A friend of mine faced an interview, the question is what if there is no STP feature in the switches over the network and what would be the alternate method to avoid any sort of loops?
I guess we can think beyond till layer 3 devices by using some split horizon commands?
I have a 3560G connected to an ASA FW, both running layer 3 and hosting 6 or so VLANs. The switch is the default gateway for all VLANs (client request) and therefore see's all networks as connected. I used route maps to push the traffic from the switch to the FW so that it got firewalled before being delivered, but I cannot use one of the commands for failover should the FW fail (I wanted to route locally should the FW fail). If I placed all VLANs in their own vrf, NETA would not longer see NETB as a connected network and would follow the route to the FW's NETA interface. I could then inject the connected into each vrf but adjust theirf metric so that they are less preferable than the route to the FW. Should the FW route die, the next route would become active and traffic would route internally to the switch.
View 5 Replies View RelatedI used to have the problem where QuickVPN keeps on trying to verify the network because the RV042 cannot get the final ping to the client.I then bought a RV042 HW version 3 on the VPN side and I installed RV042's at the clients as well.This may look like overkill but believe me, it gives peace of mind, it made things a whole lot better, everybody happy.I am going to set up tunnels but for the time being the clients use QuickVPN. The above setup is all good if people access the vpn from the same source.
I now have a problem where one of our people is in Vietnam and she cannot access the vpn due to the "verifying network" loop.Looking at the log everything looks great, I compared a successful connect with an unsuccessful one and the logs are identical.The only difference is that the final ping is blocked (recorded in the QuickVPN log on the client side).The client uses W7 with firewall on.No need to repeat suggestions, such as turing printer sharing off, I have been through all that. isn't this simply caused by the ISP in Vietnam blocking pings ?
My roommate has just gotten a second hand laptop and he's trying to connect it to the Wireless network so that he can browse the internet from his room.However, although all the settings are correct, attempting to connect to the network loops.It comes up showing the Wireless Networks available, I select the network and click connect, it then asks for the encryption key. I enter the key and hit connect again, it comes up with the 'Connecting' pop-up and then loops back to the Available Networks screen again.There are no error messages, it just goes back to the starting screen and it hasnt connected.The Laptop in question is a Lenovo T60 with a Intel PRO/Wireless 3945ABG card.The router is a TP-Link TD-W8960N.
View 5 Replies View RelatedRecently we got a cisco catalyst 4500 and six 2960 access switches. I need assistance on configure spanning-tree and faster convergence on my network to avoid loop.
[code]....
How would I connect hopes to router without getting ip addresses from linksys router , rather i want to get ip addresses from Server 2008 that can be done by DHCP server, in that case how would i disable ip addresses getting from linksys router? each time I connect new hopes to network those pcs should get ip address from Server how it can be possible.
View 4 Replies View RelatedWhat if i run ospf in all of the routers in network diagram ? does it caus loops ? if so how to prevent it ?
View 8 Replies View RelatedIve been trying to figure out what is wrong with this MGX8950 for a while now, it keeps repeating...(i attached a longer file)Also, Ive tried 4 different PXM-HD backcards and 3 different PXM 45/C. I even went as far as dismounting all of the linecards and using 2 different UI-S3 cards.This item was shipped to us via freight on a pallett and all we know is that it came out of service from somewhere that was using it.
View 8 Replies View RelatedHave a number of organisations that I work with who are currently all changing their ISP to a different one. The company who are supporting this are introducing a new router and firewall to the network and removing the old layer 3 switch. Firewalling and filtering was previously done off site but will now be handled by the ASA 5505. I personally do not have permission to configure the ASA (nor would I know how to) So these places are set up with 2 ip ranges, so int 0 on the ASA is 10.0.0.1, int 1 is 10.0.1.1. The Cisco ASA has been configured with the same settings on it's required ports as the old layer 3 switch had, so nothing much has to change on the internal network. Problem is that the old layer 3 switch must have only been passing data through at layer 3, so basically not switching and not creating networking loops. It seems that due to certain required network topologies, switch A is connected to switch B, which is connected to switch C, which is connected to the ASA, but switch A will also be plugged into one of the interfaces on the ASA (creating a loop). As I've said, this was not a problem with the layer 3 switch but now the ASA must be switching at layer 2 (I guess...?) as well as routing to the internet (which is required for both ports, which are vlans) and so is messing up the lan with a switching loop.
can the ASA 5505 be configured so as to allow access to the internet for both vlans/ip ranges while also preventing switching loops being created? It seems definite that this is being caused by the introduction of the 5505 as the old setup was exactly the same, it's just that the 2 cables have been plugged into the 5505. We do not have the option of using STP here as the rest of the switches on the network are unmanaged.
I have a WRT160Nv3 router and I have been getting terrible lag spikes over the last few days, we have 10Mbps cable internet, nothing to fancy but about once every 5-10 minutes it will drop to .4-.5 Mbps for several minutes, When I make a direct connection from modem to my computer i get the full speed I should be getting of about 11Mbps. The lag persists in both direct connections and wireless.
View 1 Replies View RelatedFor last few days I've been reading about Spanning Tree Protocol ,L2 protocol and understood how it prevents loop in network ,various steps in STP but one thing i wanted to know how STP actually detects the loops in network so that it can prevent it.Somewhere I read STP uses BPDU as probe and detects loops I mean how it happen is when switch send a BPDU with Destination Address as multicast and receive same BPDU again mean there is loop in network .But is it how STP detects loops in network?
View 5 Replies View RelatedI am a network tech at a local school district (easily enterprise network). I am just a worker bee, so have no say in the design of the networks. Our topo at a site goes WAN rtr---LAN rtr (6500 of 3550)----distro switches----access switches.
Now at most of our sites we use Extreme, which has a handy feature called ELRP Extreme Loop Recovery Protocol, despite the name, this mechanism just detects loops, in the logs we can see, ok...off the LAN rtr, port 2, then on port 2 we see whats hanging off it...ok, loop off port 5 of that switch.....and work your way down the room.
We do not have STP on our network (dont ask) and yes, logging is not set to standards also......what is the best way to detect loops? Commonly these loops come from classrooms that have mini-sw's that are looped onto themselves or a wall jack connected to mini sw and that mini sw then connected to another wall drop going back to same sw. Sometimes I disable all ports minus the WAN uplink on the LAN router, then enabled ports one by one while having a LR hooked up to a user facing rj45 port on the 6500 and when the LR (link runner) shows 100% util, I know that port is now suspect.
I am looking for ways to avoid deleting files from the flash in a Switch 2960, I found some scripts TCL / EEM but this switch does not support EEM (IOS c2960-lanbasek9-mz.122-58.SE2.bin).
View 13 Replies View RelatedI have an Extremely Old switch that I need to connect to my network. Because it is so old I don't want it to become the Root Switch.
what is the command to change the priority. (Honestly I don't remember if it has to be a lower number 1 or a higher number ). Always get that mixed up. I've read about root guard, but I would like to prevent it manually. (It is a small network after all)It is a Cisco 2950.
Any opinion on what could cause loops on nexus 5000 ports that are connected to esx hosts ?
View 3 Replies View RelatedI have a network where if an end user attaches an hub to the network, or rather one of those cheap unmanaged 8-port mini-switches and then plugs the two ends of the same cable into two ports of that mini-switch, all the network goes down. Loops are generated and many uplinks are shut down in err-disable state due to the loopback reason.
I know I could discourage the use of those mini-switches using port security. I even have NAC (cisco) deployed on the network, but there are cases where that mini-switches are allowed by the managment.In those cases, is not possible to exactly know wich hosts (mac addresses), and even how many of them will attach the network concurrently.As I know, they could even chain many mini-switch one to another. Of course, when even a single mini-switch is allowed on the network, it raises as a security hole.
Is there a way to allow the use of those devices without the risk of network outages? Some STP protection method? The best would be to have the Cisco access switch to get aware of the loop on its affected switchport (where the mini-switch is attached), immediately shutting down that port (to avoid loops on the network) and maybe sending an SNMP trap or a syslog message.
We are using Cisco Catalyst 2950 and 2960 for our access layer.
We have an environment where users create a lot of bridge loops. We have tried to send E-mails about it and educate the users but it is almost a lost cause at this point. The loops are created when users don’t pay attention and they plug a patch cable coming off of an access port up to ANOTHER access port by mistake.
All of our access ports are from 3750 stacked switches. The way we tried to deal with this in the beginning was with BPDUGuard and ERRDiable (BPDUGuard) auto recovery. We turned BPDUGuard on globally and left BPDUGuard auto recovery at the default value (I believe it was 30 seconds). so a loop would be detected and after 30 seconds, the switch would try to enable the port and if the loop still existed, close the port for 30 more seconds. Then we started having problems with printers getting "fried". Their NICs would die out and the control board would need to be replaced. After a lot of troubleshooting and testing, it was determined that allowing the ports to come out of ERRDisabled state would flood the network and the packets would generate in the millions per second range and fry the NIC of these printer.
The fix for this and saving the printers was terrible. We removed ERRDisable auto recovery and just let the ports that are looped stay in an ERRRDisabled state. We wait for the user to figure out the loop and try to use the port and then put in a work order. Then we physically visit the site and verify the port was shut (ERRDisabled) from a loop and we bounce the port (shut/no shut) and everything is resolved. I did lab tests with a switch looped and a printer on the switch and watched it fry. We have had no printers fry after we removed the auto recovery protocol at every location. Only the locations where loops existed and auto recovery protocol running were printers going bad. What I found during my lab tests was that each time the port was auto-recovered (yes, for that millisecond while it checks if a loop still exists), more packets were re-generated and eventually enough was re-broadcastthat printers would go down. We never had a problem with computer NICs. I guess the cheaper printer NICs couldn’t handle the broadcast storms created by this. I tried playing with the auto recovery timers and even the highest setting would eventually re-create these storms.
So my question is what best practices are others using? Should we get rid of BPDUGuard and just try to let spanning-tree handle these bridge loops? Is there something else I can try? I’m not CCNA by any means, just trying to do what I can in my environment. Manually visiting sites when loops occur is becoming more and more my job, though and I have plenty of other things to be doing.
Stange problem which I encountered today, I have a Cisco 2960 which is connected to a netgear. The switch started showing itself in CDP and was running STP. I checked the cables physically today and noted 3 uplinks to the netgear, all port on the Cisco active and forwarding and green lights.
The Cisco was running STP, I changed it to R-PVST and the lights on the Cisco went crazy and I got the message port flapping on the switch but the switch did not block any ports (all ports on same vlan).
There after I changed it back to stp and the switch blocked the other up links apart from one.
Sure R-PVST is far superior than STP?
My mum is running Windows 7 Home Premium on her laptop, with AVG Free Anti-Virus. She uses Chrome, Firefox, and Safari. Cookies are enabled on all browsers.I'm running Ubuntu "Lucid Lynx" 10.04. I use Chromium and Firefox, occasionally Opera. Cookies are enabled on all browsers.I also have an iPad, which is running the latest software. Never had a problem with cookies before.My brothers use Facebook through Xbox. They can't log in either.My router settings are set to allow cookies, and according to my ISP, my internet is up and doing fine.Now, the issue ...My mum noticed a login loop when she tried to get into Facebook. Every time she tried to log in, it would just redirect her to the login screen. I tried the same thing to no avail. I can't log in to some other sites as well, such as Photobucket. I can't upload to tinypic either. However, as you may have noticed, I can log in to forums just fine - however, it only keeps me logged in for one session, even if I ask it to remember me.My neighbours don't seem to be having this issue - except for the neighbour that shares our internet. She can't log in to Facebook either. I thought it might have something to do with our IP, so I tried using the Tor/Vidalia proxy assistant to log in to Photobucket from a different server/location. It worked. So, we can log in to various websites via proxy, but not from our home IP.
View 5 Replies View RelatedI'm suffering from an annoying problem with my E4200 router. I have a DSL connection. I have my DSL modem in bridge mode and I have my router set up to sign into my ISP's PPPoE to avoid double-routing. This set up worked marvelously with my previous WRT54G and WRT610N routers.Now the E4200 signs me out of PPPoE every ten minutes or so. I have the connection setting on "Keep Alive" but it seems to be dropping the connection regularly. I took the router back and was given a replacement. The new router is doing the same exact thing and now I am beyond the 30 day return limit so I'm stuck with the E4200. I'm running the latest firmware 1.0.03
I reinstalled the WRT610N and the connection is steady but the WRT610N has its own problems (devices connected via wireless cannot see wired devices and vice-versa). I'd like my new router to actually work properly. I've ruled out errors on my end and given that two brand new units of the E4200 generated the same problem I tend to believe it is a design error.
I have a Cisco EA4500 wireless router. The only issue I have had with this router is when power gets disconnected or if I have a power outage, I have to go through some loops to get it to work again usually taking upwards of 45 minutes to fix.
View 1 Replies View RelatedWe had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0). The original configuration.
View 2 Replies View RelatedWe had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0).Incoming mails are going thru Spam and Virus Blocker so that bypassing SMTP inspection is not security issue in this case.
View 1 Replies View RelatedI have a relatively simple question. I would like to create a private network within a larger network, the private network having several clients. I would ideally like the router to appear as the only device on the larger network and all data to be sorted by the router to the clients in the private network.
Will the Netgear FVS318G be able to do that? It seems to have the necessary NAT options.
My company have a Cisco PIX 525 firewall which is cater for NOC internal data network and also voice network, the subnet for data network is 192.168.2.0/24 and the subnet for voice network is 172.16.2.0/24. someday this NOC firewall was faulty. I was migrated the data network from this NOC firewall to the other temporary firewall just at the moment. And the voice network i migrated it from where it orginal at NOC firewall to a VOIP system which actually having a connection with my temporary firewall(This temporary FW only to take the traffic of data network). After the migration of data network from old firewall to temporary firewall and also the migration of voice network from old firewall to PABX system. The subnet for data network remain the same as 192.168.2.0/24, but the subnet of voice network i edit from 172.16.2.0/24 to 192.168. 3.0/24.Now when i want to use one Cisco router 2600 to replace this temporary firewall then facing problem at the voice network....The data network after migrated from temporary firewall to new 2600 is ok, users can browsing. But when i trying to at the same time when the data network been migrated , it will affect the voice network which still located at PABX. ..user cannot make call...I was thinking reason because this voice network which currently in 192.168.3.0/24 is tight to somewhere on the 192.168.x.x at the old firewall internetwork. So, when i migrated the data network over to new router, it will also cause the failure of voice even thought after i migrated the voice system to new router.So when i do the disaster recovery back to the temporary firewall for both data and voice. The voice is resuming to normal.
View 4 Replies View RelatedI'm trying to configure my BRI interface in "network protocol-emulate network" and "layer1-emulate network" but i don't have this second command.Is someone have allready to that with this type of interface ?I've to configure this because the ISDN line of my telco is in user mode only.
View 5 Replies View RelatedWhat's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
View 4 Replies View RelatedHaving an issue with a Cisco Linksys E1500 on a home network. The device has a feature to provide a guest wireless network but the guest network can't get to the internet. A wired connection is fine, as is the normal wireless network but not the guest. The cheesy thing is, that it doesn't list an option for what type of wireless security protocol you want on the guest network. I'm assuming that it uses the same security protocol that the normal wireless network uses, but who knowsEspecially weird is that it asks you what password you want on the guest network but then the guest network show to be insecure when you try to connectthought maybe it was something funky with some of my configurations so I went ahead and factory defaulted it and just set it up with an insecure network for both the normal and guest networks. This didn't solve it. The guest network still couldn't get to the internet. In fact, the guest network can't even ping the router.
View 1 Replies View RelatedI have 4 computers (3 laptops, 1 desktop) in a shared office. We get internet access using their wireless network. All works fine. However, I need to share a printer amongst all of the computers. The printer is LAN enabled and I would normally just put all the PCs on a hub, together with the printer and share it that way. BUT my question is can we access the internet using the wireless network and the printer using a separate wired network at the same time?
View 7 Replies View RelatedThis past weekend I went out of town and took my Windows 7 laptop with me -- since I returned home, it has been unable to connect to my wireless network. Other devices in my home connect to the network just fine, and the problem laptop has always been fine until now. My network card is an Atheros AR9285, and I'm attempting to connect to a Medialink router with WPA password protection and AES encryption.My wireless network icon in the task bar has a yellow sign with an exclamation point in it. It says "No Internet access."
View 1 Replies View RelatedI use my desktop for streaming media throughout the house. I found it was causing lag for gaming most likely because it was taking up all the bandwidth for the router. We had a 2nd router laying around as well as a 2nd wireless adapter so we set up a 2nd network that was not connected to the internet for strictly media streaming.I attempted to change the network settings so the internet connection appeared as a public network so that streaming of media was hopefully diverted to the non internet wireless adapter.I want a faster way of transferring large video files from my laptop to my desktop. I recently bought a crossover cable to do this through direct connection.Both use the same user name and password as well as run the same win 7 pro however the desktop is the 64 bit version. I set up both ipv4 with the same addresses.When it has worked I am only getting a connection speed of just over 10mb and once I connect the crossover cable between the computers it knocks out my internet connection on the wireless card.
View 5 Replies View RelatedI seem to be struggling to connect more than 4 cameras to my (ISP-supplied) modem/router by Netgear CGD24N via WPS. I'm on my 5th camera now (already have 3x 930L and 1x 942L) but the newest 942L just won't connect to the network at the moment and there's definitely no faults here as I swapped cameras today at the local retailer (and got an A3 942L!).I've even tried connecting the camera to my wireless extender (Netgear WN3000RP) but no luck there.
So far it has only worked twice for short periods of time (enough for me to configure the cameras) but since then I can't actually get it working. I've got a couple of spare wireless routers lying around too and should be receiving a DIR-600 soon (from the Netgear promotion in Australia) which could be useful?
I connected my camera to my router with a network cable. It is a DCS-2121, H/W Ver A2, with firmware 1.04_FR.It received an IP address and I could access it fine with a web browser.Then I configured it to work wireless.I disconnected the cable but the camera wasn't accessible.Since I couldn't find it I re-attached it with a network cable, but this didn't work.So I pressed the Reset button to start over again.However, now I cannot get it to work anymore. When I plug in the camera and have it connected with a network cable to the router the status light remains RED.When I plug it in without a network cable the status led remains RED.When I connect it with a network cable to a computer directly, the status led remains RED.I've tried changing the network settings of my router to use 192.168.0.x as range, but it makes no difference. In all cases the status indicator remains RED.
View 2 Replies View Related
