Cisco Switches :: SFE2000 And ACL To Stop VLAN Traffic
Sep 25, 2010
I have setup a new SFE2000 switch to work in Layer 3 mode using the IP address 192.168.100.254 on VLAN 1.I would like VLAN1, 2, 3 and 4 to be able to communicate with each other while VLAN2 (Guest) needs to be restricted from everything except web access and dhcp assignment from our server.I have been playing with various ACL's in an effort to accomplish this but so far I have drawn a blank in getting this working.
View 3 Replies
ADVERTISEMENT
Dec 15, 2011
Is there a CLI, other than the terminal mode menu, for this switch? I would much prefer to use a CLI to configure it than the (web) menus available.
The web menus are confusing and the manual is long. I already know how to configure Cisco Switches via the CLI quite well.
View 3 Replies
View Related
Apr 10, 2011
I have a number of SFE2000 10/100 24 port POE switches. They are configured and running OK. I want to be able to save the configuration and be able to load that saved configuration into another new swich in the case of a failure.
I have logged in and gone to Admin-File Management-Save Configuration. I then select the 'Backup' radio button and TFTP the configuration to my TFTP server. All works OK and I have a readable text file with the switch configuration on my TFTP server.
I want to be able to restore that saved configuration on to a new switch. I have set the new switch back to factory defaults. I go to Admin-File Management-Save Configuration. I then select the 'Upgrade' radio button and try and uploade the file into the switch. If load to 'Running Configuration' the switch shows a status of 'Copy Finished' but says 'Copy completed with errors' If load to 'Startup Configuration' the switch shows a status of 'Copy Failed' and says 'Copy completed with errors'
I am guessing I should be able to load my saved Configuration back into a switch, shouldn't I??
And yes the switches are running the same firmware 3.0.0.17
View 7 Replies
View Related
Nov 1, 2011
We have one SGE2000P switch that we are testing in Layer 3. We have a very simple configuration with some vlans that we want to route to our corporate network, but I want to test if there is actually traffic coming out from the up-link port first.
1- Created the vlans:
VLAN1: 10.10.1.12 /16 (native)
VLAN10: 172.16.10.1 /24
[Code].....
View 1 Replies
View Related
Jan 2, 2012
I have a SF300 24 P and Iam trying to configure a voice vlan this is what I have done so far and it doesnt work.
1. create vlan 30 for voice traffic and enable it
2. Telephony OUI add my mac address for allworx phones
3. Port to VLAN add 30 has tagged, port to vlan 1 untagged
4. Vlan to port I try to add 30 and get this error (Port e15 is candidate in voice Vlan 30 and cant be configured as static member in the vlan.
5. Under Discovery LLDP, LLDP MED port Setting Enable MED status, then all other options to yes
In my LLDP neighbor information all my phones are there and says under port ID 0 ( my phones support LLDP and CDP)
View 1 Replies
View Related
Feb 12, 2012
I have a sf300 with (2) vlans (1) ] vlan for data and vlan (100) is my voice vlan I have Vlan (100) tagged traffic, and my VoIP pbx as an access port only to vlan (100) all other ports are trunk ports with vlan (100) tagged and vlan (1) untagged traffic. I get no outbound audio on calls I can call out hear them fine they cant hear me. I am wondering if my tagged traffic leaving the phone is being striped and if so were. I have CDP turned off.
View 1 Replies
View Related
May 14, 2012
I have a cisco 1750 router running IOS 12.1.3.xt2. How can I stop bittorrent traffic?
I use E0 connected to a cable modem.
View 2 Replies
View Related
Apr 16, 2011
I have little knowledge about computers and any thing IT related. I use os: xp (sp3), AV: Bit Defender, Malwarebyte. Constant dowload traffic @120-130 kbps even when internet is not in use, os updates turned off.
View 3 Replies
View Related
Dec 27, 2011
In my lab setup i configured Cisco 3560 switch.
-VLAN 20 and VLAN 30 i configured.
-VLAN 20 interface IP : 192.168.20.1/24
-VLAN 30 interface IP : 192.168.30.1/24.
Inter-vlan communication is happening fine. For testing for purpose i configured extended ACLs.i want stop communication from VLAN 30 to VLAN 20 but not vice-versa. If i ping from one of the IP VLAN 20 to one of the ip of VLAN 30, i was gettng Requested time out. And if i ping from one of the IP VLAN 20 to VLAN 30 interface IP, i was able get pinging.From VLAN 30 to VLAN 20, i was getting destination host unreachable from VLAN 30 ip( Its fine as its my requirement)So, solution needed to communicate from VLAN 20 to VLAN 30.
View 1 Replies
View Related
Nov 21, 2012
i'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
View 10 Replies
View Related
Aug 8, 2012
i have been facing strange issue on FWSM (6509 switch). we have created a vlan inteface for server farm on fwsm and its stop responding automatically and we need to give shut/ no shut command under that interface to back into normal .
View 11 Replies
View Related
May 12, 2011
We are trying to config vlan 10 for data and vlan 20 for voice on the same port - port 1 of swtich SF300-24P to run both data and voice on different vlans.Do I have to add vlan 10 as an untagged vlan to port 1 and add vlan 20 as an tagged vlan to port 1?If I do not want to assign the native vlan 1 to port 1, how can I remove it ? The GUI page - assign VLAN to port does not allow to remove it.Aslo, what mode shall I set up on port 1? General, trunk or access ?
View 18 Replies
View Related
Jan 20, 2011
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
View 3 Replies
View Related
Apr 6, 2013
I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing. I configure 7 vlan in SW1 and uplink to SW2 with trunkport.
The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok. I bring two adsl modem and connected to vlan1 and vlan2 for internet access. When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
vlan1 users getting default gateway from adsl modem ip, how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
[URL]...
View 4 Replies
View Related
Sep 16, 2011
Although our usage policy clearly states NO PORN, i'm still catching users watching porn. I'm to the point where i'm going to start shunning mac addresses. Before I do that I would like to first send them a message, like Net Send used to do, warning them to stop.
View 2 Replies
View Related
Oct 6, 2011
now we have 2 switches: SF300-24..on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following [code] And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3..How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
View 2 Replies
View Related
Aug 7, 2011
Any snmpset commands to add, modify and delete vlan table entries on SG300-10 switches? I checked url... however this information is apparently only valid for catalysts. The latest firmware is installed and the provided MIB files are used.
View 8 Replies
View Related
Aug 15, 2011
I have a Cisco ASA 5505 that I have configured. The outside interface is vlan 2 and the inside interface is vlan 1. Port 0 of the ASA is configured to be in vlan 2 and is connected to the ISP provided subnet. Port 1 is connected to my private LAN subnet. I have an additional router connected to Port 2 for guest connectivity. Port 2 is configured to be a member of VLAN 2 so that it can access the ISP provided subnet. From the device connected to port 2 I can ping the vlan 2 interface address of the ASA and from the ASA I can ping the Default gateway of the ISP provided subnet. For some reason the router on port 2 cannot ping the default gateway of the ISP provided subnet. If the vlan were working the same as a vlan in a switch, I would expect to be able to do this. why it is not working or what I can do to get it working?
View 4 Replies
View Related
Jan 10, 2012
Is it possible with a 3560 to block all traffic to a certain vlan except for one or two IP addresses? Create an ACL or something? We have a vlan for voice calls (SIP) and we are getting a lot of scnas that are making the phones ring and such, and I think we can stop this if we only allow traffic onto the vlan from the IP's the SIP traffic is SUPPOSED to be coming from.
View 1 Replies
View Related
Mar 24, 2013
Just picked up a ISA550 and have been playing around with it a bit but seem to be having some trouble. I have two LAN subnets in my small business with approx 10 hosts per subnet. I'd like to use the ISA550 to route between them (and to the internet) but can't seem to figure out how. Is it just as simple as creating two VLANS? Can the ISA550 route VLAN traffic?With my old RV042G, I had the option to setup multiple subnets inside the setup menu but I don't see any such area with the 550.
View 2 Replies
View Related
Nov 21, 2012
Just setup two RV220Ws with a IPsec VPN connection. All working well. However, I have a question regarding how to force ALL traffic from a VLAN to go thru the VPN.IPsec from site A (EU) to site B (USA) working good. On Site A I have a dedicated VLAN that needs to have ALL traffic (internet included) be sent thru the VPN tunnel. The main purpose of this is to have internet presence as if in the USA. This is necessary to access some sites available only in USA specially for the kids -their web sites will not display content because they're not in the USA at the moment. How do I accomplish this? I tried to setup a Static Route for the VLAN but you cannot setup a 0.0.0.0 destination route.
View 2 Replies
View Related
Dec 12, 2010
I have two VLANs set up on a Catalyst 2950 switch: VLAN 1 (192.168.1.x) and VLAN 2 (192.168.2.x). VLAN 2 can ping the router on the 192.168.1.x network and nothing else, which is what I want. However, computers on the 192.168.1.x network can ping computers on VLAN 2, which is what I do not want. I want to make it where VLAN 1 and VLAN 2 cannot communicate with one another, but that VLAN 2 can still ping the router on VLAN 1. I've read about access control lists and ip tables
View 3 Replies
View Related
Apr 10, 2011
i am having 2 locations & having cisco 1841 & 2821 at both the end connected via a P2P link. Now when i trace location A from location B, the traffic is getting dropped at location A's Vlan HSRP IP address.there is no ACL in that Vlan, but still it is getting dropped.
View 1 Replies
View Related
May 13, 2013
we have a cissco 4506-e switch with ios version 03.02.05.SG . We ae currently facing a strange problem . Vlan interfaces configured in he switch are not showing input and output traffic, whereas the traffic is seen on the Gig interfaces mapped to the respective vlans . We also tried configuring the load-interval 30 , but there is no change . Interace 3/5 is mapped to vlan 5 . For this issue we have also done the IOS upgrade from 3.1.1SG to 3.2.5SG recently still the issue is same. [code]
View 2 Replies
View Related
Jun 9, 2012
I have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?
View 19 Replies
View Related
Feb 11, 2013
I have 2 hosts, 1 plugged in fa 0/21 in VLAN 101 and another in fa 0/22 in VLAN 101 on our L2 Cisco 2960. If I try and transfer files from either host the gig 0/1 trunk port on the 2960 leading tot he 3750 fa 0/1 port hits 100mb (using a real time bandwidth monitor tool), but why? This VLAN is on the same switch, why does it go one way up the trunk to the L3 3750 switch? The L3 3750 is the VTP server and the 2960 is a client. I would of thought the traffic stays local. The 2 hosts don't even have a gateway set.To sum up the typology the 2960 and 3750 are trunked using a single cable. The 3750 hangs of a ASA firewall using SVIs.Here is whatthe traffic looks like when copying a file between hosts (2gb file).
3750 L3 Switch (VTP Server)
interface FastEthernet1/0/4
description Trunk to Cisco 2960 Gig 0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
[code]....
View 6 Replies
View Related
Jan 11, 2013
I have a customer, who has the SVI's configured on the Core (4500x) and this is connected to a ASA 5525x, there is a requirement of restricting traffic between different vlans. How can i use the ASA to accomplish this task. ACLs on the Switch are not stateful and hence not considering this option, Also we are not planning to configure the GW's on the ASA since there is lot of traffic between the vlan's and this will become a bottleneck
View 4 Replies
View Related
May 9, 2011
I just received my rv220w and perhaps I haven't got enough experience with cisco routers. How can I restrict traffic between different VLANs?
For example: Hosts in one VLAN shall only be allowed to access a web server in another VLAN. All other traffic should be blocked. I've created two VLAN with Inter VLAN Routing enabled. But it seems there's no way to install a firewall rule between VLANs.
View 12 Replies
View Related
Oct 10, 2012
Have a quick question regarding inter-vlan routing on a 3750. Overview of network is ISP --> ASA --> 3750 (acting as my core and default gw). I have 5 vlan interfaces on my 3750, all w/ 192.192.x.x subnets, a 6th w/ 192.168.100.x, and a 7th w/ 192.168.200.x. I have enabled "ip routing" on the switch and can successfully ping from subnet A to subnet B as long as both devices are using the correct DG for their vlan, which is the switch. I have a few ports that are trunked as well that go to ESX hosts which break out the vlans according to the subnet the vm should be attached to. The ASA is set to nat internal traffic for all the vlans.
Now my question: short of applying an ACL to each vlan interface to block traffic from other 192.192.x.x subnets is there a better way to accomplish this? I want my 192.168.10.x subnet to be able to reach all the subnets, but don't want 192.192.10.x to be able to talk to 192.192.20.x for example. I was thinking to create an acl like this:
access-list 120 permit ip 192.192.10.0 0.0.0.255 access-list 120 deny ip 192.192.0.0 0.0.255.255 192.192.10.0 0.0.0.255access-list 120 permit ip any 192.168.100.0 0.0.0.255 192.192.10.0 0.0.0.255
and then applying this to the interface for the appropriate vlan.
View 4 Replies
View Related
Nov 13, 2012
I have got 2 Cisco switches (3560G and a 3560X) connected by a trunk port. see config below:
3560G#sh run int gi0/26
Building configuration...
Current configuration : 130 bytes
[Code].....
I can't seem to get VLAN 79 through to the first switch (3560G). Beyond this switch there is a router with acts as default-gateway for the respective VLANs. For VLAN 79 it is 192.168.79.1. I can ping this from the first switch but can't ping it from the second (3560X) switch but can ping 192.168.25.1 which also is the default gateway for this switch.
View 7 Replies
View Related
Jul 17, 2012
I have problems in my Cisco network until I connected some Moxa devices.This Moxa are models EDS-316 and EDS-208
My principal trouble is the traffic UDP. Suddently the network don't permit the traffic UDP in VLAN where are connected Moxa devices.
During an hour the Moxa can send TCP traffic, but can't send UDP. If a Moxa device is unplugged from network, all devices connected to him can work offile from principal network, but if I plugg again the Moxa is like disable.
After one hour (more or less) the system restart all functions and work fine.I catch the logs from TXerrorsInPorts and all the ports where is connected a Moxa have errors all time.
I don't know which is the problem, but I think that problem is in negotiation from Moxa to Cisco.This is the configuration from a port where is connected a Moxa: [code]
View 1 Replies
View Related
Jun 14, 2012
I have a requirement to monitor all traffic going from the internal LAN to the cloud. The LAN is a layer 2 VLAN which spans multiple Cisco 4507 switched and other smaller switches.
The VLAN has an IP address which the hosts use as the default gateway.
The exit port is on a Cisco 3600X switch connecrted to 4507 #1 via a 10G fiber link. 4507 #1 connects the rest of the LAN. Those switches interconnect via 10G fiber and 1G copper links.
Currently the monitor host is connected to a 1G copper port, configured as a monitor port, on one of the backside 4507s The switch manager says he has the switches configured so that I can see all traffic on the VLAN.
View 1 Replies
View Related
Mar 10, 2013
We have a small cisco 1800 series workgroup router that seperates our network from the outside world. The data coming into our network goes into the router on interface fa0/1 and comes out on interface fa0/0. fa0/0 is split into 2 sub-interfaces (fa0/0.2 and 0/0.3). These sub-interfaces correspond to a desktop and server vlan on our network. The workgroup router is connected to a 3560G trunk port (we'll call it switch 1) and switch 1 connects to another 3560G (we'll call it switch 2). Recently I was asked to add another layer of security to our network by installing an ASA 5510 firewall and forcing certain types of traffic to authenticate using their domain credentials for our network. The firewall was set up between the router and switch 1 in transparent, multi-context mode. There are 2 security contexts, 1 for the desktop vlan and 1 for the server. Both have the same security settings applied to them since we want the same behavior regardless of whether they are trying to access the servers or the workstations.
View 2 Replies
View Related
