i just need to know is is there any way to prevent network from MACflap.The best way will be when switch will disable the interface where the macflap was detected.I need to set this security feature on 2960s.
View 7 Repliesis it possible to prevent the users with static IP's to connect the Network?We use Cisco sw 4500 series as an access and distribution switches.Is there any features on the switches that fit my request?
View 3 Replies View RelatedI have a SG 300-28 switch with the latest firmware installed running in Layer 3 mode.
I configured this router with 4 VLAN's where VLAN 1 is connected to the network router. All VLAN's call all communitcate with one another. How do I go about configuring VLAN's so that they can only communicate with the router and the internet and not each other?
We have a couple of switches with a L3 Vlan 238 interface which runs PIM SM and OSPF, and HSRP. We have connected to this same segment telemetry processors which have raw socket interfaces configured - which means it picks up all IP packets which hit the interface and forwards them along.So we dont want the processor to recevie any of the 224.x.x.x switch housekeeping traffic? is there anyway to prevent that ?
View 1 Replies View RelatedAt the core of my network I have two Nexus 5548's with the routing/L3 daughter installed. They have a default route that points to my ASA 5520 for Internet access. I have configured a VLAN that I do not want to have access to the Internet. What is the best way of preventing this access? ACL on the Nexus or Firewall rules on the ASA?
View 1 Replies View Relatedit is possible to let cat3750 or 2960 ports which only allow machine on network which it use dhcp, not static ip? if so, how to configure it?
View 8 Replies View RelatedWe have a 2960 switch which is connected to the core via a VLAN trunk. We have disabled broadcast port suppression but, the 2960 is shutting is shutting 2 ports down on the network and this looks like excessive braodcast. How and why would the switch start dropping traffic when the default is don't do anything? It had to be rebooted to get the port active again
View 1 Replies View RelatedI have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
I want to know what is the best way to black traffic inside the same VLAN, this VLAN is a user VLAN, it means that I am talking about access layer.I wanted to use private vlan, but C2960S doesn't support this feature. Any other way to prevent any to any traffic in the user vlan, this vlan only have to speak at the Layer 3.
View 2 Replies View RelatedI have a network coming up for a switch refresh. Management is pushing for 2960s and I would like 3850s. We are running Cisco Voice and Video over the network. I saw a few things that seemed to be in favor of a Layer 3 switch vs. a Layer 2 switch. Some items like better performance due to switching based on IP vs. switching based on MAC. Some information that will show the 3850 to be a better choice or that the 2960 is capable.
View 6 Replies View RelatedWe have one core switch and we are planning to add a 6509. Both are none VSS.All the access switches are Catalyst 3560 series.
We plan to have all 3560s to have a link to each of the core. Without VSS, it is not possible to etherchannel to both core switches correct?What protocol should I configure to prevent in case one core fails? HSRP, VRRP, GLBP?
Do I need to run spanning tree protocol? if so which one?What is the best way to connect from each Catalyst 3560 for load balancing and redundancy? One to each core?
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies View RelatedI have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
View 3 Replies View RelatedWondering if this switch is capable of being a backbone switch for a network of about 1000+ users and if the switch can handle a sustained 30Meg of data going across it?
View 3 Replies View RelatedI have a question for Cisco Cat.2960-s Flex Stack switches which are installing on our sties. Two of 2960-s Stack switches as access switch and two of Cisco ME 3600X Series as distribution layer switches are to be installed in our sites. In case of two stack switches, One is will be a Master and the other one will be a member logically, as you know. So, if the master fails, the other one automatically becomes the stack master following a well-documented election process.
Now, it is my question. How long takes to be a stack master from a member switch ? I cant find it on white paper of Cat.2960-s flex stack .
And also, I heard that sometimes a member switches don't election process when the master fails as a result, all stack members become
a panic. Is that really right ? In addition, I heard that the stack switches have many troubleshooting points than stand alone switches.
I really wanna know if the stack switches are good solution for resilience of huge network site. I'm waiting an answer from those who have experience of maintenance or installation.
I live in a shared flat. And all 20 rooms are connected to this switch I believe. Is there any method to prevent the landlord/tech guy monitoring our internet activity (e.g. bandwidith activity, websites we looked at, etc.
View 5 Replies View Relatedhow to prevent one network fro accessing another network by iptable
View 1 Replies View RelatedMy management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
My wife is moving into an apartment complex for school and she has a Brother HL-2270DW printer. Since she only has a laptop and moves around the apartment, I would like to use the wireless on the printer. Unfortunately, the internet for the building is just through wireless APs. I have the printer installed on the network, but my concern is that anyone can just search for network printers and install it. While printing on it won't be useful for them, it could be a good way to waste her paper/toner. Is there a way to prevent users from installing it without being able to change the router settings? I did not see any option in the web configuration.
View 3 Replies View RelatedI am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies View RelatedI have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
Does the Model "WS-C2960-24PC-L" Supports IP Routing or not?
View 9 Replies View RelatedMy IPTV connection works fine so far but as soon as I start watching TV I can't use my WiFi connection anymore. My router is an "Alice Modem 1121" (SIEMENS S1621-Z220-A) with 4 LAN ports and a WiFi interface (4th LAN port provides the IPTV). It is directly connected by wire to my PC's ethernet card for the IPTV and the internet is provided via the WiFi. When I activate the LAN connection the WiFi and internet connction stays up and requests can be sent but nothing returns anymore. Another device (iPod) has no problems with accessing the internet while IPTV is in use. I also have a Netgear WNR1000v3 router which I tried to use as AP instead but it's exactly the same problem. Unlucky the Netgear router is not supported to use dd-wrt firmware yet (I've found a step by step guide to prevent multicast floods with dd-wrt/ebtables). But maybe the Alice Modem can handle this problem on its own. I read some stuff about VLANs and splitting them but I have no clue how that would look like.
The "nas_0_1_34" is for the IPTV.
I'm having a strange problem where I'm not able to get through a Cisco 2960-S L2 switch when connected through vpn, while LAN-WAN traffic is working fine.The situation on site is the following:When inside the network I'm able to get to the internet without a problem. The problem is within a vpn-session. When this session is succesfully started I can ping and manage the Cisco 2960-S switch, but I can't ping or manage the Dell switch from my laptop. I can however ping the Dell from the Cisco-switch. [code]
View 7 Replies View Relatedset up my QoS on two 2960
-------------------- ------- ------- ------------
PBX Asterisk |----|2960-1 |------|2960-2 |-----|Voip client2|
-------------------- ------- ------- ------------
-------------- |
[Code].....
This will be this configuration for all input interface right ? For the Output part I'm lost, what do I have to do ? And for the 2960-2 do I have to put the same configuration ?
we hava a couple of 2960 switches and we are logging to a syslog server. Ports keep going up and down is it normal severity (error) ?
View 2 Replies View RelatedWe recently updated a site2site link to metro ethernet, ISP call it 100mbps LAN Extension, but to me it is just QinQ over fibre connection. Most went well, one thing (annoying to me) is we can not ping our switches on both ends anymore.
We have a 3750 in headend and another 2960 on the other end. I used to be able to ping/telnet to the management IP from one to the other. Now we can not. I think the ISP is applying some configuration on ports of their customer-premises equipments (both are Cisco switches) but agent in ISP told me no. I thought there is some configuration on Cisco switch to block "MAC discovery" but i just can not remmenber what was that and google also failed me this time.
I have got two links from the same ISP, primary and secondary and connected to two different switch. The ISP have passed the trunk vlan of 30, 31 and 32 on both of the links. The ISP can't provide stp. I have got another managed 2960 series switch. How can I obtain failover on switch level.
View 2 Replies View RelatedI have IP phones connected to 2960 i want to segregate traffic traffic comming from IP phones which has a COS value of 5 and want to allocate a band width of 200 MBPS for those traffic .
Can any one share sample QOS configuration for achiving this in 2960 ?
My cisco ios 2960S is crashed and the ios is gone The issue is i am connecting my pc to management port and i give switch:
IP_ADDR x.x.x.x/255.255.255.0 and also switch: DEFAULT-ROUTER
But i can not copy tftp to flash,according that i have L3 port (management) why should i use xmodem?
I have 2 switches connected Via MM fiber cable one of them SRW2024-K9-NA with MGBSX1 Transceiver and the Secand One 2960 with GLC-SX-MM
are there is any configration must be done or not ?
Have Cisco catalyst 2960 IOS ver12.2(53)se2 when power on the power LED does not come up and on this is what shown on hyper terminal. what need to be done for this switch ?
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: b4:d9:8d:27:4c:00
Xmodem file system is available.
[code]......
Interrupt within 5 seconds to abort boot process. Boot process failed. The system is unable to boot automatically. The BOOT environment variable needs to be set to a boot able image.
I currently have a network with (8) 2960 Cisco Switches. (6) of the 2960 switches are etherchanneled back to (2) 2960 switches in the computer room. I would like to setup QOS on the (8) switches, however the traffic is very differnt on each of the switches. I have video, ip phone, server, printer, PC traffic. I am not sure what the best method of separating this traffic into differnt QOS queues.
View 3 Replies View Related