Cisco Security :: Catalyst 3750 Support Private Vlan?
Feb 12, 2004i want to know if the new Catalyst 3750 Support Private Vlan ?
or any other small Switches
ADVERTISEMENT
Cisco Switching/Routing :: Nexus 5k And Cat 3750 / Benefits Of Private VLAN Trunks?
Jan 11, 2012I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
Cisco WAN :: How Many OSPF Routes Does Catalyst 3750 Support
Aug 16, 2012I just want to know how many ospf routes a catalyst 3740 support ?The cisco doc or datasheets doesn't answer this clearly. Because there is only a statement "unicast routes"!? Does this means all unicast routes (eigrp, ospf....static)If so, there is a statement for about 10k routes ?
View 3 Replies View RelatedCisco Switching/Routing :: VLAN Bridge With Catalyst 3750
Nov 8, 2012I have 3 VLANs here that need to be on the same network segment. They are going to be used by our Wi-Fi network (with Aironet APs), bound to 3 different SSIDs (as Aironet APs doesnt allow multiple SSID per VLAN), each one with a different authentication method and server.Is there a way to bridge those VLANs together with a Catalyst 3750 switch? I tryed configuring an IP address on one of the VLAN interfaces, then configuring a bridge with the vlan-bridge protocol (Catalyst 3750 doesnt have the "ieee" bridge protocol type) and put all 3 VLAN interfaces on the same bridge-group, but it didnt work (even with "bridge x route ip").I also tryed configuring IRB bridging, with the 3 VLAN interfaces on the same bridge-group and an IP address on the BVI interface (the way I used to do with old 2600 routers). Same result.(actually, I didint test to see if the interfaces are actually being "bridged", but I see neither of them can reach the router)
View 1 Replies View RelatedCisco Switching/Routing :: 3750 Private VLAN With Routing
Jan 1, 2012I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies View RelatedCisco Switching/Routing :: Catalyst 3750-X Not Showing VLAN As Active
Apr 14, 2013I have installed a Catalyst 2960-S and a 3750-X-12S and I am trying to setup a VLAN 51 for some VoIP phones. I have added the VLAN as an interface on both switches, but the 3750 is not showing VLAN 51 as active when i do a show vlan. Also, it omitts showing Gi1/0/1 & Gi1/0/3 which are uplinks to 2960-S switches plugged in and working on VLAN1.
Catalyst3750SFP#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
[Code].....
Cisco Infrastructure :: Blocking ICMP On Catalyst 3750 Switch Vlan?
Apr 7, 2011I have set up an ACL on my 3750 switch to deny icmp from PC A on our inside network to PC B on a different VLAN on our inside network using the following ACLs:
deny icmp host 10.1.17.15 host 10.3.10.4
deny icmp host 10.3.10.4 host 10.1.17.15
-- or --
deny icmp host 10.1.17.15 host 10.3.10.4 echo-replydeny icmp host 10.3.10.4 host 10.1.17.15 echo-reply
These ACLs belong to an access-list that also limits ip traffic to a few specific machines.When I try pinging from PC A I receive a reply message back from PC B. Shouldn't this configuration block any ICMP from PC A to PC B and from PC B to PC A? I would have expected the first ACL statement to block any packets associated with ICMP and when that didn't work I tried the second configuration.
Cisco Switching/Routing :: Configure Inter-vlan On Catalyst 3750
Dec 20, 2012My architecture is the same as show on the link with some difference.I use the router 1841 for inetrnet connexion instead of 7200VXR, this router 1841 is connected on the catalyst 3750 port G1/0/1.I use catalyst 2960 instead of catalyst 2950 or 2948.I use ASA 5510 for conexion on remote branche(I have 5 remote site), This ASA is connected on the catalyst 3750 port G1/0/37
Result of the test:
-I can ping devices in the same Vlans
-I can ping devices in different VLANs
-I can ping all device from the catalyst 3750
I cannot ping the router 1841 or ASA 5510 from the any devices (computer)The gateway of each computer is the correpondant VLAN IP address configured on the catalyst 3750.Why I cannot ping the router 1841 or ASA 5510 from the any devices (computer)
Cisco Switching/Routing :: Catalyst 3750 - VACL And ACL To Secure VLan?
Feb 20, 2012i have a catalyst 3750, in this switch i have 3 vlan, i need to secure trafic between vlans but im confused ,should i use ACL or VACL to secure ?which is the best ?if i use ACL to secure and limit ports between vlan, which is the best practice to apply the acl ( on th inside or outside of interface)
View 2 Replies View RelatedCisco Switching/Routing :: Catalyst 3750 / 2960 - Some Data Cannot Pass Through VLAN
Sep 4, 2012I have a problem, here are the situation
- 1 Catalyst 3750
- 1 Catalyst 2960
- 4 Finger Print
- 1 HUB
Configuration
- Catalyst 3750
Interface VLAN182
IP Address 10.62.182.254 255.255.255.0
Interface G0/2
Description Finger Print Server
Switchport mode access
[code]....
Here are the problem,If i connect Finger Print Device to port catalyst 2960, some device not sending data to server, but if i connect all Finger Print to HUB and from HUB connect to Catalyst 2960 at port F0/5, All Device(Finger Print) can send data to server...Is there any special configuration in catalyst so all device can direct connect to port catalyst 2960 without HUB?
Cisco Security :: Does Catalyst 3750 Supports NAC Fail Open Feature?
Feb 29, 2012Does Catalyst Cisco 3750 supports NAC Fail Open Feature? Symantec Network Access control has been deployed in our network to protect the end user systems and access control.we initiate to enhance failover/fail open solutions on the switches to minimize the minimum downtime for disaster recovery in case of major disasters in the Data centres.Kindly request to let us know if NAC fail Open works on Cisco Catalyst 3750 Switches or not?
View 0 Replies View RelatedCisco Security :: Catalyst 3750 / Uploading Image Into Web-authentication Page?
Dec 21, 2009i tried to create a customized web-authentication page that will re-direct any user to the web-page once they are connected to the network.
The problem is, i just cant attach/upload the image of the logo into the customized web-page (welcome/login page).Been researching about it, found and tried some clue bout it on cisco documentation, but still can't solve the problem.
Cisco document :Catalyst 3750 Switch Software Configuration GuideCisco IOS Release 12.2(52)SESeptember 2009
switch version :WS-C3750-48TS
show flash :2 -rwx 12305677 Mar 1 1993 01:27:03 +00:00 c3750-ipservicesk9-mz.122-52.SE.bin3 -rwx 131 Mar 1 1993 00:17:25 +00:00 log.text5 -rwx 3254 Mar 1 1993 00:01:01 +00:00 config.old8 -rwx 113 Mar 1 1993 03:24:33 +00:00 pass.htm9 -rwx 1088 Mar 1 1993 03:39:18 +00:00 login.htm10 -rwx 113 Mar 1 1993 03:21:30 +00:00 fail.htm11 -rwx 104 Mar 1 1993 03:25:32 +00:00 expire.htm12 -rwx 856 Mar 1 1993 00:05:19 +00:00 vlan.dat14 -rwx 2479 Mar 1 1993 01:25:05 +00:00 web_auth_logo.jpg16 -rwx 1048 Mar 1 1993 00:01:01 +00:00 multiple-fs27 -rwx 1053 Mar 1 1993 02:18:34 +00:00 webauthpage.html38 -rwx 6551 Mar 1 1993 01:19:33 +00:00 logotest.html
following is my running configuration :Building configuration...
Current configuration : 4205 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Switch!boot-start-markerboot-end-marker!!!!aaa new-model!!aaa authentication login default group radiusaaa authentication login line-console noneaaa authentication dot1x default group radiusaaa authorization auth-proxy default group radius!!!aaa session-id commonswitch 1 provision ws-c3750-48tssystem mtu routing 1500authentication mac-move permitip subnet-zeroip
[code]....
Cisco Switching/Routing :: Possible To1941 Security Bundle Router Support Minimum Of 2k Of VLAN ID
Dec 17, 2012Is it possible to cisco 1941 security bundle router Support minimum of 2k of VLANs ID and shall support upto 60 vlans?
View 4 Replies View RelatedCisco Switching/Routing :: Does Catalyst 3550 Support Inter Vlan Routing
Jul 24, 2007Does Catalyst 3550 switch support inter vlan routing ?
View 12 Replies View RelatedCisco Switching/Routing :: Multiple VLAN Routing Tables For 3750 Catalyst
Oct 24, 2012I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies View RelatedCisco Switching/Routing :: Catalyst 3750 Multi-cast VLAN Routing
Oct 28, 2012I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).
View 2 Replies View RelatedCisco Switching/Routing :: Inter-VLan Routing On Catalyst 3750 Switch
Dec 17, 2011I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
Cisco Routers :: VLAN To VLAN Firewall Rules Support Missing On RV180?
Jan 12, 2013How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See [URL]) and that was supposedly added to a beta release of the RV220W firmware (See [URL])?
View 1 Replies View RelatedCisco Switching/Routing :: N7K Private VLAN With F2
Jan 15, 2013Why I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
Cisco WAN :: 887Va To Support Both Public And Private Addresses On Inside Vlans
Nov 27, 2012On an 887VA running 15.x IOS, is there a way to support both public and private addresses on inside vlans? The outside interface is public static ip, so the requirement would be to not nat anything if coming from inside vlan10 but nat if coming from inside vlan20.I didn't think this was possible since the outside interface would have to use an outside nat command that would not be ignored for traffic coming from vlan10.
View 4 Replies View RelatedCisco Switching/Routing :: 3750 - Extending VLAN To Remote Switch That Already Has VLAN ID In Use
Jan 10, 2013I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
Cisco Switching/Routing :: Low Bandwidth On 3750 From Vlan To Vlan?
Nov 20, 2012We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
Cisco Security :: ASA 5505 - NAT To 2 Private IP Addresses
Apr 22, 2012I am new to networking and configuring a ASA 5505. I have one public IP and would like to know if I can Nat this ip to 2 private IP addresses. Both addresses will be passing similar traffic.
View 1 Replies View RelatedCisco Switching/Routing :: ME 4900 Private VLAN Config
Feb 9, 2012We need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
Cisco Switching/Routing :: 2960 / How To Configure Private Vlan
Mar 13, 2013I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies View RelatedCisco Switching/Routing :: Private VLAN's On Nexus 2148
Dec 29, 2011I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
Cisco Switching/Routing :: 4900m - Private VLan And VTP Version 3?
Dec 10, 2012know if Private Vlans are supported on the Cisco 4900m switch when set in VTP version 3 and VTP disabled?Most documents just specify VTY transparent mode without mentioning the version, trying not to assume since this is production.
View 1 Replies View RelatedCisco WAN :: Nexus 1000V - Why Is Private Vlan Config Options Missing
Jun 13, 2012I just installed a N1K (with code 4.2(1)SV1(4a)) and I was trying to setup a private vlan.
Example:
vlan 300
name PRI-VLAN
private-vlan primary
[Code]....
I upgraded another n1k (that already had pvlan configured) to this version of code and it has the private vlan option. This was just installed yesterday so I don't have the license on it yet.
Cisco Switching/Routing :: Nexus 1000v Private-Vlan Trunking
Apr 14, 2011Having problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
Cisco Switching/Routing :: Assign 2 Ports To A Vlan On Slm2008 Private Network
Dec 17, 2012Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies View RelatedCisco Switching/Routing :: Private Vlan Configuration On 3560E 24 Port Switch
Dec 12, 2012 We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
Cisco :: Dealing With Security When Merging Private And Public Networks?
Jul 18, 2011We have a private network, multiple vlans etc. for our domain users/employees across several amenities. We also have a Public network, that we have managed by a 3rd party for guests/conference rooms/attendees.Private network is all static ips, mac restricted port security, as strict as possible from a security and PCI Compliance standpoint. The public network is all DHCP with hundreds of users. Having them physically separate has always been the best option. Separate switches, server, and I even have the uplinks separated on a 3825 router. However, unfortunately it seems as though that luxury is coming to an end.One of the meetings that is taking place is going to be at one of our outer amenities so I've got to push that "public" network through my network, over my backhaul to the other side.
My suggestion was to create a new vlan on the switches with the shortest path possible to get where it needs to go. This way the traffic never goes through our ASA, and it has a small footprint on our network, it plugs into the switch access port with the dedicated vlan at the entry point into our network, and leaves from an access port on the other end. To me that seems to be the best/most secure way to handle it. We're also in the process of rolling out Public Wifi through the entire property and since we'll want to push both Public and Private vlans over it....merging the two networks to a point is only inevitable. Especially since it will be going through a controller and the property covers a good 7000 acres.
A good IDS/IPS...other than already having port security on every port, I'd definitely like to know if somebody inadvertently cross connects the two networks and it starts flooding whatever vlan access port it's plugged in to with dhcp...especially since a lot of the laptop users on the domain are set to DHCP first with a static in the alternate for working at the office and remote.
Cisco Wireless :: WAP4410N Does VLAN Tag Setting Need To Be On Tagged To Determine Private From Guest Traffic
Mar 6, 2012We are trying to setup a WAP4410N with 2 SSID's. One SSID for our private network and the other for guest internet access. On the VLAN and QoS page there is a setting for priority. What would be the suggested values for this setting? We obviously want our private network to receive priority over our guest network.Also, does VLAN Tag setting need to be on Tagged to determine private from guest traffic?
View 2 Replies View Related
