We have a 3750 as core switch with critical oracle servers ( production & development ) connected to this. The goal is to have these servers behind a firewall, which is to be done by logically routing the traffic towards the device.Now, we need to connect the 3750 with two juniper srx firewall physically. The oracle server VLAN will be removed from 3750 and same layer 3 vlan will be created in the juniper firewall. How do i connect the 3750 to the two junipers. what configurations will be involved, on a logical basis.
Any known issues connecting an ASA to a Juniper switch?
We have a remote site where we have an ASA 5505 installed set up running EzVPN. We do not have not have control/access to the internet connection or the internal infrastructure. We basically have an office within their building. Our ASA has one of their external IP addresses and is connected to thier Juniper switch. Our pc's/printers are patched to another Juniper switch which is uplinked to our ASA. The issue we are having is that the connection is intermittently dropping where we cannot ping the pc's/printers at the remote site through the VPN tunnel but we are still able to ping the external IP address of our remote ASA. The strange thing is that we cannot manage the ASA via SSH or ASDM using the outside interface but can ping it when this occurs. For the most part the VPN tunnel does not drop when we check the sessions at the headend although it occasionally will.
I work for a small company and we just brought in a Juniper EX4200 switch so that we are able to test our SFP's and XFP's. I went through the EZSetup process however when I try to re-connect afterwards it just tells me that my subnet for the switch is different then the PC. I have tried assigning a static IP but that is not working for me either
A CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs.We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature.
- Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ?
- Do you recommend any other way?
- Any recommended CISCO resource/white paper to read about best practice
I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.
ASA: ciscoasa# show run interface Ethernet0/1 ! interface Ethernet0/1
I would like to push route for admin services (Vlan20) to bypass the firewall via an other connection (CSI to CSE). So my first choice was to create a route-map in (CSI) but I don't know how to do it. On my Firewall ASA, I don't have any Context License, that is why I would like to do it like this.
I have included some part of my initial configuration CSI and CSE and diagram.
CSI configuration (Switch L3 3750) { interface GigabitEthernet1/0/1 description To ASA no switchport [Code]....
We have a VPN established between the above devices (I don't have more info on the Juniper as it's a client site) The Juniper initiates the VPN and all is well, tunnel is up all ok but approx every 45 minutes the VPN drops.
the tunnel parameters are set to keep it alive for 8 hours but that doesn't work.
I am using 6500 with VPN Accelerator on this device. I have a dozen other VPN connections GRE and IPSEC to routers and ASA and other Juniper Firewalls.
They all work perfectly.The error I get is map_db_find_best did not find matching map (Never seen this error be for) [code]I can't put the whole config for security reasons.
I need to configure a new RV042 behind a SSG5 firewall. All VPN connections is client to gateway.
Firstly, i tried doing a direct connection(bypassing the firewall), the quickVpn status says connect but I can't even ping the rv. I suspect is due to client own ip is 192.168.1.x and the gateway ip is also 192.168.1.10. How do I resolve this such that users can connect anywhere without having to worry about clash of ip?
i have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
I have two 3750-X configured to be a stack and I am planning to re-rack these somewhere else. What I would like to know is what are the effects of having the master switch itself lose power? Does it immediately just make the member take over master (there should be no election since there are only 2 switches??) and there would be no loss of connectivity?
I have no problem configuring both devices to successfully connect when the juniper firewall isn't in the picture. But due to policy; the RV042 at our main site must sit behind the firewall.
I've got the port forwarding setup but I'm not able to connect. I know I"m missing some configuration on the RV042 but I can't think of it! I've attached a GIF to give an example of both setups.
I have a 3750 switch.The status of the switch is rommon," switch : ".there is not an IOS in the switch....Are there ways to install an IOS excepted xmodem
I need to use a 3750 switch running 12.2 code to route between two networks in a test setup.Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc. The idea for the test setup is 3750 emulates a client's live network which is two routers having a site-to-site tunnel connecting from their ISPs. This will allow me to test the tunnel configuration with the router configs that are in production but replacing one of the routers with an ASA.
I am looking at the interface stats of port Fa1/0/2 and see something strange. Ouput drops are 42Billion in 16mins, then 21249 few seconds later, then followed by 42Billion drops again, then 21444...and so forth..I keep getting an entirely different output drops reading everytime i refresh within seconds of each refresh!
sh int fa1/0/2 FastEthernet1/0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is ecc8.8266.d604 (bia ecc8.8266.d604) Description: MSGMERGF1 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 12/255, rxload 11/255
I have some client with Anyconnect 3.0 configured .I want that all traffic (vs. LAN and vs. Internet) is tunnled in the SSL VPN. On the ASA i configured a route that all traffico tunnled goes to Switch 3750. route inside 0.0.0.0 0.0.0.0 192.168.80.229 tunneled The switch ahve this configurtion for the routing
ip default-gateway 192.168.80.228 ip classless ip route 0.0.0.0 0.0.0.0 192.168.80.228
But if i have a pc that have default gw the switch ip 192.168.80.229 all works fine, but the client vpn have a problem that can't go to internet.I attach a schema and a configuration.If i try to navigate only through the ASA with the client VPN all works. But if i try to tunnle the von traffic to the switch and come back to the and then to internet all stop to works.
some of my switches (3750s) are on the right time and some are not. i have them all pointed to the same DC for NTP and they all say they are synchronized. is it possible to have the switches pole the DC for the right time and update?
I have 3750 switch (WS-C3750G-24TS-S1U) with IP Services version
Switch Ports Model SW Version SW Image------ ----- ----- ---------- ----------* 1 28 WS-C3750G-24TS-1U 12.2(46)SE C3750-IPSERVICESK9-M
on the switch, I have configured aaa new-modelaaa authentication dot1x default group radius dot1x system-auth-control but i am not able to implement the command under interface
Switch(config)#int gigabitEthernet 1/0/20Switch(config-if)#do?down-when-looped dot1x commands are not available under the interface config. Is the IOS version is compatible with dot1x?
I am writting in response to MAB issue which I noticed a few days ago and I am still not able to undestand what exactly happend. First of all I would like to say that I configured MAB authentication and according to the MAC the ISE configure a VLAN. All worked well: the test computer can change VLAN based on its MAC. The problem appear when I cut the connection to ISE server. Accourding to configuration the switch authorize the new device to VLAN 11 (critical VLAN) That is fine ! When the ISE server is up again I had a configuration which should reauthorize all ports assign in critical VLAN. But why that is not happend ??? It looks as the switch didn't notice that the RADIUS (ISE) was up and working again. [code]
We have a current 3-stack 3750 ( 48-P,48-TS & 3750v2-48PS ) running fine. There is a plan to introduce a fourth stack member ( 3750X-48P ) into this stack.as per cisco documentation, it suggests to use 3750X as master for a mixed stack. In this case, we will need to upgrade current other 3 stack switches to a latest version.,Can we do a no-downtime ios upgrade on the existing 3-switch stack?, when this upgrade is done, is there any way to have the new ios pushed down to all three stack members at the same time or do we need to each member upgrade seperately?, for adding the fourth member, is it acceptable if master is ruuning ver eg. 12.2(55) and all rest of the members run ver 12.2(53) ? will this create any issues and will stacking be successful.
im trying to move the config from an 3750 to 3750 PoE but without using the PoE options.I have allready download the config with tftp and upload it to the 3750 PoE. Now the new config is stored on the PoE switch but some of the old setting are still there. Not sure why, i think the config only overwrite the settings which are in the conf file and the setting which are not in the conf file but enabled on it will stay on the switch.After the upload of the config file I deleted all the config I do not need by hand.They are some settings i can't delete and I don't know why, this are the sittings:
1. each fastethernet port has this option: "no cdp enabled" this entry was no availble on the old switch, is the any possiblity to remove this entry?
2. the same for "no mls qos rewrite ip dscp"
3 and for this one "vlan internal allocation policy ascending"
The access swtich is a Cisco 3750 and the Core switch is a Nexus 5000 series. I am configuring the switchport were the AP (3502) and WLC (5508) is connected below:
We are using 3750 switches as WAN router facing the WAN cloud. To configure QoS for its WAN port, should I use 'auto qos voip trust" or treat it like a router port and configure class-maps, policy-maps, and attact service-policy input or output?
Because switches have different queuing and dropping methods than routers, auto qos can generate QoS configs that are considered most appropriate for 3750 switches. However the switch functions as WAN router. Maybe it should be configured using router type of QoS with policy-maps and service-policy?
I have 2 3750x switches connected via a pair of stackwise cables, but I keep seeing error messages about the stack&switch ports going up and down,Performance wise, it seems to work, but I'd like to eliminate this message... Sometimes it will go hours without bouncing, sometimes it does it a few times a minute....
*Mar 4 12:56:57.903: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN *Mar 4 13:16:48.070: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state UP *Mar 4 13:16:49.093: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN *Mar 4 13:38:55.802: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state UP *Mar 4 13:38:56.809: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN
In my 3750 stack switch there are more than 10 L3 vlans currently in use.In that only one vlan for example vlan 11 (we given up link directly to the nodes connected to that ports which is in vlan 11)losing connectivity for sometime and again connectivity restored.Except Vlan 11 all other vlans are working fine. When we troubleshooted the issue some of the ip's able to ping and some not able to ping. checked the interface status of that ports (no crc and input errors) and port is in up status only.we also checked cpu utlilisation ,device uptime, all are no issues found. am sharing my sw basic config and one interface status at the time of issue.But only one port learning more than 50 Mac-Addresses dynamically.and am learning mac address violation in another port which is port security and storm control enabled on that port..Its seems to be any attack or something else????
interface GigabitEthernet1/0/20 --More-- description switchport access vlan 11 switchport mode access spanning-tree portfast logs: Mar 8 05:58:25.848 IST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0026.0a18.8218 on port GigabitEthernet1/0/16. Mar 8 05:59:25.862 IST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0026.0a18.8218 on port GigabitEthernet1/0/16.
AT the time of issue interface status:
sh int gi2/0/14 GigabitEthernet2/0/14 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0026.ca46.5c8e (bia 0026.ca46.5c8e) Description: MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,[code]......
We are having a problem with our ACS and switch configuration.Basically if the switches lose connectivity to the ACS server the switches completely lock up, you can’t even console onto the switches.We want them to use the fall back username and password when this happens.
configure qos in Cisco 3750 switch.I have configured below template and applied on the vlan interface.But i am getting the hit on the access list but I am not able to get hit on the class map.
I had a bad expirience with Switch 3750-X. Because of an auditing security processess, my customer ran a software called "Nessus" to do a scanning of vulnerability on the network. When this software is point to switch, the process of the switch will next to 100% and reset. The software only do a listening on the ports to see what ports are opened and the switch should not reset because this. Bellow is the log os switch on the moment of test; we note that the processess 'HTTP' rise moments before the switch reset. I disable the HTTP service on switch but the problem persist. The test was made only one machine connected to switch.
We have three Cisco 3750 - 48port POE -LAN switches and i am trying to see if there are any issues when we stack POE and Non-POE type of switches.Aslo looking for information on the advanatage and disadvantage the stacking can provide on a Cisco 3750 48port.
