Cisco Switching/Routing :: 2960 / Inserting Device Into DMZ?
Jan 9, 2013
I have a /28 subnet between my internal and external firewalls for L3 connectivity. On our internal firewall, I have a default route for internet traffic pointing to the external firewall (10.10.1.2).
We will be inserting a web filter appliance as indicated on the diagram. The appliance requires an IP address to be assigned to the LAN interface.
What is the best way to accomplish this with minimal impact? Will my default route on my internal firewall have to change to the IP of the web appliance if I address the web appliance on the 10.10.1.x subnet?Should I address the web appliance on the 10.10.1.x subnet to begin with, or create a vlan on the 2960 and a L2 interface on one of the firewalls?
View 1 Replies
ADVERTISEMENT
Jul 8, 2012
We have cisco 2911/k9 we fixed 2 HWIC-4ESW crds in 2911. I create 4 vlan i have assigned 1 HWIC-4ESW all vlans are working fine
when i configure 5 th vlan it assigned second HWIC-4ESW 1 port but interface status showing up. i connected one system to that port i try
to ping that port that port notable to pinging is there any activation for that second HWIC-4ESW.
View 11 Replies
View Related
Jan 11, 2012
We having a VSS switch (9 slot chasis) with ios "s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI4", slot 7-9 are currently free. We wanted to install WS-X6708-10G-3C module on slot 7. Once we installed the module it didnt come, after waiting for 15-20min again we removed and inserted, but module didnt come up and we could see following logs on the console:
Jan 12 08:57:40.146: %ISSU-SW2_CFC2-3-ERP_AGENT_SEND_MSG: client/entity send failed; error code is timeout
*Jan 12 08:57:40.330: %ISSU-SW2_SPSTBY-3-ERP_AGENT_SEND_MSG: client/entity send failed; error code is timeout
Jan 12 08:57:40.146: %ISSU_ERROR-SW2_CFC2-3-START_NEGO_FAILED: ISSU NTI Client(2040): failed to start negotiation (ISSU_RC_CLIENT_ENTITY_DOES_NOT_EXIST_IN_PEER)
[code]....
Afer some time VSS switch didnt response to console commands and all the users in access switches were not able to reach the gateway (VSS). Then the problem disappeared once we rebooted both the switches in VSS.why the VSS switch become non-responsive?
View 1 Replies
View Related
May 18, 2012
My environment have two device ,a cisco css11501 and a cisco 2960 ,when I reboot CSS11501 then 2960 shutdown fa0/41
I command "sh logging | in 0/41" just up down two time,not five times in 10 seconds
.May 17 11:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to down
.May 17 11:13:19: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to down
.May 17 11:14:53: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/41, putting Fa0/41 in err-disable state
.May 17 13:44:35: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to up
.May 17 13:44:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to up
View 4 Replies
View Related
May 1, 2013
i have a device connected to 2960 switch. It is an access port and i could ping the device from other switches , also from outside the lan. But i am not able to ping the device from 2960 switch alone. I suspected and checked the arp table and it was showing as incomplete. I created the manual arp entry and tried pinging but no luck.
View 14 Replies
View Related
Nov 12, 2011
when am trying to plug a PC into the switch, it takes power as the switch is POE . but when trying to plug IP Camera Device it does not take any power. although i have cisco 2960 - 24 ports both PC and IP Camera getting power. while troublshooting by #show power inline , i get nothing as well.
View 6 Replies
View Related
Jun 20, 2012
I have some 2960 switches with Lan Lite ios in my infrastructure.And I try to configure them to support "trust device cisco-phone" and "switchport priority extend cos 0" on ports with cisco phones.But LAN Lite image does not support "mls qos trust device cisco-phone".can I use any workaround to trust cos of cisco phone and to remark PC traffic with cos 0?
View 1 Replies
View Related
Feb 7, 2012
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies
View Related
Feb 11, 2013
I have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
View 3 Replies
View Related
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
View Related
Nov 21, 2012
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies
View Related
May 21, 2013
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
View 1 Replies
View Related
Nov 16, 2011
Does the Model "WS-C2960-24PC-L" Supports IP Routing or not?
View 9 Replies
View Related
Apr 28, 2012
see the message "%ESWGE_ERR-3-NIOSII_UP_FAIL: NIOSII fails on 0/3/0 ehwic slot" in 3925 ? we install a new module EHWIC-4ESG in 3925 with ios 15.2.2(T1). 3925 couldn't find the module but got error message above.
View 1 Replies
View Related
Dec 26, 2012
I'm having a strange problem where I'm not able to get through a Cisco 2960-S L2 switch when connected through vpn, while LAN-WAN traffic is working fine.The situation on site is the following:When inside the network I'm able to get to the internet without a problem. The problem is within a vpn-session. When this session is succesfully started I can ping and manage the Cisco 2960-S switch, but I can't ping or manage the Dell switch from my laptop. I can however ping the Dell from the Cisco-switch. [code]
View 7 Replies
View Related
May 15, 2012
set up my QoS on two 2960
-------------------- ------- ------- ------------
PBX Asterisk |----|2960-1 |------|2960-2 |-----|Voip client2|
-------------------- ------- ------- ------------
-------------- |
[Code].....
This will be this configuration for all input interface right ? For the Output part I'm lost, what do I have to do ? And for the 2960-2 do I have to put the same configuration ?
View 5 Replies
View Related
May 20, 2013
I have recovered some configuration files from my 2950 switches with the Configuration Archive Tool in LMS.
Now, I'd like to replace my old 2950s by 2960 switches, which have the same number of ports.
Will there be any issue if I copy the exact same config from 2950 to 2960 ? Will some features not work or is everything interoperable ? Here's an extract of the config :
Global
version 12.1
no service pad
service timestamps debug date time
service timestamps log date time
no service password-encryption
[ code]....
View 2 Replies
View Related
Nov 7, 2012
we hava a couple of 2960 switches and we are logging to a syslog server. Ports keep going up and down is it normal severity (error) ?
View 2 Replies
View Related
Feb 23, 2012
We recently updated a site2site link to metro ethernet, ISP call it 100mbps LAN Extension, but to me it is just QinQ over fibre connection. Most went well, one thing (annoying to me) is we can not ping our switches on both ends anymore.
We have a 3750 in headend and another 2960 on the other end. I used to be able to ping/telnet to the management IP from one to the other. Now we can not. I think the ISP is applying some configuration on ports of their customer-premises equipments (both are Cisco switches) but agent in ISP told me no. I thought there is some configuration on Cisco switch to block "MAC discovery" but i just can not remmenber what was that and google also failed me this time.
View 3 Replies
View Related
Apr 20, 2013
I have got two links from the same ISP, primary and secondary and connected to two different switch. The ISP have passed the trunk vlan of 30, 31 and 32 on both of the links. The ISP can't provide stp. I have got another managed 2960 series switch. How can I obtain failover on switch level.
View 2 Replies
View Related
Feb 21, 2013
I have IP phones connected to 2960 i want to segregate traffic traffic comming from IP phones which has a COS value of 5 and want to allocate a band width of 200 MBPS for those traffic .
Can any one share sample QOS configuration for achiving this in 2960 ?
View 2 Replies
View Related
Mar 10, 2012
My cisco ios 2960S is crashed and the ios is gone The issue is i am connecting my pc to management port and i give switch:
IP_ADDR x.x.x.x/255.255.255.0 and also switch: DEFAULT-ROUTER
But i can not copy tftp to flash,according that i have L3 port (management) why should i use xmodem?
View 3 Replies
View Related
Mar 16, 2012
I have 2 switches connected Via MM fiber cable one of them SRW2024-K9-NA with MGBSX1 Transceiver and the Secand One 2960 with GLC-SX-MM
are there is any configration must be done or not ?
View 2 Replies
View Related
Jul 22, 2012
Have Cisco catalyst 2960 IOS ver12.2(53)se2 when power on the power LED does not come up and on this is what shown on hyper terminal. what need to be done for this switch ?
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: b4:d9:8d:27:4c:00
Xmodem file system is available.
[code]......
Interrupt within 5 seconds to abort boot process. Boot process failed. The system is unable to boot automatically. The BOOT environment variable needs to be set to a boot able image.
View 12 Replies
View Related
Jul 2, 2012
I currently have a network with (8) 2960 Cisco Switches. (6) of the 2960 switches are etherchanneled back to (2) 2960 switches in the computer room. I would like to setup QOS on the (8) switches, however the traffic is very differnt on each of the switches. I have video, ip phone, server, printer, PC traffic. I am not sure what the best method of separating this traffic into differnt QOS queues.
View 3 Replies
View Related
Jan 6, 2012
we have a cisco 2960 48 port tcl switch port and i've enable ssh on my switch and now :
1) how can i login to ssh ? how should create username for ssh ?
2) how can i disable telnet ?
3) how can i change main (master) password?
View 7 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
Commands that i entered to make SSH
config# username admin password pankaj
config# ip domain-name home.local
config# crypto key generate rsa
config# 1024
config# ip ssh version 2
View 6 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
View 1 Replies
View Related
Nov 8, 2011
I have a problem with may Cisco, it´s not start, only works the fan, the problem began when y turn down the Cisco and turn on again, but it´s not start. can something tell me what happen whit it.
View 1 Replies
View Related
Feb 19, 2012
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
View 9 Replies
View Related
Dec 19, 2012
We are going to upgrade our IOS on our WS-C2960G-48TC-L. But before we do that i want to ask whats the best IOS release to choose. Why we want to upgrade is because our switch software now don't support ssh just telnet access
Switch details:
Model: WS-C2960G-48TC-L
SW Version: 12.2(25)SEE2
Image: C2960-LANBASE-M
I was thinking about upgrading the IOS to 12.2(44)SE6 are maybe i should upgrade it to a newer release?
One more thing we have a bunch of stacked 3750 switches, that also need to be upgraded.
View 7 Replies
View Related
Jun 13, 2012
I'm having trouble setting up SSH on my new Switch.
no aaa new-model
aaa authentication login default local
ip domain-name king.local
[Code].....
I would like to be able to use Vlan 10 192.168.155.1 for SSH remote management.
View 11 Replies
View Related
Jun 11, 2013
Any example to limit the bandwidth using the MAC address on 2960 ? I want to limit the bandwidth (IN / OUT) of a server only for Internet flows.
View 2 Replies
View Related
