Cisco Switching/Routing :: 1802 / DHCP - Bind MAC With Wildcard To Specific IP-Range?
Sep 2, 2012
Using a Cisco 1800 series router (1802) with IOS 15.1(4)M2.I am quite sure the following should somehow be possible in IOS, but I can't figure out how to do it ... :I have the situation that I need to bind specific devices by DHCP to the same IP range.
These devices (medical equipment, used in hospital) are all from the same vendor.So the first three octets in the MAC address (Organizationally Unique Identifier , OUI) are the same for each device. The next three are always 'unknown'.I know how to bind a fully known MAC address to a host ip or ip range , but is it somehow possible to do this by the OUI ?Like using some wildcard option.
View 1 Replies
ADVERTISEMENT
Apr 17, 2013
I have a DHCP server for a subnet that has only lightweight WAP's in it. The DHCP server is running on the gateway for this subnet which is a 3750X 2 switch stack running 12.2(53r)se2.I have the following configured:
ip dhcp excluded-address 10.1.10.161 10.1.10.162
ip dhcp pool DHCP-VL20
network 10.1.10.160 255.255.255.224
domain-name mydomain.net
dns-server 10.11.11.30 10.11.11.40
default-router 10.1.10.161
ease 3
The server hands out up to 18 IP addresses and no more, with 20 devices on the subnet. Scanning the subnet with a 3rd party network management system I see the following IP's never get handed out or used:
10.1.10.161 - 162 (manually excluded)
10.1.10.167 - 168
10.1.10.171 - 176
10.1.10.178
and of course 2 IP's I have manually excluded, 11 IP's in all that wont get handed out. It should only be 2 that don't get handed out. I've double and triple checked the exclusion and thats the only one. so I run a 'sh ip dhcp pool' and see this:
Pool DHCP-VL20 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 30
[code]....
[edit]I should also mention that "sh ip dhcp bind" does not show these randomly excluded IP's in use. They also do not show up in any arp table I can find.I have looked all over the config and I cant find where these extra 9 addresses are being excluded. how to free up these 9 seemingly random exclusions? Haven't issued a reload and I haven't deleted and rebuilt the DHCP server yet, production network.
View 2 Replies
View Related
Jul 29, 2012
how can I show the DHCP-range of a router if I don't have privilege level? (not in enable-mode),I can do a "show ip dhcp pool" - this will show me the range which is configured with the network-command.But there are also some dhcp-exclude-addresses which I can't see.... (I did a test on a router with full privilege-access)I need this because I have a router with limited access from our provider.
View 0 Replies
View Related
Apr 29, 2012
we have a 3560 switch configured with EIGRP with dhcp. We have a user that we cannot ping, however the interface show up / up and no errors on interface. the ip address is 10.2.0.199 - however we have dhcp configured to exclude the range from dhcp ip dhcp excluded-address 10.22.0.1 10.22.0.200 how can this work station get a dhcp address if we have that ip range excluded from the dhcp pool?
The user is off a different switch that is a uplink to this distribution switch. Traceroutes shows that the problem is with the distribution switch.
View 4 Replies
View Related
Jul 1, 2012
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
View 4 Replies
View Related
Mar 15, 2011
I use the dhcp demon (dhcp server) on my PIX 501 to give my local clients automatic ip addresses, my dhcpd config is here:
dhcpd address 192.168.251.20-192.168.251.40 inside
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain lokalnet
dhcpd enable inside
View 5 Replies
View Related
Mar 26, 2013
Any solution for NAT only for a specific ip address or a range of ip addresses from the same subnet?
I've read that the router in gateway mode automatically makes the translation and in router mode does not. Starting from this, is there any way to nat from firewall access rules only.
View 5 Replies
View Related
Nov 11, 2012
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
View 6 Replies
View Related
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
View 1 Replies
View Related
Nov 7, 2012
I have an ASA 5510, with Ethernet0 connected to Internet via a T1 line, Ethernet1 connected to LAN1, and Ethernet2 connected to LAN2. LAN1 & LAN2 are independant, but share the Internet connection, via the T1 line. On LAN2, I have another router that connects to the Internet, via a Comcast line. I wish to route some of the traffic on LAN2 (10.38.77.0) to the other Router, on LAN2 (10.38.77.12) (connected to the Comcast line). I have entered the following lines:
route inside2 10.11.0.0 255.255.0.0 10.38.77.12 1
route inside2 10.252.0.0 255.255.0.0 10.38.77.12 1
route inside2 172.22.6.0 255.255.255.0 10.38.77.12 1
I can trace the routes from the ASA 5510 (1st hop is to 10.38.77.12), but not from anything else on LAN2.
View 7 Replies
View Related
May 22, 2013
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32
!
!
router ospf 1
network 10.0.0.0 255.255.255.0 area 0
network 10.150.10.0 255.255.255.0 area 10
network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
View 3 Replies
View Related
Aug 9, 2012
I’m looking for some specific parameters of Cisco 1941 and not able to find them .
1. Maximum number of DHCP clients2. Maximum number of DHCP pools3. Maximum number of V LANs on trunk port.
View 2 Replies
View Related
Mar 18, 2013
when plugging a Cisco 7060 to the specific switch port it does not power on. The inline power consumption is abnormally high compared to the other phones that are plugged in, maybe double the amount.
non Poe devices work on the same port.
I used multiple cables and phones.
View 6 Replies
View Related
Oct 10, 2012
Have a quick question regarding inter-vlan routing on a 3750. Overview of network is ISP --> ASA --> 3750 (acting as my core and default gw). I have 5 vlan interfaces on my 3750, all w/ 192.192.x.x subnets, a 6th w/ 192.168.100.x, and a 7th w/ 192.168.200.x. I have enabled "ip routing" on the switch and can successfully ping from subnet A to subnet B as long as both devices are using the correct DG for their vlan, which is the switch. I have a few ports that are trunked as well that go to ESX hosts which break out the vlans according to the subnet the vm should be attached to. The ASA is set to nat internal traffic for all the vlans.
Now my question: short of applying an ACL to each vlan interface to block traffic from other 192.192.x.x subnets is there a better way to accomplish this? I want my 192.168.10.x subnet to be able to reach all the subnets, but don't want 192.192.10.x to be able to talk to 192.192.20.x for example. I was thinking to create an acl like this:
access-list 120 permit ip 192.192.10.0 0.0.0.255 access-list 120 deny ip 192.192.0.0 0.0.255.255 192.192.10.0 0.0.0.255access-list 120 permit ip any 192.168.100.0 0.0.0.255 192.192.10.0 0.0.0.255
and then applying this to the interface for the appropriate vlan.
View 4 Replies
View Related
Feb 9, 2012
I have Catalyst C3750G switch
with configured route to subnet 192.168.201.0/24
ip routing
ip route 192.168.201.0 255.255.255.0 192.168.160.13
192.168.160.13 is accessible
[Code].....
View 5 Replies
View Related
May 20, 2013
I have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest. Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.
I am having Catalyst 4500 switches in My network. i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id. But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly. are there any restrictions on 4500 or any extra configuration has to be done.
View 2 Replies
View Related
Oct 7, 2012
I have a network with 3 segments and a 2921 router.v172.16.5.0/24, 172.16.0.0/27 and 172.16.2.0/23 .
I want to block all 135 TCP traffic from/to IP 172.16.5.5 to any host in other segment, but only TCP port 135 and only to the specified IP.
View 2 Replies
View Related
Jan 18, 2012
Ask this question, if someone came across a 6513, one of the RJ45 ports are constantly falling.The question is how to disable logging on a specific portno logging event link-status does not work.
View 1 Replies
View Related
Sep 24, 2012
I inherited a Cisco ASA 5505 and am trying to piggy back the device off of an established Network. Here is the basic layout:
192.168.10.1 (Core Router - Handles DHCP/DNS)
192.168.10.9 (ASA 5505 - Piggy backing off of Network)
192.168.40.x (ASA 5505 - VLAN)
I'm able to get onto the Internet without any problems. Devices from the 192.168.10x Network can not ping the inside VLAN1 (192.168.40.x). However, I would like traffic going from the inside VLAN to the Outside VLAN to be blocked, except for 192.168.10.1 and 192.168.10.9. I've tried using ACL's but end up killing my Internet connection. 192.168.10.1 is the default route and is how I get out to the Internet. Is this possible? Essentially, I'm trying to set up a small Network that guests can connect to. The idea is that they can get to the Internet, but that is it. They can't get to internal resources on the 192.168.10.x Network
Here is the config:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password EeCsulrpu.9LalEE encrypted
[Code].....
View 5 Replies
View Related
Jan 25, 2012
Need to limit the amount of bandwidth a specific VLAN can use on a 802.1q trunk port. Situation is that we have a pair of Catalyst 4506 switches which have 802.1q trunk ports into a Checkpoint Firewall, this in turn is connected to a managed WAN router (to which I can't apply a QoS policy).If the 4506 was routing the traffic it would be easy to setup a class-map to match the IP traffic and then QoS the traffic, but the VLAN in question is trunked directly into the firewall (no L3/IP presence on the 4506 next hop for all clients on this VLAN is the firewall).What I need to do is restrict any traffic from this specific VLAN to 10Mbps on the uplink to the Checkpoint Firewall so it cannot impact the onward WAN.
View 1 Replies
View Related
Nov 5, 2011
We are using catalyst 2960S Lan Base IOS on Radio towers. We just bought 50 Accest points, thas are GPS synchronized. Problem is the APs need to be connected on L2-mac betwen each other. But at this time we are using port isolation on each switch (tower) by protected port function to isolate clients from each other.
My question is, is possible to specifi a Mac addresses in specific vlan thats can comunicate betwen protected ports? On tower is one Master unit and others are slave. I thing there is only 1 dirrection comunication - from master to slave.
View 2 Replies
View Related
Feb 5, 2012
I'm trying to limit the bandwidth on certain ports to 3Mbps and others 1Mbps for a project, however when I do a bandwidth test from a website the speed on the router doesn't seem to change it's as if the changes over telnet aren't actually affecting the swtich's qos settings. I have verified that the policy is attached to the interface and the settings are correct as well.
Router
Telnet address: 10.xxx.xx.xx
Password:
[Code].....
View 1 Replies
View Related
Jun 13, 2013
I have 6500 with this STP configuration:
spanning-tree mode rapid-pvst
no spanning-tree vlan 1-4094
I need to enable STP on vlan 100 and vlan 103.
When I do "spanning-tree vlan 100,103 root primary" and then "show spanning-tree".I see that STP is not enable on these vlans (100,103).
I tried to do "no spanning-tree vlan 1-99,101,102,104-4094" and it is not work.
There is a way to enable STP on vlans 100,103 without to do "spanning-tree vlan 1-4094"
View 1 Replies
View Related
Jan 15, 2012
I have a Cisco 1802 to connect my company to ADSL over ISDN. But my boss wants to change the ISP. The propose was (still is) to configure de router with VPN, IPS and use the WAN port to connect the new ISP, that provides an Ethernet signal to 100Mbps.The WAN port will work with Ethernet signal (when we change of ISP)?Any good book (or a paper) to configure the router to work properly with VPN and IPS?
View 2 Replies
View Related
Jan 19, 2012
The router that was used to connect to the internet over ISDN it is not possible, because we have now a Ethernet incoming signal from ISP.
So, is it possible use the Fast Ethernet 0 port in the Cisco ISR 1802 as WLAN instead of ISDN port?
The figure below show what we trying to do.
View 9 Replies
View Related
Oct 10, 2012
I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.I looked at several methos like service policy or vlan filter, but no solution for the moment.
View 3 Replies
View Related
Feb 22, 2013
I have a cisco 2821 router where as a cisco 2960 switch with connect on router as a trunk & one user vlan . this is my WAN router all traffic are internal . i have 2MB data connectivity on my WAN side. i have to Give a specific Bandwith on my SAP traffice . like when SAP traffice will come they all time get around 50 % bandwidth of my channel. If SAP resuest are not comming then other traffice will get full bandwith .
View 4 Replies
View Related
Nov 1, 2012
I have a WS-C3750G-24T-S layer 3 switch and I need to configure independent routes for a specific network, I'm trying to use VRF but it is not working for me. I tried using route-map but it seems the switch doesn't support that, so I'm stuck with VRF, but I think I'm not doing it right. The topology is as follows:
I have a network directly connected to a vlan and I need to forward all the traffic I get on this VLAN using a tunnel to a router. I think the problem is that in order to use the tunnel I need to utilize another VLAN which isn't part of that VRF. I attach the configuration I'm using to better understand what I'm trying to do:
layer-3 switch:
ip vrf TEST
rd 1:1
interface Tunnel1
ip vrf forwarding TEST
ip address 172.17.0.1 255.255.255.252
tunnel source 10.245.0.9
tunnel destination 10.250.4.31
[Code]....
And this is how my routing table looks on this router:
172.17.0.0/30 is subnetted, 1 subnets
C 172.17.0.0 is directly connected, Tunnel4
C 10.250.4.0/24 is directly connected, Vlan404
S 10.245.0.8/29 [1/0] via 10.250.4.1
S* 0.0.0.0/0 [1/0] via 10.1.60.15
View 2 Replies
View Related
Sep 17, 2012
I've been researching the 3750-x Netflow support but I'm not 100% sure of how much support it has. From what I've read the only way to get NetFlow support is to install a specific module that provides NetFlow. I also heard about how it might support s-flow but I haven't found out for sure.
View 8 Replies
View Related
Jan 21, 2013
I have a Cisco 881 router in my office and I would like to do port forward for port 5060, and 10000 - 20000 to my PABX(192.168.1.61). After I did some research from internet, understand that we need to NAT by using following command to do port forward for port 5060. ip nat inside source static udp 192.168.1.61 5060 XXX.XXX.XXX.XXX(WAN IP) 5060 extendable However, now I'm facing an issue to perform port forward for a huge range of ports like 10000 to 20000.
View 9 Replies
View Related
Jan 23, 2013
I have Cisco 871 router with 12.3. OS version.
1. I'm interested if it's possible to block certain contetn only at certain time ? e.g. We would like to block facebook from 7:00 to 10:00 and from 11:00 to 15:00. I was going through cisco manuals but can't find the right answer to this.
2. Cisco 871 has 4 LAN interfaces and one WAN interface. Currently WAN interface is connected to adsl modem in bridge mode and LAN 0 interface is connected to switch.
I'm interested if I could use remaining 3 LAN interfaces for adsl connections same as I'm using WAN interface. Then I would create vlans that would use LAN interface 0. Each of those VLAN's would use different adsl connection.I would assign different IP to each VLAN's so users would be able to change their gateway and use different ADSL connection.
View 1 Replies
View Related
Feb 6, 2012
We have Cisco Cat4503 series L3 Switch and Cisco L2 2560 Series Switches, some of the users want to have a dynamic VLAN membership, and connecting with the network as mobile users,
can it possible and create dynamic VLAN for specific group of users.
View 6 Replies
View Related
Jan 24, 2013
configuring a switch or a router to limit the bandwidth for a specific user/IP when need it. Most of my remote offices are configured like this:
Users ------ 3560 switch ------- 2801 router -------- T1 to NOC -------- 7204 router with channelized DS3
I use Netflow Analyzer for high bandwidth usage alerts and can see the user's IP right away when someone is clogging our T1s. My goal is to be able to temporarily limit the bandwidth of the user taking over the T1. Whatever is best switch config or on the router.
View 2 Replies
View Related
