Cisco Switching/Routing :: 2821 Best Way To Block A Vlan From Accessing Other Vlans

May 22, 2012

I have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.

View 6 Replies


ADVERTISEMENT

Cisco Switching/Routing :: Accessing Multiple VLANs On SG500

May 9, 2012

Switch: SG500 VLANS: 1 (default) xxx.xxx.0.0/24 network, 150 (device management vlan) xxx.xxx.150.0/24 network I am plugged into port 1. This is a trunk port with VLANs assigned as follows: VLAN 1 (Default) - UntaggedVLAN 150 (dev mgmt) - Tagged  Device is plugged into port 2. This is an access port with the following VLAN assigned: VLAN 150 - Untagged  Why is it I cannot communicate with the device on port 2?

View 1 Replies View Related

Cisco Switching/Routing :: Untagged VLAN On Subinterface 2821

Sep 8, 2012

I need to configure a subinterface eg g0/0.1 and g0/0.2 with a untagged VLAN for each subinterface on a Cisco 2821.

View 5 Replies View Related

Cisco Switching/Routing :: 3560x / Block DHCP Requests Over VLANs

Jan 10, 2012

I have two 3560x Catalyst switches setup between two different locations. They link via a PTP line (Layer 2). I have setup Intervlan routing between the switches and that works fine.Each location has a separate subnet and a Windows DHCP server for each subnet.I want to block any DHCP requests to be sent from hosts on one subnet to the DHCP server on the other side (i.e across the PTP link) What is the best method to do this?

View 5 Replies View Related

Cisco Switching/Routing :: 2821 Inter-Vlan Routing And IP NAT To ISP?

Jun 25, 2012

I have just bought myself a Cisco 2821 ISR.At present in my home I have a Cisco 2621XM. Fast Ethernet 0/0 is connected to a 3524XL as a trunk to provide my LAN with inter-vlan routing. it works great. Fast Ethernet 0/1 is connected to my ISP's cable modem and uses the command "Ip address dhcp" to get an IP and all other info from my ISP.FA 0/1 is Ip nat outside and the FA 0/0 and all sub interface like 0/0.1 .24 .168 etc all ip nat inside.I get intervlan routing and access to the internet via this router.I have this 2821 to replace the 2621XM as I plan to run CME on it and want gigabit routing on my vlans as at the moment on the 2621 routing between vlans it at half duplex or seems to be.I have configured the 2821 to ip nat outside on  gig 0/0 and ip nat inside on gig 0/1 and all of the sub interfaces (same setup as my 2621 but with gig ethernet)I have no access to the internet at all but I can ping www.google.co.uk and other domain names from the terminal session when I am connected to the 2821 via the console or telnet/SSH. the gig 0/0 has an IP assigned from my ISP too but no other nodes on the network can ping outside.Am I missing something here? the version of IOS is V 15.
 
My access list goes someting like
 
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
 and so on
 
I still cannot access the internet.....

View 5 Replies View Related

Cisco Switching/Routing :: Extending VLAN Default Gateway With 2821

Jul 25, 2012

I have a design hurdle that I cannot seem to cross. I have two sites and I need the same VLAN to span both sites. I have accomplished this using L2TP but my issue is that I can no longer assign a gateway for this VLAN on the router. The 2 routers are 2821's and are connected with a dedicated fiber run.
 
Ant recommendation for how this could be accomplished? It would be great if I could have the same gateway at both sites by leveraging some sort of bridged interface (BVI so I've heard) but I am at a loss as to where I should start with this. Also, this is not the only VLAN that needs to traverse the link.

View 2 Replies View Related

Cisco Switching/Routing :: Block Traffic Between Two Vlans On Cat3560C - Internet Access?

Aug 3, 2012

I have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
 
10 permit tcp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq 137 138 139 445
20 permit udp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq netbios-ns netbios-dgm netbios-ss 445
25 permit icmp 10.16.30.0 0.0.0.255 host 192.168.1.243
26 permit ip 10.16.30.0 0.0.0.255 host 10.16.30.254
30 permit ip 10.16.30.0 0.0.0.255 host 192.168.15.254

[code]....
 
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?

View 26 Replies View Related

Cisco Switching/Routing :: 2600 - Accessing Servers / Ports From One VLAN To Another

Jan 24, 2013

I’m working with a managed switch that has three V LANs setup on it.  Recently the domain changed and the wireless V LAN can no longer access the internal website.  I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN.   Their DHCP scope is on the switch and DNS is set there.  The Website is also on the V LAN with the DNS server.  This configuration totally cuts out external DNS usage.  It stopped working though.  It is as if when things switched on the Domain the wireless users were denied DNS requests.  The switch was not touched at that time.  I’m looking at it though and it seems that I may have conflicting rules.

The version is 12.2.  I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE    network 192.168.1.0 255.255.255.0    default-router 192.168.1.1    dns-server 192.168.1.6 192.168.1.4    domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0    default-router 172.16.0.1    dns-server 192.168.1.6 192.168.1.4

Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
 
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports.  These do no work.
 
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
 
During my testing I removed the Deny rule and everything worked. deny   ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 
However, the  “   permit ip any any   “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit?  Because when I remove the ip any any, then they cant even get out.  Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports?  I have a feeling it may have not be thought out entirely when initially created.  However, the big mystery is that it worked before secondary domain controller failed.

View 1 Replies View Related

Cisco Switching/Routing :: 3560 - How To Block A Vlan

Jul 22, 2012

I have 4 vlan and all has conectivity/access with all (VLAN10,VLAN20,VLAN30 and VLAN40, I use a 3560 Switch for this propose, I need to modificate one vlan (VLAN40) that has access to the rest of the VLAN's BUT the rest of the VLAN's dont have access to VLAN40. I know that it is a problem of access-list BUT I can't undertand how to obtain the result that I like

View 1 Replies View Related

Cisco Switching/Routing :: ASA 5520 / Can Reserve Some More Bandwidth For One Vlan Than Other Vlans

Jan 23, 2012

Currently, we have a Cisco router (28xx), ASA 5520, and a core switch 4500. We have different vlans. We also have Auto QoS running for our Cisco IP Phones.My manager just asked me to see if I can either reserve some certain bandwidth for one vlan, or give that vlan higher priority on internet traffic than the others.

1.) Anyway we can reserve some more bandwidth for one vlan than other vlans?

2.) If #1 cannot be done, how can we provide higher priority on the internet traffic to one vlan than the others?

3.) Is #1 or #2 the same config? If not, which one would be easier (without changing our current QoS settings)?

4.) If 1 or 2 can be done, which device I should config the settings on?

5.) This question may be duplicate, but do we need to reset our current QoS to achieve the goal?

View 6 Replies View Related

Cisco Switching/Routing :: 3750x - Denying VLAN Access To Other VLANs

Mar 18, 2013

I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
 
IP ranges for all the main VLANs are:
 
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
 
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
 
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
 
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).

View 3 Replies View Related

Cisco Switching/Routing :: Vlan Redundancy / Segmenting Public IP Block 3750x

May 21, 2012

I'm building a new colo presence with a full class C of public IP's. The idea is to connect to our ISP with a 3750x switchstack and they will be providing two ethernet drops that conect directly into two seperate switches on their side with HSRP and BGP at the routing level, so we will just point to their virtual IP (gateway address).I'm not sure how to either segment the public ip block or statically route each ip address and the interaction of vlans/svi with HSRP groups. Just use the switch at layer 2 or handle the internal routing with eigrp or ospf at layer3?

View 2 Replies View Related

Cisco Switching/Routing :: Block / Permit Intra Vlan Traffic On 3750

Feb 21, 2013

I have One switch 3750 and many switch 2960 c.I use one ASA 5510 to reach emote branche site (vpn conexion).I use one router 1841 for internet conexion.Router 1841, ASA and catalyst 2960 are connected on the 3750.Default gateway of all user is ASA IP
 
I configured Vlan 3750 and it work.Now I need to implement security : permit/block specific traffic between vlan [code] From vlan 72 I cannot have remote access on computer in vlan 34 and I cannot ping computer in vlan 34.

View 1 Replies View Related

Cisco Switching/Routing :: SG200 / WAP4410N - Multiple VLANs Without VLAN Aware Device

Feb 12, 2012

I have a Cisco SG200 26 Port Switch, 2 Cisco WAP4410N Access points, and a VLAN aware Router. I have created 4 VLAN's. For the sake of this conversation lets call them.

98 - Intel Vpro
99 - Management
100 - General
101 - Guest
 
The Access points are capable of doing V LAN tagging so I plan on having them tag a guest network as V LAN 101. That can get sent to the V LAN aware router and out. No problem. I have some devices, or management pages that I don't want accessible from the general network. (Intel V pro KVM, Remote Management Cards, AP Config Menus, Switch config menu...) . I need to be able to take a V LAN unaware device, plug it into port 1, and have it communicate with V LAN 98, 99 and 100.

View 1 Replies View Related

Inter Vlan Routing ASA 5505 - Accessing File Server From Second Network

Apr 24, 2013

I have a Cisco ASA 5505 with the base License. I want to split my network and add a new Internet Access, the first network in Orange works fine. My question is how can i access the file server from the second network (192.168.X.0 /24) ? The 3 switches are Cisco SF300-24P.

View 7 Replies View Related

Cisco 3560 VLANs And Inter-VLAN Routing

Sep 29, 2011

I have no router inplace that can do trunking (5505 basic license )I have 2 VLANS 10 Data 20 voice I have given both VALNs IPs lets say

-VLAN10 192.168.1.1
-VLAN20 192.168.2.1

Enabled IP routing and set the router as the gateway of last resort.Now becuase the L3 switchis doing the routing I have had to set the default gateway as the VLAN IPs. So PCs on VLAN10 get a gateway of 192.168.1.1 and phones on VLAN20 get a gateway of 192.168.2.1

Any real downside to having the 3560 doing the VLAN routing, is this the "correct "way to do things in the event I don't have a trunkable router?

View 8 Replies View Related

Cisco Switches :: SF-300 - Connection Between Vlan 1 And Vlan 2 Not Accessing

Apr 6, 2013

I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing.  I configure 7 vlan in SW1 and uplink to SW2 with trunkport. 

The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok.  I bring two adsl modem and connected to vlan1 and vlan2 for internet access.  When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
 
vlan1 users getting default gateway from adsl modem ip,  how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
 
[URL]...

View 4 Replies View Related

Cisco Switches :: SG 300 Setting Up 2 Vlans With Inter Vlan Routing

Oct 2, 2011

I have recently purchased 2 SG 300 switches, 1 x SG 300 52 & 1 x SG 300 10, and I am hoping getting the following set-up working.To assist I have drawn the following simple network diagram (below) which hopefully makes it a little clearer what I am trying to do:I have 2 companies occupying a single office with the requirement to share printers/devices etc... so basically I am looking to set-up 2 VLANS (say VLAN 10 & VLAN 20) with inter-vlan routing. To add a little complexity the main comms area is located in the basement of the building, this houses the 2 DSL routers and 2 Servers, one for each company. I am proposing putting the SG 300 10 port switch in here and then use the 3 uplinks I have been given to connect back to the SG 300 52 which is in a patch cabinent 2 floors up. I want to use 2 uplinks (in a LAG) for Company A and 1 uplink for Company B. FYI. DHCP is being served out by each respective router.

View 6 Replies View Related

Cisco Switches :: Used Two SF-300 Switch And Create 4 VLans And Inter-VLan Routing

Apr 8, 2013

I used two sf-300 switch and create 4 vlans and intervlan routing is working fine.
 
Port 1 - 10 -------------> Vlan 1
Port 2 -20----------------> Vlan 2
Port 3 - 30------------------> Vlan 3
Port 4 - 40--------------------> Vlan 4
 
giga1  -----------------> connected to router (This router used for intervlan routing).
 
SF-300 Port 1 is connected to Internet Modem.  This modem worked as dhcp server also for vlan 1, my problem is that when vlan 1 is not communicate to vlan2,3,4 and 2,3,4 are not communicating. 
 
How i can communicate vlan 1 to 2,3,4 vlan. 
 
how i can connect the modem in switch?  Access port or Trunk port ( Presently available in vlan 1 Access port)Any route i need to make? sf-300 or modem or router?

View 1 Replies View Related

How To Block All Programs From Accessing Internet Except One

Dec 28, 2012

I want to block all program from accessing internet except one. I can do it using Windows Firewall but some programs doesn't get blocked!  

And the list is too big to block them one by one (some programs doesn't get unchecked to block them).

I play online game (Counter Strike:CZ) that lags after some intervals (that lag is my actual problem) so i want to stop every app to access internet except my game.

View 2 Replies View Related

D-Link DIR-655 :: How To Block Particular IP From Accessing Network

May 30, 2011

How do I block a particular IP from accessing my network entirely?  I have a hacker with a known IP I want to shut out.  I tried creating a DENY inbound filter (with just that IP as the range) but that didn't seem to work.  that hacker kept being able to attempt logins.

View 7 Replies View Related

D-Link DIR-655 :: Block PS3 From Accessing Router?

Dec 6, 2011

Any step by step instructions (for the DIR-655) on how to block a PS3 from accessing this router?  I know how to log into the router's page and I can get the MAC address of the PS3, but I am clueless from there.  I want to block it completely is possible.

View 7 Replies View Related

Cisco :: Cannot Route To Default Vlan (vlan 1) From Other VLANS

Jan 23, 2013

I've been given the task to clean-up our network config, and have walked into a disaster zone.We have a 4510R on site with everyone using the default VLAN, VLAN 1.I have created 4 new VLANS, VLAN100, VLAN150, VLAN200, VLAN250 I have assigned interface addresses to each VLAN and configured Inter VLAN routing.I can route to and from each new vlan with no problem, i.e VLAN250>VLAN100 VlAN100>VLAN200 etc but I can't route to VLAN 1(Default VLAN) from any of them, I can ping the interface on VLAN 1 from any VLAN , but any hosts are unreachable. On the flip side , from VLAN 1 I can route to all of the VLANS.

View 3 Replies View Related

Cisco :: C3750 How To Block A Host From Accessing Internet

Mar 5, 2012

I have a VMware workstation on my host computer (windows 7) and the VMware workstation has a virtual machine (windows 7) on the host. We were trying to allow internet access only to the Virtual machine, i.e. to minimize exposure of the host to the internet. I tried to use Vlan Access Control list with MAC ACL to deny the host virtual machine from accessing the internet and allow all other traffic including the virtual machine. The configuration works for some  time and after some time when the virtual machine continously pings the c3750 switch (wher the VACL is implemented), the host also pings the c3750 switch and re-establishes connection with the internet. But when we configured the c3750 switch to deny the VM and allow all other traffic, it works fine. It seems like the host automatically finds a way to get arround the VACL.

View 0 Replies View Related

Cisco Firewall :: ASA 8.0(5) / Block Specific Url From Accessing Server In Dmz?

May 4, 2011

I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..

View 1 Replies View Related

Block Accessing Adult Content Sites?

Apr 15, 2012

In my office there is 2 desktops which is networked. one is in the office and the other in my room. internet connection is also there, the modem is kept in my room. but one of my cousin is there in my house and he has a laptop, the internet for his lap is taken from my modem. and now i have noticed that my cousin is visiting adult content sites and i want to block him ? is there any way. why the history he uses is being shown in my browsers history ?

View 13 Replies View Related

D-Link DIR-615 :: Block PS3 From Accessing Internet Completely

Sep 1, 2012

I have a DIR-615 router.  I would like to know if it is possible to block a PS3 from accessing the internet completely, without blocking any other computers/devices.  I have access to the router, but not to the PS3 itself.

View 3 Replies View Related

Block Wired Computer From Accessing Internet Through Router?

Feb 9, 2011

how to block a user from using the internet when they plug their computer into a router. My roommate has refused to pay her share of the internet and, being a college student, I don't have enough money where I feel generous enough to let her have free internet after stiffing me. Basically, I have 2 routers at the moment (hoping to fix this soon): my Qwest modem works as a router but I also have a Linksys router connected to it. The only phone jack is in her room so I have no way of stopping her from plugging her computer straight into the modem and/or router. I've configured the wireless so that she would be unable to access the, wirelessly but I'd like to know how to prevent her accessing the internet when she plugs her computer directly into either component.

View 2 Replies View Related

Cisco Switching/Routing :: 2821 Periodically Stops Routing All Traffic

Oct 3, 2010

We've got a cisco 2821 router which periodically stops routing all traffic. It seems to happen about once every 2 weeks, and I can't find anything that could be causing it. There are no entries in the log and the router stays up and running but requires a restart to begin processing traffic again. We're running 12.4(13r)T11.Any thoughts, or troubleshooting steps to track this down?

View 7 Replies View Related

Cisco Switching/Routing :: 2821 Multicast Routing Relay Basic

Mar 12, 2013

I  start configuring Cisco 2821 router for multicast . First short  description and attached sheme explanation. Let we say  I have small  network with 100 users. One router and Cisco switch 3560. Two VLAN’s,  one for data another for multicast. Data from internet works fine but  now I want to connect multicast servers (or source of more multicast  streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?

First step:  enable multicast routing

Second step: on both interfaces (Fe 0/1 and Fe 0/2)  - ip pim sparse-mode

Third step: configure switch that users are connected to access port in VLAN 222 (temporary to see if multicast work)
 
When  I start VLC on computer nothing happend. If I try to connect computer  on same subnet where is source of multicast streams it works fine.What  I am doing wrong ? Is there anything about routing ? All subnets are  directly connected. RP is not needed if I have one router or ?

View 11 Replies View Related

Cisco Switching/Routing :: 2821 - Routing With Public LAN IP

Jun 7, 2012

I have a Cisco 2821 Router. Its ethernet Interface(E1) is connected to an ISP's Gateway.The outside interface IP is 207.x.x.1, The ISP has given 6 public IPs (202.x.x.1- 202.x.x.6) to use in LAN.
 
I have configured the router`s Internal Interface(E0) with a public IP address. (i.e. 202.x.x.1)
 
My Internal LAN PCs  are in  a private range of 192.168.1.0/24 subnet. Now I wanted my PC users to access the Internet while the Routers public IP remains on internal interface.  How can I do the same?

View 6 Replies View Related

Cisco Switching/Routing :: 2FE-2W Compatible With 2821?

Dec 6, 2011

I have a 2Fe-2W Card and wanted to find out if it can be picked up and installed on a Cisco 2821? Below is the version
 
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(8a), RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
 
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
 
System image file is "flash:c2800nm-adventerprisek9-mz.124-8a.bin"

View 1 Replies View Related

Cisco Switching/Routing :: 2821 With 16-ESW CEF Low Memory

May 29, 2012

According to my boss every 3 to 4 months he has to restart our 2821 with a 16-esw module installed because of a low memory issue dealing with CEF. Here is the exact error message.

%% Low on memory; try again laterJun  8 11:18:51.777: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun  8 11:19:51.823: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" %%

Low on memory; try again later
%% Low on memory; try again later
%% Low on memory; try again later

Jun  8 11:20:51.868: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun  8 11:21:51.914: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved