Cisco :: Prevent VLAN Change On Port?
Apr 26, 2012
I often have to change switch ports to different VLANs. Regardless of whether I find the ports myself or if someone tells me what the ports are, I'll always perform additional verification steps to make sure that the port I'm changing doesn't connect to a switch, a router, a server, or something else that's equally important. But mistakes happen, and I have accidentally changed the wrong port to a different VLAN, thereby disconnecting the end node.
Is there a way to configure a port so that it will not allow you to change its VLAN (or make any configuration changes to it)? I'm imaging a command that when applied to a port would not allow you to make config changes to the port until you remove that command from that port, at which point you'll be able to change its VLAN, shut it, etc. If there isn't such capability, what strategy do you use to minimize the possibility of accidentally changing trunks, routed ports, or important access ports to different VLANs (other than labeling and verify)?
View 1 Replies
ADVERTISEMENT
Nov 27, 2012
I want to know what is the best way to black traffic inside the same VLAN, this VLAN is a user VLAN, it means that I am talking about access layer.I wanted to use private vlan, but C2960S doesn't support this feature. Any other way to prevent any to any traffic in the user vlan, this vlan only have to speak at the Layer 3.
View 2 Replies
View Related
Jun 6, 2012
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
View 5 Replies
View Related
Jan 29, 2013
I'm trying to change a vlan on a port-channel but I am getting this error when I apply the change:" error: command is not mutually exclusive",I have done this in the past but I cannot remember exactly what I should type to apply the change.
View 2 Replies
View Related
Feb 15, 2012
How do I change my password to prevent unauthorized access by other people?
View 2 Replies
View Related
May 9, 2012
At the core of my network I have two Nexus 5548's with the routing/L3 daughter installed. They have a default route that points to my ASA 5520 for Internet access. I have configured a VLAN that I do not want to have access to the Internet. What is the best way of preventing this access? ACL on the Nexus or Firewall rules on the ASA?
View 1 Replies
View Related
Mar 18, 2013
I have a SG 300-28 switch with the latest firmware installed running in Layer 3 mode.
I configured this router with 4 VLAN's where VLAN 1 is connected to the network router. All VLAN's call all communitcate with one another. How do I go about configuring VLAN's so that they can only communicate with the router and the internet and not each other?
View 1 Replies
View Related
Apr 5, 2011
I have this Cisco Switch: SRW2048-K9-NA. When I log into the Web GUI, I am provided the two options mentioned above for VLAN Management. I have fiddled with the two options and they seem identical to me. Is there really a difference, maybe better flexibility?
View 2 Replies
View Related
May 12, 2011
We are trying to config vlan 10 for data and vlan 20 for voice on the same port - port 1 of swtich SF300-24P to run both data and voice on different vlans.Do I have to add vlan 10 as an untagged vlan to port 1 and add vlan 20 as an tagged vlan to port 1?If I do not want to assign the native vlan 1 to port 1, how can I remove it ? The GUI page - assign VLAN to port does not allow to remove it.Aslo, what mode shall I set up on port 1? General, trunk or access ?
View 18 Replies
View Related
Feb 2, 2011
I have set up 2 DHCP pools and 2 VLANs (1 *the native* for data / 1 VLAN for voice). When I use the command "switchport voice vlan 20" the port disapear from the show vlan brief list. When I use the "switchport access vlan 20" it shows up in the show vlan brief in the correct VLAN and gives the phone an IP. I assume that using the access instead of the voice is wrong and the phones would not configure correctly. But when I use the access the phone goes to the next step and tells me the TFTP files are not found. Why does the port disapear from the VLAN list?
View 8 Replies
View Related
Dec 2, 2011
So here is my network.
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
ON ASA
object network ROUTER
host 10.10.1.1
[Code].....
View 28 Replies
View Related
Sep 25, 2012
I have Cisco 800 series (888w) with BRI-ISDN port. Is there any way to change the usage of ISDN port to normal RJ45 port?I want to use this SOHO router to sharing connection.
View 0 Replies
View Related
Aug 2, 2012
Apparently on older switches you could just enter the "management" command under the new VLAN interface and it would pull the config from the old one, apparently that feature isn't around anymore. I've tried establishing a trunk to the damned thing and trying to switch over that way, but it doesn't seem to work.
View 4 Replies
View Related
Apr 29, 2012
We've got a SG200-18 switch that is to be used as a workgroup switch in our environment (SW Version 1.1.1.8). Working with CLI on big and mid-range Cisco-gear over the past two decades I'm having a hard time figuring out the following on the SG200:
o) I want to change the Management-VLAN from the default "1" to the management-VLAN used in our environment. Sure enough I created that vlan in the SG200-config, however when it comes to assigning the management-IP and VLAN for the management interface in the corresponding pulldown under "IPv4 interface -> Management VLAN" the only thing selectable is the default "1". (see screenshots enclosed)So how do I set a management VLAN different from 1?
o) How do I enable telnet/ssh-access to the SG200-18 - I'd be far more comfortable with a CLI-environment?
View 2 Replies
View Related
Jul 29, 2012
We recently had redundant sup cards installed in 2 of our 4507 units after the upgrade I can no longer change Vlan's with the CNA program.I upgrade to the newest version of CNA but that didnt work.
I can still get Vlan information from my 4503's and 4506's with no problem. I figure it is an issue with CNA selecting the sup card to get it's information from?
We are in the middle of some major user moves and changes so I have had 2 of my guys working to move printers on to their own Vlan and some other changes neither is well versed in command line so I set them up with CNA for simple Vlan changes. Now with this out I have to go in and make the changes myself and keeping up with that and my other duties is getting tough.
View 2 Replies
View Related
Nov 21, 2011
when I was using image 1.0.0.27, I was able to move the management VLAN from 1 to which ever VLAN I wanted. For some reason, after switching the image to 1.1.1.8, I no longer have that function.
View 1 Replies
View Related
Nov 29, 2011
I just purchased 2 SF-300 48 port units for 2 customers. I want to be able to remotely manage them over the Internet with my browser. BUT, customer sites already use port 80 for web servers. So, how do I configure this switch to use some other port than 80?
I called support, and much to my surprise he said it cannot be changed. How bizarre that a device with many hundreds of configuration settings does not have one of the most basic settings...
At one customer site I can configure port forwarding and translation to get around this problem, but the other site's router does not offer port translation..
View 2 Replies
View Related
Jun 23, 2012
Is there a way to change a 20 port to a 1.1 port, to establish a internet, DIALUP, connection with a Trendnet Model# TFM-561U fax modem? This computer is a new gateway 64Bit with windows 7 running IE9,(Gateway model# NV57H77u, 3GB DDR, 320GB HDD, all usb ports are 2.0, and wont recognise the modem for dialup. When I connected modem to my computer, 1.1 port, the dialup connection worked fine(but this computer is a 32BIT compac CQ-50 wm139 with widows 7 installed as upgrade running IE9, 2GB) I tryed to connect the compaq 2.0 port for connection and couldnt connect, the 2.0 ports recognise the device as a FAX unit and wont connect to the dialup it just gives me the dial sound and loud screech when num. is reached. I believe it has to be a 1.1 port to establish a connection because of the rate of transfer differance, between these two ports, dialup very slow.
View 6 Replies
View Related
Mar 27, 2013
I have an RV042 that I have configured to send alert logs to a comcast email address. Recently comcast changed their SMTP port from 25 to 465. I can't find where to change the port settings in the RV042 to send the router logs via port 465.
View 1 Replies
View Related
Dec 30, 2012
I connect a copper SFP on port 2 of WLC 5508 to a ASA 5510 firewall. The links between two devices are down. Since ASA 5510 only support 100 full, how do I change port speed on port 2 to 100.
View 8 Replies
View Related
Jan 15, 2013
I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route 0.0.0.0 0.0.0.0 192.168.0.7).
This is my config:
config-file-header
switch5ed948
v1.2.7.76 / R750_NIK_1_2_584_002
[Code].....
View 7 Replies
View Related
May 16, 2013
We use a wlc model AIR-CT5508-K9 with eight built-in ports. I would like to know if it is possible to change the speed of these ports down to 100Mb. At this time, they are set to auto and 1000Mbps.
View 3 Replies
View Related
Jul 17, 2011
I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
View 1 Replies
View Related
Jun 12, 2012
Is there any way to change the port that is used for syslog messages on a Cisco 9500 switch?By default this is set to UDP port 514.There doesn't seem to be a command to change the port.
View 1 Replies
View Related
May 3, 2013
i have 4507R with dual supervisors (WS-X4013+10GE) with IOS cat4500-ipbasek9-mz.122-46.SG.bin the supervisor module are in 3 and 4, and I want to connection port 5, but i have interface and line protocol down "inactive" error.
So I realized to use command "hw-module" to change the module to GE port. However, I am not able to use the command as" I cannot use the command "hw-module uplink" as well.
View 2 Replies
View Related
Jun 29, 2012
I'm trying to obtain the vlans on a trunk and also whether the port is a trunk. Ive seen VTP mib, but these dont appear present on my switch (2950).
View 4 Replies
View Related
Apr 20, 2012
I have an old Nortel network with a bunch of servers attached. Connected to it is the new Cisco core, by way of a routed port. My task is to migrate servers over to the Cisco side of the network, with minimal downtime, and have full network connectivity, retain IP addresses/remain on the same subnet, and retire the Nortels. The Nortels are running VRRP, so I can fail the gateway over by becoming part of that group and later dropping the Nortels, but I can't seem to get a host on the Cisco side to participate in the original subnet. The routed port kills VLAN traffic, so I tried bridging the VLAN with the routed port, to no avail.
View 7 Replies
View Related
Feb 20, 2011
how to create a vlan access port on ASR9000?
I want to connect a server to the ASR9000, but i don't know how to configure the port as access.
I have configured a bridge-group & bridge domain
View 10 Replies
View Related
Jan 20, 2013
I am having some issues putting a Cisco 2970G in place of a HP Procurve that we need to return (leased hardware). I am not really a networking guy, I know just enough to get around and in to stuff.
On the Procurve our internet connection (Mosaic 100MB line) comes in to one of the SFP ports, I have PFSense as our router/firewall. When we moved the switch there we plugged it in and it worked without any issue.
I put one of our spare 2970G switches in, connected everything up and all the RJ-45 ports work without issue. I plug a cisco SFP adapter in and plug the mosaic line in and nothing. The switch shows that there is a SFP adapter plugged in to the port (tried all 4) but no connection. I know on the connection info from Mosaic they specify it MUST be set up as 1000MB Full Duplex. The web GUI on the 2970 won't let me change it on a port that is not up.
Is there a way to set it to 1000MB Full Duplex before I plug it in? I can telenet in to it if needed.
Right now to keep the connection up I have the Mosaic line going to the HP Switch, the PFSense WAN plugged in to that switch and the LAN side plugged in to the 27 , how can I set up a VLAN with just the SFP port and one other port to make sure the traffic from the WAN is separated from LAN traffic on the switch?
View 19 Replies
View Related
Jul 31, 2011
So currently I'm having issues with changing my nat type to open for my ps3. I've tried to use DMZ and port forwarding to change the nat type, but sadly I couldn't get this to work. Most the guides on the forums are for xbox's which wouldn't work for a ps3. Any handy guide to change my nat type to open for my ps3?
View 5 Replies
View Related
May 11, 2012
I have Cisco L3 3560G switch which directly connected with router . i have configured Vlan 2,3 on the switch and assign port 2 & 3 respectably. I want to management both vlan 2 & 3 from from L3 port g0/10 .
View 6 Replies
View Related
Oct 30, 2012
I want to do the inter vlan routing packet tracer file url...configuration of MLS are as bellow can anyone tell me why vlan on switch0 can not ping vlan on switch1. [code]
View 12 Replies
View Related
Sep 28, 2012
I'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.
Would like to know where actually this tagging happens ?
and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?
View 6 Replies
View Related
