Cisco :: L3 4948E-E/4948E-S Switch With ASA Configuration?
Dec 5, 2012
I have been asked to look at designing a network internally. I have no control of the upstream network besides requesting changes.Essentially I'm confused as to the best way to approach configuring the following and wondered if you could share any experiences. It's stretching the limits of a CCNA IMHO, although I understand a lot about networking this is one area where I'm a little sketchy.
Kit list:
4948-E-S or E-E switches.
Cisco ASA 5545 firewalls
Cisco ASA 5520 firewall
& Multiple L2 switches
- I have 3 subnets in total, a /29 for routing and two larger subnets routed to the /29
What I'm trying to do:
1) Have some hosts protected by the ASA 5545 firewalls, probably in routed mode (that's the confusing part). I cannot use NAT so the inside interface/VLAN would need public IP's.
2) Have some hosts not protected by the ASA, therefore straight out onto the public Internet with no firewall whatsoever, they connect directly to the L3 or to the L3 via a L2 switch.
3) Have the ASA 5520 take an IP from the public (non-protected range), as this will be a VPN endpoint too and will also need to have NAT enabled. This should be easy as it just takes an IP from a public subnet, the ASA 5545's are the tricky part as they cannot use NAT at all. I've also been advised not to use Transparent mode either.
4) L3 switches are essentially external switches, doing the routing for our subnets, before upstream.
5) Upstream provider provides gateway with HSRP, we're looking at using HSRP and a routing protocol on our side over two 4948 switches. Any recommendations on this?
6) Further to point 5, we do not currently have any ability to do BGP or anything. That would be done by a separate team, upstream.
Note: I've also got to justify the use of each IP to the network management team, they are quite stingy so I have to be careful that I don't waste too many IP's for core network. So what I'm thinking is I have to create subnetworks of my main subnets to break them up into smaller pieces, and then add some onto the inside interface of the ASA and others will be on the L3 switch. Then of course route the networks to the ASA outside IP. Saying that, I'm not clear if I should create a /29 or /30 to route to the outside of the ASA or grab one from the larger subnet as it were? The final outcome is that we can connect a machine directly to the Internet or behind a firewall, depending on the requirements for that individual device. All devices will have public IPs.
View 10 Replies
ADVERTISEMENT
Sep 3, 2012
I am trying to setup SNMP v3 on a 4948E switch here is what I have done so far:
snmp-server location "location"
snmp-server contact IT Admins
snmp-server group SNMPgrp v3 priv read SNMP-ro write SNMP-rw access 80
snmp-server user snmp_user SNMPgrp v3 auth sha xxxxxxxxx priv aes 128 xxxxxxxx access 80
What else am I missing and how can I confirm that it is configured correctly?
View 2 Replies
View Related
Sep 11, 2012
Trying to configure the Cisco 4948e switch gigabit ethernet port with "switch port trunk encapsulation dot1q", but didn't get the option. Please find below the options got after "swith port trunk"............
SW(config-if)#switch port trunk ?
allowed Set allowed V LAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking mode
pruning Set pruning V LAN characteristics when interface is in trunking mode
SW(config-if)#switch port trunk. Please find below the version of the SW............
SW#sh ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Versi
on 12.2(54)SG1, RELEASE SOFTWARE (fc1)
Technical Support: {URL}
ROM: 12.2(44r)SG11
Hobgoblin Revision 21, Fortooine Revision 1.22
[code]...
So, whether the command is not supporting on this Cisco switch ? But we have Cisco 4948 Cisco sw where that command is working fine.
View 8 Replies
View Related
Jan 30, 2013
Using a 4948E switch with FastEthernet1 as the management interface which uses the VRF mgmtVrf. I cannot get DNS resolution to work for some reason.
I am using code enterprise 15.1-2.SG and here are the relevant config snippets:
ip domain-lookup source-interface FastEthernet1
ip domain-name domain.com
ip name-server 4.2.2.1
[Code].....
I read online there are some commands in a different code that support specifying the VRF along with the name servers, but I don't have those options. All I can do is set the source-interface on the domain-lookup command.
View 3 Replies
View Related
Sep 4, 2012
I'm in the process to install two 4948E switches. I will be configuring GLBP and wanted to get some guidelines on configuring GLBP and EIGRP:
- First question is like HSRP I'm configuring it on both swithches like this:
Switch 1:
interface vlan 5
ip address 10.1.5.249 255.255.255.0
glbp 5 ip 10.1.5.1
glbp 5 priority 110
glbp 5 preempt
glbp 5 authentication md5 key-string xxxxxx
[code]....
- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
router eigrp 10
network 10.1.5.0 255.255.255.0
View 2 Replies
View Related
Jan 14, 2012
I want to understand - if 10G ports of 4948E (4 x 10Gb) they are block or non-blocks? I want to connect this switches with 20 GB (lag) to my BB switches and i need to prepare my infrastructure to 17.5GB troughput of video traffic.
View 9 Replies
View Related
Feb 22, 2012
Cisco c4948e switch log is showing :
COMPACTFLASHNOTREADY: Compact flash is not ready
Feb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
COMPACTFLASHNOTREADY: Compact flash is not readyFeb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
Checked the data sheet and is not supported. Why we get this log from the switch? is it cosmetic?
AME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (SFP+) Supervisor with 48 10/100/1000BASET ports and 4 10GE SFP+ port"PID: WS-C4948E , VID: V01 , SN: CAT1425S0NZ
NAME: "TenGigabitEthernet1/49", DESCR: "SFP-10Gbase-SR"PID: SFP-10G-SR , VID: V02 , SN: AGD132134ER
NAME: "TenGigabitEthernet1/50", DESCR: "1000BaseLH"PID: Unspecified , VID: , SN: FNS141203YF
[code]...
View 3 Replies
View Related
Nov 20, 2009
I have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies
View Related
Apr 15, 2013
Have two switches configured and running 2 links to each other that are in a port channel. Now, I cannot get the 1 of the ports (Gi1/0/50) to come up at all, I've had the cable tested and replaced SFPs both ends. Switch A is a WS-C3750G-48TS and I believe the problem could be here, the last for GBIC ports, 2 of them we are using as links to Switch B in a port channel. Here is the config for both and the 'show int status' for both.
View 8 Replies
View Related
Sep 10, 2011
I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine.However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports?
View 2 Replies
View Related
Sep 6, 2012
I have a 4510 with sup7e and I would like to deploy netflow on this switch. The network will contain the 4510 switch where there will be 4 blades installed, each blade contains a separate Zone (vlan) . These 4 zones will then trunk upto a firewall via ten gig link over sub-interfaces. There will be an ip address assigned to each vlan on the 4500 switch but there can not be routing enabled between the vlans on the switch.
View 2 Replies
View Related
Jan 16, 2013
I am writting in response to MAB issue which I noticed a few days ago and I am still not able to undestand what exactly happend. First of all I would like to say that I configured MAB authentication and according to the MAC the ISE configure a VLAN. All worked well: the test computer can change VLAN based on its MAC. The problem appear when I cut the connection to ISE server. Accourding to configuration the switch authorize the new device to VLAN 11 (critical VLAN) That is fine ! When the ISE server is up again I had a configuration which should reauthorize all ports assign in critical VLAN. But why that is not happend ??? It looks as the switch didn't notice that the RADIUS (ISE) was up and working again. [code]
View 1 Replies
View Related
Dec 27, 2010
I just started configuring my cisco catalyst 2950 switch. Basically im preparing for my CCENT exams my basic configuration is as follows.
-My Laptop is connected to the console port
-I'm connected to the internet via my wireless
-I'm connected to the switch port via my NIC card
View 4 Replies
View Related
May 20, 2013
im trying to move the config from an 3750 to 3750 PoE but without using the PoE options.I have allready download the config with tftp and upload it to the 3750 PoE. Now the new config is stored on the PoE switch but some of the old setting are still there. Not sure why, i think the config only overwrite the settings which are in the conf file and the setting which are not in the conf file but enabled on it will stay on the switch.After the upload of the config file I deleted all the config I do not need by hand.They are some settings i can't delete and I don't know why, this are the sittings:
1. each fastethernet port has this option: "no cdp enabled" this entry was no availble on the old switch, is the any possiblity to remove this entry?
2. the same for "no mls qos rewrite ip dscp"
3 and for this one "vlan internal allocation policy ascending"
View 1 Replies
View Related
May 6, 2013
The access swtich is a Cisco 3750 and the Core switch is a Nexus 5000 series. I am configuring the switchport were the AP (3502) and WLC (5508) is connected below:
For AP: interface GigabitEthernetX/XX
switchport access vlan 244
switchport mode access
[Code]....
The WLC is connected to the Nexus switch and it is not accepting the 'mls qos trust cos' command.
View 3 Replies
View Related
Jul 27, 2011
We are using 3750 switches as WAN router facing the WAN cloud. To configure QoS for its WAN port, should I use 'auto qos voip trust" or treat it like a router port and configure class-maps, policy-maps, and attact service-policy input or output?
Because switches have different queuing and dropping methods than routers, auto qos can generate QoS configs that are considered most appropriate for 3750 switches. However the switch functions as WAN router. Maybe it should be configured using router type of QoS with policy-maps and service-policy?
View 9 Replies
View Related
Aug 8, 2011
how to 24 port networking switch configuration
View 1 Replies
View Related
Jan 2, 2013
I have one switch 3750G12S I joined the company new, I found that they want to replace it with Alcatel stack switches. I didnt configure this Cisco switch before. how to configure it. I have 4 other new cisco switches in the topology which is not created yet. the 4 switches are all 2960.
View 17 Replies
View Related
Jan 3, 2013
What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.
View 3 Replies
View Related
May 18, 2011
i just deployed Cisco NAC version 4.8.1 Virtual Gateway OOB on a LAN envieronment and on a WLAN envieronment, it works fine for some users , they can authenticate via the agent or web page, and then they are redirected to the access vlan, But for some other users in LAN and WLAN , when they try to authenticate via agent or web page the following error appears:
Invalid switch configuration-OOB Error:OOB client "mac/ip" not found.
I tried to find some pattern for the users but it dont match any pattern.
View 14 Replies
View Related
Feb 26, 2013
I have a 3com 2948 switch and is needing to put the configuration on a Cisco WS C2960 48 port switch. I am attaching the config to heck if that is correct. I know my IP will need to change to .123
View 7 Replies
View Related
Feb 10, 2012
In our new Head office we have to set up a Network connectivity.Total our office 4 floors.In each floor we kept three cisco 2950 switch.We have L3 switch(cisco 3560) to connect the all the other switch.In our office total 5 departments.we have to create VLan for each departments in the switch.
We want to all user to communicate to each other.We have WAN connectivity in the router(cisco 2900) to connect the other office.First i want know how to physically connect all the swiches and finally with the L3 switch.How to configure the VLAN in both L2 and L3 switch.In our other client office one router to connect the both office.In the router how to configure and which protocol to use to communication.
Ip address:10.10.40.0/22
WAN IP :192.168.214.65/30
View 3 Replies
View Related
Dec 14, 2011
How to, for the most part, setup 802.1x via wireless. I'm using two 5508 WLCs, and Cisco ACS. I will setup the user account/password information via Cisco ACS and User Identity and Hosts. I know from the WLC 5508 web admin tool that I can choose 802.1x in the security parameters. I only have a few question. We have two wireless networks, one is wide open and provides internet access, the other will provide internal access for select users. I am setting up 802.1x on the internal wireless lan. Do I need to configure any 802.1 configuration commands on the switch in order for this to work, if so where would be the locations to do this at? Also, if there is a MAC isolation configuration option I can configure to not allow other hosts on this specific wireless network to communicate with each other?
View 3 Replies
View Related
Jul 9, 2011
DHCP configuration on CISCO core switch 4507R switch.With one vlan and multipul vlan both configuration using any ip address range.
View 3 Replies
View Related
May 21, 2013
i have floor with 10 users with DATA vlan and VOICE vlan , WIRELESS vlan , my questions :
Basement floor Core switch fiber -----> my floor switch <--------my internet DSL router827
- In this scenraio the switch in my floor will be as L2 or L3 ?
- What is the configuration it will be in the switch if it is L3 ?
- What is the configuration it will be in DSL router with Subinterfaces for each vlan ?
Any sample for configuration that can work for switch nad DSL router ?
View 3 Replies
View Related
Jul 2, 2013
I have RFID Reader (10.10.63.2 - 255.255.255.240) connected Cat-6 POE to ws-c3750x-24p-s - standard TCP/IP web service app pulling data from the reader every 250msec: I have my app server connect via vlan by ws-c3750x-24p-s IP address (128.1.70.1 - 255.255.0.0) as you can see its on a different sub net;
I can ping the device from the server - although I'm not getting any data coming through: my config are as:
0 [switch 1 provision ws-c3750x-24p-s]
1 [system mtu routing 1500]
2 [ip routing]
3 [no ip domain-lookup]
[code]...
I can ping the device from the server - although I'm not getting any data coming through.
View 19 Replies
View Related
Feb 6, 2012
I am trying to set up a simple configuration on a Cisco 4928-10G switch running
cat4500-entservicesk9-mz.122-37.SG.bin
All I want to do is to mark all trafic on vlan 3 let's say for this example with dscp af31.
All outgoing trafic to be marked with DSCP AF31.
In pratice If I have 2 laptops connected to access ports on vlan 3. When one laptop pings the other I want to see on the receiving end when I run wireshark the traffic to come marked with DSCP AF31.
View 1 Replies
View Related
Aug 28, 2012
At home I have a perfectly working test setup for more than 1 year now , but yesterday we had a power down for about 10 minutes in the whole area , after this power down nothing was working in my network any longer.
My Network is has follow :
ISP(Cable Modem) on FA23 from the CISCO 2950 SWITCH (24 Ports)
ROUTER (ON A STICK) on FA24 from the CISCO 2950 SWITCH
And the rest of the switch is FA1=VLAN 1; FA2=VLAN 2;FA10=VLAN 10
Our home network is connected to VLAN 10 with a IP Range of 192.168.10.x /24 After this power down , I was not able to look into the SWITCH via FA1 , the FIX IP in this switch was 192.168.1.251/24, the ONLY way to get access was via the consol port !!!What a suprice when I connected my consol to the PC , I can see ROUTER_F342 , my router config is called ROUTER1841 and my switch config name is /was called SW24.So it seems that after this Power Down , the router took or received a config from my provider ?!?
I have recovered the the file in the switch + the vlan.dat and now everithing works again.
How can I avoid that this switch receive again a wrong file , I have all the needed files on the products itself and I do not use a TFTP server.
I have atached some screen shot when my switch is starting up , and it seems that the switch receive a IP address from my ISP , I do not know why, in the config file I have given it a FIX IP 192.168.1.251/24 ?!?So it seems that my ISP erase the config file and when the switch is empty ,the swich look for :
tftp://255.255.255.255/router-confg
tftp://255.255.255.255/ciscortr.cfg
Etc ....
Until it find something.
I have tried after a complete recovery to switch off the power again for 10 minutes (ISP MODEM + SWITCH + ROUTER) and I was not able to reproduce the fault.Can it be that due to this power failure in our area that some routers or switches send or broadcast this kind of things ?
View 4 Replies
View Related
Dec 10, 2012
I am having the Cisco NAC enviroment (Software Version is 4.9.1) and OOB VG.
We are getting the below and attached Error while deploying on some machines.
"Invalid switch configuration-OOB Error:OOB client "mac/ip" not found."
Some users on same switches are working fine but some are not....
What would be the possibilities and any work around? other than keeping the port shudown for long time means that atleast 10 - 20 secs or more or a PC restart. Customer is not feeling comfortable with the current situation.
View 4 Replies
View Related
Nov 18, 2011
How do I configure my router to run with my TP-link TL-SF1016D switch. If I connect my switch on my router I cannot have to internet?
View 1 Replies
View Related
Mar 18, 2013
I have a 3560 switch with 1 VLAN (VLAN 10) where I need to make ports:
1-10 as isolated (can't contact each other)
11-20 as community (need to contact each other like a normal VLAN)
23 as promiscuous (server that ports 1-20 need to get to)
24 as promiscuous (WAN router where ports 1-20 need to get to and the remote servers).
[Code]...
View 26 Replies
View Related
Jun 24, 2012
I am interested in learning and setting up VPN IPSec with Cisco ASA 5505. I've managed to successfully setup VPN andcan connect to it from outside and browse securely to the outside/internet via tunnel. However, once I am connected to VPN, I cannot access any of my internal hosts/servers via VPN client. I am wondering it its a missing ACL/NAT...ASA Version 8.2(5)
!
hostname ciscoasa
enable password xxxxxxxxxxx encrypted
passwd xxxxxxxxx encrypted
names
[code]....
View 1 Replies
View Related
Mar 14, 2013
We are getting "Warning: Saving this config to nvram may corrupt any network management or security files stored at the end of nvram.” And “% Configuration buffer full, can't add command: a0/14” message. " message, when we try to save the configuraiton in one of the 2950 switch.
View 3 Replies
View Related
