleted all the config I do not need by hand.They are some settings i can't delete and I don't know why, this are the sittings:
1. each fastethernet port has this option: "no cdp enabled" this entry was no availble on the old switch, is the any possiblity to remove this entry?
2. the same for "no mls qos rewrite ip dscp"
3 and for this one "vlan internal allocation policy ascending"
The access swtich is a Cisco 3750 and the Core switch is a Nexus 5000 series. I am configuring the switchport were the AP (3502) and WLC (5508) is connected below:
For AP: interface GigabitEthernetX/XX
switchport access vlan 244
switchport mode access
[Code]....
The WLC is connected to the Nexus switch and it is not accepting the 'mls qos trust cos' command.
We are using 3750 switches as WAN router facing the WAN cloud. To configure QoS for its WAN port, should I use 'auto qos voip trust" or treat it like a router port and configure class-maps, policy-maps, and attact service-policy input or output?
Because switches have different queuing and dropping methods than routers, auto qos can generate QoS configs that are considered most appropriate for 3750 switches. However the switch functions as WAN router. Maybe it should be configured using router type of QoS with policy-maps and service-policy?
We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
static (inside,inside) outside_ip inside_ip netmask 255.255.255.255
In 8.4, if I use object nat, the hairpin functionality works perfectly,
object network obj-insideip
nat (inside,inside) static publicip
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
nat (inside,inside) source static private_object public_object destination static public_object private_object
allows hairpinning to successully work from the same machine. Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip. Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.
I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?
View 12 Replies View RelatedI have a 3750 stack of 4 switches that was installed about 2 years ago. Recently I was doing some work on the switch and realized that I am unable to save the config. I amobviously concerned that if the power fails or the switch reboots I will be reconfiguring it and that is not something I am interested in doing!
Here is the error that I am receiving:
switch#copy run startup-config
Destination filename [startup-config]?
Building configuration.
I am uploading new configurations to my Cisco 3750 stacked switch and noticed that after the load I cannot log back into the switch because my password somehow was changed. After performing password recovery and getting back into the swtch, I noticed the configuration register was 0xF. I have never seen this before. The config-register command does not seem to be supported to change it back to factory default. The switch is on a ship which has several power hits when they switch power from shore to ship power.Can this cause the configuration register to change? What is the best way to change the configuration register?
View 1 Replies View RelatedI am using a Cisco E4200 router today but I am moving to a ASA5505. I have a device that sets up a VPN tunnel that I want to put in my DMZ. It's called the ATT Gateway. I have attached the diagram. When I use a Cisco E4200 all I do is put the outside private ip address of 192.168.0.99 of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA. I also need to have the laptop behind the gateway access the printers in the inside network.
View 15 Replies View Relatedso we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It looks like i need to update the ASA version or/and ASDM?
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config? any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
View 4 Replies View RelatedI have stack of 2 switches 3750?I config etherchannel between them.
here is result
2 Po2(SD) LACP Fa1/0/15(I) Fa2/0/15(I)
Both ports are up up but standalone Int port channel 2 is down down.Need to know if this is default behaviour when we config etherchannel between stack switches?
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
I have a 2911 router connected to a 3750 switch. I have configured vlan interfaces on the 2911 router:I am using the vlan 89 (89.2) as the management ip address for me to remotely get to the switch. Is this a proper configuration or could this cause issues in the future.
View 4 Replies View Relatedboot system switch all flash:c3750-ipservicesk9-mz.122-55.SE1/c3750-ipservicesk9-mz.122-55.SE1.bin;flash:c3750-ipservices-mz.122-25.SEE2/c3750-ipservices-mz.122-25.SEE2.bin We have two stack of 3750 switches. When I enter above command getting below mentioned error, two images are showing switch 1, but one image only showing in switch 2, i.e 1st image in show boot command.
%Command to set boot system switch all flash:c3750-ipservicesk9-mz.122-55.SE1/c3750-ipservicesk9-mz.122-55.SE1.bin;flash:c3750-ipservices-mz.122-25.SEE2/c3750-ipservices-mz.122-25.SEE2.bin on switch=2 failed
Since Avaya phones do not run CDP, how does the phone know which DHCP pool to pull from to get its IP address if the PC is connected to the phone.
Let's say I have a interface config like this
interface gigabitethernet1/0/1
cisco3750(config-if)#switchport mode trunk
cisco3750(config-if)#switchport access vlan 126
[code]....
And two DHCP scopes configured on the switch. What keeps the phone from pulling from the wrong scope?
We have a 3750 as core switch with critical oracle servers ( production & development ) connected to this. The goal is to have these servers behind a firewall, which is to be done by logically routing the traffic towards the device.Now, we need to connect the 3750 with two juniper srx firewall physically. The oracle server VLAN will be removed from 3750 and same layer 3 vlan will be created in the juniper firewall. How do i connect the 3750 to the two junipers. what configurations will be involved, on a logical basis.
View 11 Replies View RelatedIs it possible to use Port Security mechanism between two switch (3750 or 3560) ports while trunk has been configured? If it's not possible, is there any other way to ensure that no other Switch can be connected other then the one switch which has been configured/placed by a network engineer?
View 4 Replies View RelatedCisco 4506-E port configuration
WESTERN-4506-01#show int g4/47
GigabitEthernet4/47 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet Port, address is 0022.554c.01fe (
fe)
Description: Trunk to 425
[code]....
Cisco 3750 Configuration
interface FastEthernet1/0/1description 425Linkswitchport trunk encapsulation dot1qswitchport trunk native vlan 30switchport trunk allowed vlan 30,35switchport mode trunkswitchport nonegotiateswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitystorm-control broadcast level pps 300storm-control multicast level pps 300storm-control action trapmacro description cisco-desktopmac access-group AuthorizedHosts in
I have mac address' populated. I can see the device in layout on CNA with the proper name however cannot ping it.
4506 is 10.30.30.1
3750 is 10.30.30.2
I have a couple 3750 switches that I am trying to run VTP Version 3 on.one as primary and the other as "server" which implies secondary from my research. [code]Additionally, running a show VTP devices yields a "No VTP3 devices found" on both devices. Despite ensuring that the domainname and password match.I have a patch cable from Gi1/0/1 on switch one runnning to Gi1/0/1 which from what I read is acceptable on GigE.
View 2 Replies View RelatedI have client who has two distant offices with 3750 L3 as core (do all vlan routing for local office) and multiple L2 access switches with multiple VLAN’s connected to it. First 3750 is hub also connected to internet, second 3750 is spoke and acting as a router on stick. We have eigrp configured on both side ISP provided client 100Mbps link as a trunk with two vlan; vlan10 for voice and vlan20 for data. We assigned two small subnets to these vlans 10.15.17.0/29 and 10.15.17.9/29. Hub addresses are 10.15.17.1 and 10.15.17.9 respectively. How to force voice over VLAN10 and data via vlan20, but still do some load balancing? How to setup default route on second (router on stick) switch?
View 1 Replies View RelatedCurrently we have a 6513 core (running IOS and doing limited routing) with VLAN Trunking to about a dozen 3560 edge switches, with various VLANs going to each of the edge switches. All works well. We are downsizing and replacing the 6513 core with a 3750G stack. We have the stack up and running in the lab, and want to slowly (as we move floors) migrate all of the edge switching to the 3750 stack.
The plan is to connect the 3750 stack to the 6513, then slowly migrate the edge switches to the stack (from the 6513). I would like to put in place 4 x 1GB trunk links between the 6513 and the 3750 stack before I start moving edge switches to ensure adequate bandwidth. Once all of the edge switches are on the new 3750 stack, I will start to decommission the 6513.
What is the best way to configure the links between the cores (old 6513 and new 3750 stack)? I can easily get the edge switches configured to the 3750, but am worried about the core links. I really want to avoid having to perform an all-at-once cutover of the cores. Another question is when do I try and migrate the VTP server role from the 6513 to the 3750 stack? I could simply make everything transparent, and ditch server-based VTP, as we rarely change or creat VLANs.
Is it possible to rate limit on a L2 trunk port on a 3750?
current port config and ios are as follows;
interface GigabitEthernet1/0/50
description *** Connection to Fiber Link ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,172
switchport mode trunk
end
flash:c3750-advipservicesk9-mz.122-46.SE.bin
i was wondering if the "srr-queue bandwidth limit 10" command would work to limit the output from this interface to be 10 % of the port bandwidth and then the same command could be done on the other side.
I am taking only undersize errors on catalyst 3750 trunk interface (attached some outputs)...the other end is a 4500 switch and the interface is clean..can this be related to any bug ? this is my root port and often leading to trouble sometimes STP BPDUs transportation are affected..
View 4 Replies View RelatedA CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs.We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature.
- Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ?
- Do you recommend any other way?
- Any recommended CISCO resource/white paper to read about best practice
I have a 3750 as a core and have a series of HP Procurve switches that are daisy chained using one port. I have two vlans on the port now (6 &9) and everything works fine, all switches communicate and end devices on the switches are also talking. There is a requirement to add a device towards the end of the chain which requires it to connect using Vlan1. Once I add Vlan1 to the port onthe 3750 I lose connectivity to all the HP switches.
View 4 Replies View Related