Cisco Infrastructure :: Route Internet Traffic To Different Gateway Using 3560G Switch
May 24, 2011
My issue: I have installed a firewall within my network. Currently all my clients default gateway defaults to GW:192.168.1.1. I would like all my internet traffic to route to the firewall ip 192.168.1.30. My Primary switch ip is 192.168.1.10, which is a 3560G running 12.2(25)SEE2 IPBASE-M.
My main problem is, I do not have access to the gateway, so I am trying to route internet traffic from within my switch to the firewall. I have already tried Route-Map, but seems this version of the OS does not support. I have already tried Policy-Map, but same as above. I have also tried IP ROUT command, but it did not work either.
And remember, I would like to perform the routing from the switch, because I do not have access to the default gateway which is a router to perform forward internet traffic to the firewall.
View 4 Replies
ADVERTISEMENT
Apr 11, 2012
I have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
View 2 Replies
View Related
Sep 26, 2011
I have some specific traffic that I am attempting to pull off of VLAN 310 at the router, apply a route-map that sends this specific traffic back down to the switch on VLAN 55 (and the private address) and once it hits the switch apply a route-map on that VLAN 55 interface directing the same traffic over to the 72.x.x.9 address which goes through a FAP box back up to the router on another interface.
I have attached the config information, I know this isnt the best practice way to do this however right now this is how I have to do this.When runing a trace from the net traffic stops at .2 and when running a trace from my test /30 it stops at .2 as well. I am not sure what to do at this point
[code]...
View 6 Replies
View Related
Aug 25, 2011
I'm trying to update some of my network diagrams, but I can't find an accurate stencil for the 3560G. All of the 24-port 3560 stencils only have 2 GBIC ports on them, and the 3560G has 4. Seems trivial, but I'd like to have my diagrams be accurate, and this makes that difficult.
View 2 Replies
View Related
May 1, 2013
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
View 4 Replies
View Related
May 1, 2011
Have cisco router 1921 and 3 cisco switch 3560G i want to configure the cisco router so as network 192.168.4.0/26,192.168.3.0/26,192.168.2.0/26, all to access internet R1921(config)# ip nat inside source list 102 int G0/0 overloadR1921(config)# access-list 102 permit ip ?
I am right to do this below?
R1921(config)# ip route 192.168.4.0/26 10.10.10.2R1921(config)# ip route 192.168.3.0/26 10.10.10.2R1921(config)# ip route 192.168.2.0/26 10.10.10.2
assist on access-list and ip route?
View 20 Replies
View Related
May 25, 2013
I am trying to implement static route tracking on a Catalyst 3560G ( WS-C3560G-48PS, IOS version 12.2(35)SE5 and SW image C3560-IPBASE-M). The configuration is as follows:
track 101 rtr 1 reachability
!
rtr 1
type echo protocol ipIcmpEcho 10.199.101.2
rtr schedule 1 life forever start-time now
!
IP address 10.199.101.2 is reachable via ICMP (its the next-hop router).
The static routes configured are the following:
ip route 0.0.0.0 0.0.0.0 10.199.101.2 track 101
ip route 0.0.0.0 0.0.0.0 10.200.52.1 20
But only the secondary route(ip route 0.0.0.0 0.0.0.0 10.200.52.1 20) its being installed on the routing table by the switch.
View 8 Replies
View Related
Nov 18, 2011
I have a customer which has a main location office and a remote one. Recently we interconnect their facilities using a local ISP service called Virtual Connectivity, which basically is a private network which can be accessed over aDSL or any other data circuit. They are using Cisco 888 routers to interconnect both sites.At the main site the customer also has an Internet circuit (with a Cisco 857 router)and he wants to remove the Internet circtuit from the remote site and provide them access over their main location Internet circuit.At the primary offices, we installed Cisco 2811 router as a gateway to route the Internet and remote network traffic over the required data circuit. Everything is working fine, but we can not access Internet from the remote location over the circuit installed a the main site. I understand this is a routing issue, since the traffic hits the main office network it does not knows how to reach the Internet. I am assuming this routing must be set into the main office Cisco 888 router (installed by the ISP to interconnect to their private cloud) in order to properly route it over the Internet circuit.Since I already have access over the Internet router and the gateway router at the main site, but not into the ISP router, is there any other way I can make this configurtion over the routers I already have access?
View 3 Replies
View Related
Nov 22, 2011
I am working for a company based in Sydney Australia, the company recently open an office in London UK, therefore we are going to get leased lined based on MPLS.We were advised that Customer Edge router will be CISCO1941/K9. We want to our UK client to access our web-based applications via MPLS network instead of internet. The UK office is using BT Business ADSL with 5 Static IP address (please note the modem IP address is actually dynamic), we are going to get a Cisco 857/K9 router which will be used for the entry for the UK client to access the MPLS network. My question will be how do I configure the Cisco 857 router to allow one of the public ip to access the MPLS network. It appears that there are two options, and I am not sure if this is going to work or which one is working better. I have attached two diagrams for clarification of my case.
Option 1 Cisco WAN interface get Dynamic IP (PPPoA) from BT LAN Interface (4 Port) get the assigned 5 Static IP addresses One of the five IPs (217.xx.xx.169) will be assigned to the FE1 (Cisco 1941), any traffic to 217.xx.xx.169 will be routed to the WAN interface of Cisco 1941 to access Sydney service (located in Sydney LAN, mostly http and https traffic) One of the five IPs to 217.xx.xx.170 will be assigned to the WAN interface of Sonicwall Firewall Router which also serve as Internet Access Gateway for LAN users, All trafiic destined for Sydney LAN will be using FE0 (Cisco 1941) as gateway
Option 2Cisco WAN interface get Dynamic IP (PPPoA) from BT LAN Interface (4 Port) will get 192.168.0.1, Cisco 857 router will be the default gateway for LAN users, using one to many NAT, also one to one NAT, One of the five IPs (217.xx.xx.169) will be forwarded to the FE0 (Cisco 1941), any traffic to 217.xx.xx.169 will be routed to the WAN interface of Cisco 1941 to access Sydney service (located in Sydney LAN, mostly http and https traffic)
View 4 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Aug 18, 2012
I just got my dad's old notebook (VAIO VPC F223FB) which is better than my older one. So, I did a backup and then managed to clean install a Windows 7 Professional x64.At first I had a problem with the drivers, because the internet wasn't connecting and the USB ports weren't detecting my External Drive. So, I tested other USB port and got it. Installed the drivers and I could connect to the wireless network. But it doesn't detect the ethernet cable! And I want it detecting because then it's faster. I already tried downloading the Ethernet Controller driver. At first, I downloaded through Sony's support site but it didn't recognize the driver. Now, it recognizes but still doesn't connect it. And when I tried Solving Connection Problems, it said the network gateway was accessible but Windows can't receive Internet network traffic.
View 5 Replies
View Related
Jan 14, 2012
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
View 15 Replies
View Related
Nov 13, 2012
I have got 2 Cisco switches (3560G and a 3560X) connected by a trunk port. see config below:
3560G#sh run int gi0/26
Building configuration...
Current configuration : 130 bytes
[Code].....
I can't seem to get VLAN 79 through to the first switch (3560G). Beyond this switch there is a router with acts as default-gateway for the respective VLANs. For VLAN 79 it is 192.168.79.1. I can ping this from the first switch but can't ping it from the second (3560X) switch but can ping 192.168.25.1 which also is the default gateway for this switch.
View 7 Replies
View Related
Aug 23, 2012
On my Gateway laptop there was a switch on the left side. It turned the internet access on or off. The switch broke off, and now I cannot access my wireless internet, I have to be corded.Can I turn off the switch within the computer so I can access my wi-fi?
View 1 Replies
View Related
Sep 4, 2012
Is SSH v2 feature is supported on cisco 3560G switch for below image if no what is the latest image .
c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-35.SE5.bin)
View 11 Replies
View Related
Aug 13, 2012
i facing problem with my switch cisco 3560G, when it power on only System light is green and noting happen. i check with serial cable ( Console) but noting happen no booting.
View 2 Replies
View Related
Jan 12, 2013
We have a Catalyst 3560G 24 port POE switch. It's been running fine for 1+ years. A few weeks ago we enabled SPAN on it to capture packets. Today, we had a random spike in CPU on the switch. Seems hardware swithing continued to work fine, but software based processes choked and effectively took down EIGRP, HSRP, etc. We collect syslogs from the router and we saw 2 crashes/reboots. Both showed the exact same error both times, with the same hex values. I **believe** the CPU usage dropped when a tech disconneted the SPAN port and it's state changed to down, but I'm not 100% sure.Could this indicate an IOS bug (I'm hoping it's not a hardware failure)? And, how to track this down to see if this could be related to SPAN? I've disabled SPAN for now.
View 3 Replies
View Related
Jan 22, 2012
I've a 7206VXR (NPE-G1) router. I would like to purchase a PA-GE port adaptor where I've to use a GBIC connector.
1. Is it possible to have a connection between PA-GE and a 3560G switch (4 SFP ports)? If yes, what type of cables & connectors are to be used?
2. Is there any GigabitEthernet port adaptors / modules for 7206vxr where I can connect RJ45 (cat 5) or SFP modules?
View 4 Replies
View Related
Feb 21, 2012
We have two 3560G-TS-E running 12.2(35)se2, configured as HSRP. Both are running ntp config "ntp peer 210.72.145.44" and it's pretty well that they get the correct time. Yesterday I upgraded the second device to IOS 12.2(58)se2 and ntp doesn't work now. I checked doc that 12.2(58)se2 runs ntp default version 4 so I change to "ntp peer 210.72.145.44 version 3" but still not work. I put here "show ntp" result for different IOS.
IOS 12.2(35)
SW01>show ntp status
Clock is synchronized, stratum 2, reference is 210.72.145.44
nominal freq is 119.2092 Hz, actual freq is 119.2022 Hz, precision is 2**18
reference time is D2EF12A5.2EB2DCB2 (15:07:17.182 GMT Wed Feb 22 2012)
clock offset is -4.6616 msec, root delay is 57.50 msec
[code]...
View 10 Replies
View Related
Mar 26, 2013
I connected my intranet cable to coreswitch 4510 created one vlan 600,that vlan gateway is routable from asa5580.now my intranet people able to ping my vlan gateway but iam unable to ping their ip.i added static route on asa route inside 192.0.0.0 255.255.255.0 10.100.106.1 1 but iam unable to ping remote ip.
View 2 Replies
View Related
Aug 20, 2012
I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources. All BGP incoming via iBGP is tagged in communities:
Community (expanded) access list 100
permit 37xxx:100
Community (expanded) access list 200
permit 37xxx:200
Community (expanded) access list 300
permit 37xxx:300
[code].....
All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100' What I am trying to achieve, is create an EXCEPTION for the policy route. Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...
route-map RTRMAP-OfficeLAN permit 5
match community 100 200 300 400 500
!
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched). However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.
The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10.. It's almost as if seq 5 is matching all traffic.
View 1 Replies
View Related
Apr 12, 2013
Configuring OSPF on a catalyst 3560G Switch to connect to our building next door by way of fiber. The other two switches in the other building are running OSPF, I am trying to connect to the other building and access a server which is on a switch running OSPF. I am trying to configure the switch here to run OSPF and be able to see the neighbor, but currently can't although I've identified the networks. Maybe I'm missing something, I've followed the instructions but something is not right.
View 15 Replies
View Related
Feb 26, 2012
I am trying to get the temperature reading from one of our 3560G Switches using SNMP. When I run an snmpget on the Switch it returns back to me a "1".
So when I run the following I get:
> snmpget -v1 -c public 192.168.x.xxx 1.3.6.1.4.1.9.9.13.1.3.1.3.1005
SNMPv2-SMI::enterprises.9.9.13.1.3.1.3.1005 = Gauge32: 1
But when I telnet to the device and run a "show env temperature status" I get:
# show env temp status
Temperature Value: 32 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 51 Degree Celsius
Red Threshold : 61 Degree Celsius
So I'm not sure why I am getting a "1" when using snmpget on the OID 1.3.6.1.4.1.9.9.13.1.3.1.3.1005 which is (ciscoEnvMonTemperatureStatusValue)??
If I run the same OID on another 3560G Router I get the correct output from snmp....
View 4 Replies
View Related
Apr 15, 2010
I have two 3560G 24 port switches. Each of them connects to some 3560G or 2950 switches. Trunks between 3560G are set as 1000/full. Trunks between 3560G and 2950 are set as 100/full. show int status also shows the interface negotiation is 100/full for trunks between 3560G and 2950. The issue is I keep getting outdiscard errors in trunks between 3560G and 2950. At 2950 switches, I see Recv-errors too. I checked all the trunks traffic. They are totally not high. Only serveal mbps. Most time even lower than 1mbps.
I googled this kind of issue online. I see it could be possibly caused by high volume traffic higher than the capacity. But it appears the traffic there is not high enough to cause this kind of issue. Is there any possiblity that could cause this problem?
The below is 3560G trunk configuration for 2950 switch
interface GigabitEthernet0/10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-122,124-4094 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust cos auto qos voip trust
the trunk configuration at 2950 switch: interface FastEthernet0/24 switchport trunk allowed vlan 1-122,124-4094 speed 100 duplex full
View 16 Replies
View Related
Feb 21, 2012
cant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
View 5 Replies
View Related
Jan 24, 2013
I have a Cisco 2960 ( WS-C2960-8TC-S) running 12.2(46)SE C2960-LANLITEK9-M image.I would like to set an ip route 0.0.0.0 0.0.0.0 87.101.156.97 but the current image does not allow.Will ip default-gateway 87.101.156.97 work or do I need ip routing ?The ISP has provided a /30 address and we are using an additional /29 for our network devices. I dont think this image can be upgraded. I need to forward routes directly out to ISP. [code]
View 5 Replies
View Related
Dec 5, 2012
I have been working on some Catalyst 3750's running 12.2(55)SE6 and hit an issue with CEF load-balancing over multiple equal-cost paths. Anyway this issue is now solved but it introduced me to the command 'show platform forward' - this shows you how the forwarding of a packet would be done via hardware cef (as opposed to the command 'sho ip cef exact-route' command that only shows the software cef path). Anyway I tried the command on a 3560G running 15.0(2)SE and it crashes the switch. I tried it a couple of times and verified that the MAC & IP addresses were exactly right in the command and each time the switch crashes. I have extracted the relevant bits from the crashinfo and attached them.
View 3 Replies
View Related
Jul 27, 2011
We have recently purchased a Cisco SG300 and have been configuring it. [code] The VLANs have ACLs set up to prevent any communication between the Holly and Tempo VLANs (and their associated WAN VLANs).Each VLAN has a WAN available for it's use, which connects to external networks (including the Internet).In order to facilitate this, we have set up all the necessary ACLs and routes and confirmed that this all works.However, the problem comes when we assign the static routes that specify the default gateways.We add the two static routes below:
-0.0.0.0 next hop 10.10.200.254 metric 1
-0.0.0.0 next hop 192.168.200.254 metric 1
In this case, only one of the VLANs has WAN access. It is either Holly or Tempo (it can be either if the order the static route is added is changed).What we need is to force Holly to use Holly WAN and Tempo to use Tempo WAN, but we cannot see a way of doing this.Effectively, we want the following static routes: [code]
View 2 Replies
View Related
Sep 19, 2012
Recently we observed that newly installed WS-C3560CG-8PC access switches are able to communicate without a default route or default gateway.The 3650 switches are used as a layer2 access switch behind a layer3 distribution/core. They have only the management VLAN configured for IP with a single address.
The ARP table looks like there is an implicit proxy-ARP request sent for any IP address.
We definitely have no configuration whatsoever which would explain this.
Is this a new feature? We don't observe that with the older 2960-series...
Here is a brief trace of what's happening (debug arp):
host41#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Sep 20 14:44:06.706: IP ARP: sent req src 10.1.8.41 1833.9dc9.wxyz,
dst 1.1.1.1 0000.0000.0000 Vlan1
Sep 20 14:44:06.711: IP ARP: rcvd rep src 1.1.1.1 2c54.2dd3.wxyz, dst 10.1.8.41 Vlan1..
[code]....
The mac address if of course the mac address of the layer 3 interfaces of the distribution switch, no surprise here (proxy ARP is turned on by default).
Why is the 3560 sending out proxy arp requests without being told to? As far as I understood proxy ARP on Cisco IOS it only means it will reply to a proxy ARP request but will not send out proxy ARP requests by default.
View 3 Replies
View Related
Feb 3, 2013
Last week we had some forwarding issues with our cat 6509e VSS pair, wherby clients could ping the gateway but couldnt route through it! we identified this as being core 2 in the vss pair, yesterday we rebooted the 2nd switch and now the issue has been resolved.
View 4 Replies
View Related
Nov 15, 2012
Configured cisco 881, WAN has static IP address and LAN is nothing fancy. I can ping out to url... or anywhere from the router but cannot from LAN client computers. [code]
View 4 Replies
View Related
Oct 29, 2007
I have an 871 setup at home with a fairly basic configuration (NAT, Firewall, EasyVPN, Wireless). What I've noticed is that for traffic going from the WAN interface (FastEthernet4), it seems to be hitting the ACL in place for NAT. My config: [Code] .......
Where 76.22.98.39 is the dynamic IP address from the cable provider. If the traffic isn't passing through the router, why is it trying to NAT it?
IOS Version is 12.4(6)T9
View 18 Replies
View Related
Apr 19, 2010
I have a 2821 router with two T1 WICs and have the need to route FTP down one T1 and all other TCP traffic down another T1. All traffic is going to the same remote IP address. The remote sites are in different states, and I assume that the remote subnet is being bridged between the states. It's kind of a weird set up, but it's not my design.
Anyway, can I use a route map to split off FTP traffic to host A and send it down one T1 and have the rest of the IP traffic to host A go down the other T1? I also need to be able to have all traffic use one T1 in case the other T1 goes down.
My first thought was to static all IP down T1-1, then route map FTP traffic down T1-2, then have a floating static for all IP traffic down T1-2 with a higher metric. But something would have to track the T1 interfaces and I'm not sure if route maps or static routes can do that. Any thoughts on this?
View 2 Replies
View Related
