Cisco Switches :: 300 Layer 3 Routing And Proxy ARP
Jul 12, 2012
I have a situation where I have ethernet traffic from two separate networks/ip subnets (Subnet A and Subnet B) on a single ethernet connection. I have the need to separate the traffic into two separate networks and two isolated broadcast domains. I thought this could easily be accomplished with a Cisco 300 Layer 3 switch, but I can't get it to work correctly. I have the switch set to IP routing mode. I have three VLANs configured. VLAN 1 sees the combined Layer 2 & 3 ethernet traffic for both subnet A and subnet B. VLAN 10 has an IP address assigned from subnet A and is the gateway for devices within that subnet. VLAN 20 has an IP address assigned from subnet B and is the gateway for devices within that subnet. IP proxy arp is on by default and should be active.Devices in VLAN 10 can ping devices in VLAN 20 and devices in VLAN 20 can ping devices in VLAN 10. This appears to be working only because the switch is the default gateway for those components.
No devices or servers in VLAN 1 can ping VLAN 10 or VLAN 20 components, and VLAN 10 and VLAN 20 components can not ping VLAN 1. I analyzed the ARP traffic on VLAN 1 and the switch is not responding with its own MAC address for requests for IPs for active devices connected to VLAN 10 or VLAN 20. The Cisco documentation says that the device should be responding and acting as a router.I can not physically connect everthing on VLAN 1 directly to the switch, I can not make the switch the default gaeway for all devices on VLAN 1, and I can not create static routes directly to the VLAN 1 switch IP address for all devices that are part of VLAN 1, so I am stuck. I need the switch to let VLAN 1 components automatically know what is connected to VLAN 10 and VLAN 20.
I am willing to scrap this approach entirely if there is an easier way to do this. Put simply, I have a few devices in Subnet A that need to be isolated from Layer 2 & 3 traffic destined for a few devices in Subnet B, but I can't reconfigure my entire network to create these isolated broadcast domains.
View 4 Replies
ADVERTISEMENT
Mar 18, 2012
I want to setup VLAN with the switches SG300 and SLM2024. What is the suggestion to connect these 2 switches. We have the Juniper net screen.
View 1 Replies
View Related
Dec 14, 2012
i've a problem with my SF300-24 routing. That's my network configuration:
Port 1 to 12 assigned to VLAN 10
Port 13 to 23 assigned to VLAN 20
Port 24 has an ip 10.17.7.254 to connect with my deafult route, beacuse I've also a Linksys RV042 router, connected in turn with my ISP router, having an ip 10.17.7.1.
View 6 Replies
View Related
May 12, 2013
I have a project I am working on that will require routing over a MetroE circuit to connect a few sites together back to HQ. Although, I know this can be accomplished several ways, I have come up with a solution that I think will work, but would like you all's input as to whether this is adequate and if my thoughts on how to properly "organize" the network are right.
I have been working with the SG300 line in Layer 3 mode and have not had any issues in a test setup I have here in the office. Basically my thought is to have a single VLAN/subnet allocated for each physical site. That will handle the basic interoffice connectivity etc. I also have a need to prioritize voice/video traffic throughout the entire network. My plan was to create an additional VLAN/subnet to house the teleconferencing equipment. Thats pretty much the jist of the setup. My only question is how to properly prioritize the voice/video VLAN.
View 3 Replies
View Related
Sep 5, 2012
I've been conducting research on configuring 3 distribution switches in my network which are Cisco Catalyst 4507's to communicate with our core over layer 3. Our core switch which is already configured at Layer 3 for intervlan routing is a Cisco Catalyst 6509.
I've got the configuration portion complete and all devices are able to communicate my only question is about QoS. Do I have to configure QoS at the layer 3 interfaces for voice, if so how is that completed. We have several vlans and separate the vlans for each building by voice and data. We only configure ports on the access switches with voice vlans for QoS and we use the auto qos option on these interfaces.
View 2 Replies
View Related
Oct 3, 2012
We are currently designing Layer 3 to the edge EIGRP solution for our customers. The network is a hybrid of collapsed core (Core to access) as well as a three layer design (Core/Distro/Access) for connectivity to the Data Centre, Internet, Wireless Blocks etc.The core of the network contains two 6509-E switches interconnected on a Layer 3 Port channel (no VSS). Access Layer switches (3750-X series running Stackwiseplus protocol) connect to the core switches over p2p routed links and Distribution layer switches (3750X stackwiseplus) provide connectivity to the Data centre, Internet, wireless blocks etc.
The access and distribution switch stacks(Cisco 3750-X) are set up with two or three member switches with uplinks multihomed to the primary and secondary core switch with each uplink included in EIGRP. In each of the stacks, one of the switches controls the operation of the stack, which will be the stack master.As the Cisco Stackwise architecture is not SSO-capable but NSF aware, all Layer 3 fuctions must be re-established during a master switch outage. To minimize control plane impact and improve Layer3 convergence, uplinks should be diverse and originate from the member switches instead of the Master switches in the respective stack. This is as per Cisco recommended design solution.The above solution can be setup if there are more than two switches in the stack. i.e. uplinks are configured on the backup member switch modules.
1.But what about stack with two switches..Which switch should be set up as the Master for a two member stack with uplinks to the core primary and secondary from each switch(Master and Backup)
2. For Layer 3 routing, does the routing takes precedene over switch failures? Say for eg. In a two member stack, the master switch with uplink to primary fails, does EIGRP provide a fast convergence to route traffic via backup secondary and does not wait for the control plane on the switch stack to converge? All the access to core links will be set up for ECMP.
View 3 Replies
View Related
Sep 29, 2012
I configure 3750 stack switch as core and 2960 stack switches as access layer switches.I connected my laptop to one of my core stack in VLAN 10 and I am pinging to one of my server in VLAN 1. What will be the minimum latency at the time of inter VALN routing
View 2 Replies
View Related
Oct 6, 2011
now we have 2 switches: SF300-24..on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following [code] And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3..How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
View 2 Replies
View Related
Jan 1, 2013
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
View 10 Replies
View Related
May 29, 2012
We have a potential new customer who is wanting to deploy a guest WLAN. I am happy doing this via a VLAN on the WAP4410N series AP’s. I would then create the relevant VLAN’s on the switch. Can each VLAN be assigned an IP address and allowing me to be able to add a static route on the router pointing the traffic for the Guest VLAN back to the switch?
View 1 Replies
View Related
Dec 27, 2011
Why layer 2 switches need its mac address, even it does not have any interface ? (does not have stp and etc)
View 8 Replies
View Related
Jul 23, 2012
I'm new and just entered in the world of studying my certification for Cisco, since I'm curious I see that there are switches that can perform task depending on the layer? I see some with specifics for Layer 2, some other for layer 3 and even some others with router capabilities!I know this is a rookie question but how do I know what the best switch for a network? or how can I identify them?
View 3 Replies
View Related
Jun 13, 2011
If there is C6509E as core switches and C3750 Switches running layer 3 at the User dept uplink to the C6509E Switches, what will be the multicast command that should be implemented at both end? CGMP or IGMP or do not need to implement this snooping as well?
Users (IPTV) -> C3750 (Access Switch) -> C6509E (Core Switch) -> C6509E (Server Farm Switch) -> IPTV Servers
Do we need to configure multicast at C3750 Switches (Access Level) at the User dept? Let's say the IPTV Mulitcast is 239.1.1.1. How can we build up this multicast configuration based on this scenario?
View 5 Replies
View Related
Sep 25, 2012
I would like to ask if it is possibe to stack a 3Com 3cr17161-91 to a layer 3 Cisco Switch? The two will be stacked using the avaialble SFP modules.
View 4 Replies
View Related
Sep 30, 2011
Connecting ASA 5520 to two Catalyst 3560G layer 3 switches. What's the best practice to connect the asa-5520 at the edge, to the core of my network? What I'm looking to do is connect two routed gigabit ports (gi0/2 and gi03) to two seperate layer 3 routed ports on catalyst 3560G. I'm wondering how to do it, or if there's any type of failover method? I'm running EIGRP in the network and the link to the first core switch has a /30 point to point connection. Everything works fine, I'm just not sure how to connect the second switch to the firewall. Should I use the a different /30 for the point to point connection to csw02 gi0/48? (See attachment) How would this affect traffic flowing through this interface? Would I have to duplicate rules I have on my inside (gi0/2) interface? Is there a way to make the inside2 interface standby some how? I want to know the best way to set this up, so in the event csw01 goes down I don't loose internet. Will EIGRP work it's magic and only use 1 path to the ASA? Should I even be using routed interfaces on the ASA and just use trunked mode?Running ASA 8.4?
View 1 Replies
View Related
Mar 16, 2012
My SF300-24 switch has been working 100% as a backup switch for a client of mine. At my clients premises it was running 3 Vlan's and doing inter VLAN routing. When my client received their original switch back, I obviously brought my SF300-24 back to the workshop, reset it back to Factory defaults and tried to do a fresh installation on it. I can not get it to change from Layer 2 to Layer 3! I installed the latest firmware but still no go.
Everything works a 100% via the console, but when I go to the System Mode menu and try and edit it, it justs sits at layer 2 and will not chage to layer 3!
View 4 Replies
View Related
Mar 22, 2011
I am migrating an a group of workstations that run a fire system from one software to another. The current workstations run the following info:123.123.123.xxx 255.255.255.0The new workstations run:100.100.100.xxx 255.255.255.0There is a central switch location using a GE-DSG-244 Layer 2+ Managed switch. There are two remote location using GE-DS-82 Managed Switches.The two networks must remain isolated, yet use the same fiber communications. The central switch connects to the two location using MM Fiber. From my research I believe I need to use the 802.1q standard to allow port trunking between the two switches.
View 7 Replies
View Related
Oct 10, 2011
i just want to ask how can i block all proxy server websites in my router( any brand ) so that no one can access, like facebook i already block it in the router but they still access using proxy server website.
View 2 Replies
View Related
Jul 10, 2011
I want all the computers on my LAN to access via a proxy server in another country. I have a Netgear DG 834N router and would like that to connect to the proxy server rather than having to define it on each browser.
View 1 Replies
View Related
Jun 13, 2012
How to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:
Vlan 100 (10.0.1.254 /24)
Vlan 200 (10.0.2.254 /24)
Vlan 300 (10.0.3.254 /24)
...
Vlan 900 (10.0.9.254 /24)
Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. What I need to configure or whether it is possible?
View 3 Replies
View Related
Jul 11, 2012
I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right? Doesn't this limitation significantly reduce the usefulness of the DVA feature?
View 2 Replies
View Related
Mar 24, 2013
I've been taught/under the impression that vlans and stp stay in the access layer to prevent bridging loops and broadcast storms from taking down the whole network. Well I was reading about backbonefast and how it "Enables fast convergence in the networkbackbone or core layer switches after a spanning-tree topology change occurs." Now I thought that from the distribution layer up we use a routing protocol.
View 9 Replies
View Related
Nov 15, 2011
I have a question if I Stack a Catalyst 3750 L3 with a Catalyst just L2, will we able to use all L3 capabilities?
Switches are
WS-C3750G-24TS-E1U
WS-C3750V2-24PS-S
View 4 Replies
View Related
May 28, 2012
I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
View 1 Replies
View Related
Mar 31, 2012
I access the internet from my company�s LAN, which has a restrictive firewall, so I cannot request the admin to open any ports manually for me. Hence I use a software called your-freedom. This proxy software supports both http as well as socks 4 and 5 proxy (by entering the proxy IP 127.0.0.1 (localhost) and Port 8080 for http proxy OR 1080 for Socks Proxy), and I have successfully been using web browsers and some other softwares that support proxy/ allow proxy info to be entered to login/ connect to the internet. Your-Freedom also supports port forwarding.However, the softwares I intend to use do not have any options to enter proxy methods or proxy ports (as far as I have noticed). I have tried to proxify these 2 softwares using softwares such as SocksCap and Free Cap, but either they don�t work, or my settings in proxifying are not correct. I believe I will have to do port forwarding or proxify the softwares, but have been unable to do so in the correct manner.
Following is the info on the 2 softwares:
1.NOW Trading terminal:[FONT=Times New Roman]Normally when I start the NOW or Zerodha software, the software starts and I get a login screen, but under firewall conditions, I get the initial Splash screen but then the software stops with the error: [b][u]NOW Initialisation failed for Interactive Engine << os error>>.
2.PowerIndia Bulls:The software is written in Java and starts with a batch file (PowerIndiabulls.bat) located in C:UsersDEFAULT_USERNAMEAppD..... I converted this batch file to .exe (with battoexe software) and then ran it through a proxifying software. The .exe start properly without proxifying software but not under proxifying environment. Basically the software needs to connect to the internet using Port 443. I am also expected to keep ports 443, 41599 and 59598 open. software's requirement is available at Indiabulls Securities: Indiabulls Securities is a leading capital market company offering securities broking and advisory services, depository services, equity research services to its clients in India. (item no. 5).To confirm, while the software is unable to connect through port 443, you will get an error message: "Connection to Login Server could not be established" when you try to login with any random Username and Password.To know that the software is able to connect properly, you will get an error: "This User ID is not enabled to be used with this product".
View 1 Replies
View Related
Apr 26, 2012
I have a 3550 l3 switch configured as follows:
vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code]
Building configuration...
Current configuration : 4833 bytes
!
version 12.2
no service pad
[code]....
View 11 Replies
View Related
Mar 25, 2012
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
View 2 Replies
View Related
Jan 8, 2013
Anyone know the differnce between these two on a MLS? Seems that proxy arp as I know it works with or without the 'local' version.
View 7 Replies
View Related
Mar 17, 2013
I found that when I enabled layer 2 auto QoS in 3560 switch, I need to wait so much time to open a file in network drive. Howerver, when I disable the Qos. It can improve a lot. I have used a sniffer to capture the packet to see. Those default packet is in DSCP 0. Therefore, I think majority packet will drop to queue 4. How can I increase the buffer and threshold in order to improve queue 4 performance.
View 1 Replies
View Related
May 14, 2012
I have repaired tcp/ip stack and winsock by command prompt. When I check my ipconfig /all there are alot of things not enabled and default gateway with no address etc... I checked my advanced setting and dhcp auto obtain is enabled. When I try to release and renew ipconfig the addresses are missing and when I renew, it's completely missing.
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD FX(tm)-4100 Quad-Core Processor, AMD64 Family 21 Model 1 Stepping 2
Processor Count: 4
RAM: 8189 Mb
Graphics Card: NVIDIA GeForce GTX 460, 1024 Mb
Hard Drives: C: Total - 57138 MB, Free - 30554 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-990FXA-UD5
Antivirus: Norton Internet Security, Disabled
View 7 Replies
View Related
Aug 24, 2011
I got one SF 300-48 layer 3 switch I tried to configure to use it in the office network.Unfortunately I'm unable to configure the VLAN settings.I need port one for input(VLAN2),port 7-15 for another vlan(vlan3) also need to connect with the vlan 4.port 15 is another vlan(vlan4) this is for wireless.Other ports are static.It doesn't get any connections with other vlans.I wish to know how to configure vlans in GUI mode.I tried , But I can't get the Vlan setting correctly.Also,I need to know how to communicate both vlans in GUI mode.
View 8 Replies
View Related
Apr 29, 2013
I created a lab and I have a few issues. One with a layer 3 switch and another with a ASA 5550.
1. Layer 3 switch: I have created multiple Vlans and I am able to route between them. I can ping the switch IP but not the default gateway to the ASA. I did a tracert of the default gateway of the ASA and once I am past the Vlan gateway it fails.
2. On the ASA 5550 I created the Vlans on sub-interfaces but still cannot get to the internet. ASA config is below the switch config.
View 7 Replies
View Related
Jan 15, 2013
My first question is I have an access layer switch which is a single VLAN and I am trunking that VLAN to a distribution layer switch, I can ping the gateway on the distribution layer switch for THAT VLAN, But cannot ping the gateway address for the second VLAN I have on the distribution layer switch. I know it is simple, But I have forgotten and just need a push
Also I have a third VLAN set to route traffic not bound for those 2 VLANs out to a router is the statement "ip route 0.0.0.0 0.0.0.0 172.16.252.2" good enough and do I actually need to create a VLAN for that traffic? and if so, is an access switchport the best option?
View 2 Replies
View Related
