Cisco Infrastructure :: Blocking ICMP On Catalyst 3750 Switch Vlan?
Apr 7, 2011
I have set up an ACL on my 3750 switch to deny icmp from PC A on our inside network to PC B on a different VLAN on our inside network using the following ACLs:
deny icmp host 10.1.17.15 host 10.3.10.4
deny icmp host 10.3.10.4 host 10.1.17.15
-- or --
deny icmp host 10.1.17.15 host 10.3.10.4 echo-replydeny icmp host 10.3.10.4 host 10.1.17.15 echo-reply
These ACLs belong to an access-list that also limits ip traffic to a few specific machines.When I try pinging from PC A I receive a reply message back from PC B. Shouldn't this configuration block any ICMP from PC A to PC B and from PC B to PC A? I would have expected the first ACL statement to block any packets associated with ICMP and when that didn't work I tried the second configuration.
View 6 Replies
ADVERTISEMENT
Nov 15, 2005
My switches is still operating but when i ping the switch, there isn't any reply. No icmp reply from catalyst 2950 switch
View 6 Replies
View Related
Sep 10, 2012
i am facing a problem when the client vlan is commmunicating with the default gateway on the core 3750-x.
ios in 3750-x core is 3750e-universalk9-mz.150-2.SE.bin. But, client to client communication is happening without any dealy and icmp is less than 1 ms always.
When try to ping default gateway of client vlan, it is getting delayed (variable icmp delays). Is this an ios bug?
View 2 Replies
View Related
Dec 17, 2011
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
View 4 Replies
View Related
Jul 10, 2011
We have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
View 1 Replies
View Related
Aug 25, 2012
I had setup a lan infrastructure with 5 3750 stack swithes. In these 3 of them are in one stack which is acting as access switch, 2 of them in another stack which is as core switch where all the SVI is configured. Now, when i tried to ping from our edge pc which is connected in access switch to default gaeway, which is configured in core switch, the ICMP is getting delayed . But when try to ping from the same edge pc to another user PC, it is getting less tahn 1 millisecond icmp replies.
why icmp is delaying to default gateway , but working with another edge to edge pcs without any delays?
View 1 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Apr 12, 2005
Is it possible to enable login by http (web interface) to catalyst 4006 switch with WS-C4006 Software, Version NmpSW: 6.3(5) ?
View 21 Replies
View Related
Nov 8, 2012
I have 3 VLANs here that need to be on the same network segment. They are going to be used by our Wi-Fi network (with Aironet APs), bound to 3 different SSIDs (as Aironet APs doesnt allow multiple SSID per VLAN), each one with a different authentication method and server.Is there a way to bridge those VLANs together with a Catalyst 3750 switch? I tryed configuring an IP address on one of the VLAN interfaces, then configuring a bridge with the vlan-bridge protocol (Catalyst 3750 doesnt have the "ieee" bridge protocol type) and put all 3 VLAN interfaces on the same bridge-group, but it didnt work (even with "bridge x route ip").I also tryed configuring IRB bridging, with the 3 VLAN interfaces on the same bridge-group and an IP address on the BVI interface (the way I used to do with old 2600 routers). Same result.(actually, I didint test to see if the interfaces are actually being "bridged", but I see neither of them can reach the router)
View 1 Replies
View Related
Feb 12, 2004
i want to know if the new Catalyst 3750 Support Private Vlan ?
or any other small Switches
View 3 Replies
View Related
Apr 15, 2011
I have several 2960s and 3750s and two 6506 (ws-cac-3000w) recently move to new location The power outlet is the same ,but Volt is different current 2960/3750 use this(one phase 3 wire) 220v and new location change to (from 3 phase 4 wire -> one phase 220v)6506 current using(one phase 3 wire) and will be change to (from 3 phase 4 wire -> one phase 220v)
I had search doc about power supply /cable , only show support single phase 220 v ,but not description vlot between each wire !!Does new location power outlet suit for 2960/3750s power and 6500 ws-cac-3000w ?!? Do I need chane power outlet back to current using?
View 1 Replies
View Related
Apr 14, 2013
I have installed a Catalyst 2960-S and a 3750-X-12S and I am trying to setup a VLAN 51 for some VoIP phones. I have added the VLAN as an interface on both switches, but the 3750 is not showing VLAN 51 as active when i do a show vlan. Also, it omitts showing Gi1/0/1 & Gi1/0/3 which are uplinks to 2960-S switches plugged in and working on VLAN1.
Catalyst3750SFP#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
[Code].....
View 2 Replies
View Related
Dec 20, 2012
My architecture is the same as show on the link with some difference.I use the router 1841 for inetrnet connexion instead of 7200VXR, this router 1841 is connected on the catalyst 3750 port G1/0/1.I use catalyst 2960 instead of catalyst 2950 or 2948.I use ASA 5510 for conexion on remote branche(I have 5 remote site), This ASA is connected on the catalyst 3750 port G1/0/37
Result of the test:
-I can ping devices in the same Vlans
-I can ping devices in different VLANs
-I can ping all device from the catalyst 3750
I cannot ping the router 1841 or ASA 5510 from the any devices (computer)The gateway of each computer is the correpondant VLAN IP address configured on the catalyst 3750.Why I cannot ping the router 1841 or ASA 5510 from the any devices (computer)
View 19 Replies
View Related
Feb 20, 2012
i have a catalyst 3750, in this switch i have 3 vlan, i need to secure trafic between vlans but im confused ,should i use ACL or VACL to secure ?which is the best ?if i use ACL to secure and limit ports between vlan, which is the best practice to apply the acl ( on th inside or outside of interface)
View 2 Replies
View Related
Jul 27, 2011
A customer is expanding their network into another wing, and they have a good number of existing Small Business switches (specifically the SGE-2010P - [URL] that they're interested in possibly deploying. They have a full-blown Cisco infrastructure and voice deployment (Cat 6500 core switches, 3750 switch stacks, Communications Manager w/ over 1,000 phones, etc.).
The general concern is whether there is ANY known issues or concerns with trying to mix/integrate the Small Business equipment with non-SMB infrastructure. Looking at the datasheet for this switch, it's clearly PoE, supports QoS, although it doesn't specifically indicate it can provide a voice/auxiliary VLAN for a phone detected by CDP - that would be a big deal. So basically, "a switch is a switch", and I'm just posing this question to make sure there's no reason (technically or from a support standpoint) that we would not recommend integrating these.
View 1 Replies
View Related
Sep 4, 2012
I have a problem, here are the situation
- 1 Catalyst 3750
- 1 Catalyst 2960
- 4 Finger Print
- 1 HUB
Configuration
- Catalyst 3750
Interface VLAN182
IP Address 10.62.182.254 255.255.255.0
Interface G0/2
Description Finger Print Server
Switchport mode access
[code]....
Here are the problem,If i connect Finger Print Device to port catalyst 2960, some device not sending data to server, but if i connect all Finger Print to HUB and from HUB connect to Catalyst 2960 at port F0/5, All Device(Finger Print) can send data to server...Is there any special configuration in catalyst so all device can direct connect to port catalyst 2960 without HUB?
View 3 Replies
View Related
Nov 15, 2011
I have a question if I Stack a Catalyst 3750 L3 with a Catalyst just L2, will we able to use all L3 capabilities?
Switches are
WS-C3750G-24TS-E1U
WS-C3750V2-24PS-S
View 4 Replies
View Related
Aug 25, 2012
I have been experiencing a strange problem i have a switch stack of 3750 in which 4 switches are cascaded. there is one one switch shows PROVISIONED status when I run "show switch". i have verified the stack cable connectivity its OK.
now when i try to console that particular switch i am unable to access it as well. I tried to reboot that switch and on reboot it only shows one LED syst blink once and after that remains constant and nothing happens to other LEDS. from the back of the switch FAN is working fine.
View 4 Replies
View Related
Sep 10, 2011
Working on my CCNA w/ live equip, I accidentley deleted the hardware IOS- yes, beginners mistake. Upon bootup, I do not get a command prompt. I tried the recovery procedure(hold mode button before power up) recommended by Cisco to no avail. My issue is I use SecureCRT & the charaters/font is ineligible. Here is an example of what I see when typing; "þæb Bûÿÿûýÿ¿¿ÿÿ". Currently, the SYST indicator is blinking & I have no access.
View 3 Replies
View Related
Mar 23, 2012
I have a Catalyst 3750 I want to add to an existing stack (same models) through the stackwise port We use some complex QoS and other features on our network, and I'm not sure how much configuration I need to do on the new switch before adding it to the stack. Since this is going into an existing setup?
View 9 Replies
View Related
Feb 19, 2013
In my ongoing project i need to monitor cisco 3750-X port status (uplink/downlink) i.e. whenever there is some problem at a specific port. I need to monitor it through an OPC server and right now what i am doing is as follows: i am using Kepserver and i have added SNMP driver in it for that purpose i am not a networking expert but what i have learnt till now is that SNMP agent (that resides in switch) delivers the status of MIBs to SNMP manager ( which in my case is kepserver (opc server)) for the above purpose i am adding IF-MIB to monitor OID 1.3.6.1.2.1.2.2.1.8 (which shows port statuses) but when i add that in OPC server then it indicated that this OID is not available in the Switch ( it might be disabled) so i need to ask if there is any way to enable OID's in a switch,
View 0 Replies
View Related
Jan 5, 2011
I have got a new 48port Cisco catalyst 4948 switch, which I configured as a VTP client and connected to Cisco 3750 which is a VTP Server (this switch is on production network). I connected port g1/0/48 from 3750 to port g1/48 on 4948 through a straight cable and made both ports as trunk port (I also tried through cross cable). The problem is these two switches are not detecting. For testing I connected a PC directly to one of the port on 4948 (making that a switch port) still the LED on switch didn’t glow up. Is there any special command needs to be run on 4948 switches to activate its physical ports?
View 7 Replies
View Related
Oct 5, 2012
Device: Linksys E1500 - firmware: 1.0.01? I've got a static IP setup for a small remote office and want to keep tabs on their internet connection by pinging it via a monitoring program we use. However, the router seems to not responding to ICMP.
- Filter Anonymous Internet Requests is unchecked.- I've verified that the Static IP is correct.
- I've tried pinging from several remote locations on different connections, with no avail.
I can't seem to figure out why i can't ping this device. I just want to make sure there isn't a setting in the wireless router that is preventing echo replies.The only other thing i can assume is that Comcast is filtering ICMP on their side of the WAN connection.EDIT: Here's a traceroute from my PC to the WAN side of the Linksys....
Tracing route to 50-194-XXX-XXX-static.hfc.comcastbusiness.net [50.194.XXX.XXX]over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 172.25.2.1 2 6 ms 16 ms 6 ms 10.0.0.5 3 9 ms 8 ms 8 ms 10.0.0.1 4 7 ms 7 ms 7 ms 10.0.0.2 5 8 ms 7 ms 7 ms ont-static-208.57.XXX.XXX.mpowercom.net [208.57.XXX.XXX] 6 7
[code].....
View 3 Replies
View Related
May 14, 2008
The Catalyst 3750 switch reboots, and the " Reloading because of stack merge or communication failure" error message appears.
I saw this issue at "Cisco wiki" but the resolution in that page is just "Open a case with TAC". Because of the reasion is H/W Problem.
Is The resolution only one ? anything else? The 3750 does not use Stack.It is just stand alone. So i think it has other resolution as "disabling Stack" or another one. How about my opinion ? Is the Resolution only "Open a Case with TAC"
View 4 Replies
View Related
Mar 13, 2013
One of my Catalyst 3750 switch have many out drops, I execute "sh mls qos int g2/0/3 statist" command, there are many output drops in queue3 threshold3. [code]
View 8 Replies
View Related
Apr 23, 2013
I want to limit the bandwidth of my Catalyst 3750 series switch, I read the cisco documentation and I applied the commands but I didn't get the wanted results.
For the outbound traffic it's ok, but for the inbound traffic I used policing but I get an unstable traffic. I used, an access list and a class-map to classify the traffic and then a policy-map.(I followed the steps mentioned in this site: [URL]
View 4 Replies
View Related
Jan 20, 2013
Is there a command that can be used to view what type of SFP module that is installed in Catalyst 3750 switch?
View 6 Replies
View Related
Oct 24, 2012
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies
View Related
Oct 28, 2012
I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).
View 2 Replies
View Related
May 27, 2013
I'm having some trouble getting my head round the following but I think it's routing related?
I have a Cisco 3750 switch with the following configured:
interface Vlan1
ip address 192.168.0.223 255.255.254.0
no ip route-cache
[Code].....
The 3750 is connected to a firewall which handles the routing. From the 3750 I can only ping remote networks from the vlan1 interface not from vlan6,8 or 10 i.e ping 10.34.37.101 (remote network) source 192.168.0.223 (vlan1) works but ping 10.34.37.101 source 10.74.10.1 (vlan10) does not? I can ping 10.34.37.101 from computers on the various vlans but not from the 3750 it self.
I looked at setting a default gateway for the various vlan interfaces
View 3 Replies
View Related
May 6, 2012
My core switch is a 6509-e and my IDF closets have 3750's.I have a couple of vlans currently setup, that can communicate with each other.VTP is setup Client/Server where as my core is Server, all IDF's are Client.
What i'm trying to do is create an isolated VLAN. I want to setup a DHCP scope and use helper address. When i plug in a client to that VLAN, i want it to get an IP, but not have any other network access.
Is this possible to do without switching to Transparent mode? If not - what reprocussions will i see by switching to transparent mode?
View 9 Replies
View Related
Aug 22, 2011
I would like to push route for admin services (Vlan20) to bypass the firewall via an other connection (CSI to CSE). So my first choice was to create a route-map in (CSI) but I don't know how to do it. On my Firewall ASA, I don't have any Context License, that is why I would like to do it like this.
I have included some part of my initial configuration CSI and CSE and diagram.
CSI configuration (Switch L3 3750) {
interface GigabitEthernet1/0/1
description To ASA
no switchport
[Code]....
View 1 Replies
View Related
Mar 6, 2013
I have a 2911 router connected to a 3750 switch. I have configured vlan interfaces on the 2911 router:I am using the vlan 89 (89.2) as the management ip address for me to remotely get to the switch. Is this a proper configuration or could this cause issues in the future.
View 4 Replies
View Related
