Cisco Switching/Routing :: 2960S / 6509 VSS - QoS Design Options?
Sep 26, 2012
On occasion employees are downloading large files for business purposes, at very fast speeds. This has the potential to overwhelming our Internet circuits which causes our Customers problems accessing our Web Hosting services.
Our network is comprised mostly of 2960S switches for the employees. Webservers are connected to other 2960(nonS) switches and directly into the 6509 VSS.
Customer’s traffic comes in through one pair of ASA’s.
Employee’s traffic is handled by another pair of ASA’s.
Employee traffic flows from the 2960’s, past an L3 SVI on the 6509, then through the Employee ASA’s, then to the ASR’s, then out to the ISP#1 or ISP#2
Web Server traffic flows from the 2960’s or 6509, to the Customer ASA, then to the ASR’s then out to ISP#1 or ISP#2. Web server traffic does not flow through an L3 SVI.
The goal is to allow employees the ability to have the most bandwidth they can, however customer traffic always has to be preferred in the event of a ISP circuit approaching its limit.
View 1 Replies
ADVERTISEMENT
Oct 10, 2012
I have 2 Catalyst 2960S (24 ports and 48 ports). Can I stack them using the Uplink connection instead of the stack modules. I know Stack module is the best option but it is kind of expensives (half price of the 24 ports switch) and I only need to stack no more then 2 switches.
View 4 Replies
View Related
May 11, 2011
We are designing a LAN Network for ourselves.The proposed design is as follows:
4 x 2960S switches in a Stack Access-Stack-I 4 x 2960S-PoE switches in a second Stack Access-Stack-II
2 x 3750X switches in a Stack Core-Stack
Now I would like to connect it in the following manner ?First,I would like to use EtherChannel using the 10Gig LinksSecondly, I would like to use Cross-Stack EtherChanel too.I have given a graphical illustration of the connectivity Now my Qs: a) Will the 2960S supports EtherChannel using the 10G links and the 3750X too... b) Does the proposed solution will work... or It will have any problems.
View 4 Replies
View Related
Apr 25, 2012
I've been tasked to come up with a design to segment our internal network to reduce broadcast domain size. In addition, we are running out of DHCP available DHCP addresses. I need to have a solution that will give me more available IP's, but reduce our broadcast domain.
We are Cisco VoIP shop. Our current environment consists of dual 6509 chassis in a VSS config. We have 10 access switches that are model 3750's. Each 3750 has dual 1Gb fiber links to the VSS Core in an etherchannel configuration. We have 2 VLANS (data and voice) that spread throughout every switch. Both VLAN's have their own DHCP scope.
Our current broadcast domain is a 255.255.248.0, so we have over 2000 potential broadcast devices. Cisco recommends not having larger than 512. So my research has brought me to a design as follows:
MY DESIGN:
> Have individual voice and data VLANs for each closet switch.
> We have 10 closet switches so this would require 20 new vlans
> With every separate VLAN we would need a different DHCP scope.
> Configure 20 new DHCP scopes for the 20 new VLANs.
> Each DHCP scope would have a 512 available addresses.
> Enable IP Routing and configure EIGRP on the VSS Core and 3750's.
> I'm tossing around the idea of have each 3750 be an EIGRP Stub. Not sure yet.
QUESTIONS:
1. How to verify what I described in my design?
2. Any alternative solution that might be less complicated than configuring Layer 3 on all my access switches?
3. Any thoughts on configuring EIGRP Stub vs. having the VSS Core do all the work?
4: Any template that I could base my 3750 config from?
View 6 Replies
View Related
Feb 11, 2013
Client has a 5515X and two ISP connections and a 2911 router to use for ISP connections. The 2911 as configured only has three ports. They nat a lot of stuff to public ips. What are my options for designing ISP failover?
View 2 Replies
View Related
Jan 5, 2012
One of our clients is replacing some of their aging network components with 4 Cisco 2960S switches. Unfortunately in this case, my skills of switch configuration are greater than my skills of network design. I have a really crude network diagram of their basic network layout (4 servers, 4 switches, and a number of endpoints).
How would you experts design the physical connections in such a way as to facilitate some redundancy?
View 18 Replies
View Related
Sep 4, 2011
Current topology in network is such: web servers with content needing to be load balanced are in vlan 35 and these servers are directly connected to Core switch (two 6509 VSS) via 20 Gb EtherChannel. Vlan 35 also spans some other switches with other servers residing in this vlan. Additionally, there are dozens of another vlans (including external users) that need to communicate with web servers. IP addresses of these two web servers are: 192.168.35.1/24 and 192.168.35.2/24 accordingly with default gateway 192.168.35.254/24 (SVI on Core switch). Currently these ip addresses are used by management and other purposes and need to be reachable for same purposes after configuring load balancing with ACEs - it is needed to have direct access to servers behind ACE. How I can do that using ACE in routed mode?
View 3 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Aug 27, 2012
We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.
The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?
View 6 Replies
View Related
Nov 17, 2011
I have a typical LAN environment that spans across a large warehouse. I have done a lot of redesigning of the environment to satisfy the need for a disaster recover plan. I now have created a LAN with multiple v lans and must also connect all the access layer switches back to the core switch where the servers are.
I was thinking of something simple such as Port channel of 2 Gbps across the backbone and simple floating static routes . I have then moved my wan access link to a 3750 and implemented routing a CEF at each of the 3 core switches (blue). My question is more of design.
View 1 Replies
View Related
Jun 22, 2012
We have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
View 4 Replies
View Related
May 1, 2012
I am going to get some wyse thin clients up and running on our departments. Each department communicate with the main-office through Cisco C1812 routers.
In order to get functionally DHCP up and running, I need to
A - Configure some Dhcp options on the C1812 routers
B - Perform a DHCP relay from each department to the main-office
Option B will cause some additional issues, so is not preferred.
The question is: Does the Cisco DHCP-client have an option for configuring DHCP options? I need to put in among others, an option 161, a string value pointing to a ftp-server. Can this be done? And if it can, what is the right syntax
I have recently started working here, therefore I am not certain of the IOS-version on the router, as I still not have the logon-information, but I will aqquire this shortly.
View 4 Replies
View Related
Jan 16, 2012
I'm troubleshooting a 3750 switch stack problem where computers are showing input and CRC errors. I'd like to be able to execute a "show interface" command that will show me only the line showing the switch port and the line showing the input errors, but so far I can't figure out a way of combining those two parameters.
If I do "show interface | include Ethernet[0-9]�" I get all the lines showing the port numbers:
GigabitEthernet1/0/1 is up, line protocol is up (connected)
GigabitEthernet1/0/2 is up, line protocol is up (connected)
GigabitEthernet1/0/3 is up, line protocol is up (connected)
[Code].....
View 9 Replies
View Related
Apr 17, 2012
is it possible to run hsrp on two routers (not l3 switch) connected to a l2 switch ? if so does the two routers need a back to back connection ?
i know if use two l3 switches (instead of routers) and connect to a LAN switch then we need a back to back connection between the L3 switches
also can we use hsrp on vss on 6500?
design
1800 router 1800 ROuter
| |
| |
|---------- L2 switch-------------------------------|
if the above design is acceptable how does the routers know which one is active and which one is standby ? if we need a direct connection between two routers they have to be on a seperate subnet and routers dont allow broadcasts - so how will hsrp work on routers ?
L3 switch --------------------------l3 switch
| |
| |
|---------------L2 switch---------------|
View 8 Replies
View Related
Aug 25, 2012
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
View 1 Replies
View Related
Apr 30, 2012
I've studied and labeled out MPLS and MPLS VPNs several times. The situation I'm presented with is a little different from most of the case studies I've seen in my MPLS books. I've attached a diagram.
We have a IPsec site to site tunnel from our main HQ router to a Cisco ASA 5510 in the core network in the colo. This allows our HQ office to reach the private sub nets in our core without using a Cisco VPN client. The problem we are running into is that this seems to be putting undue strain on the Cisco 2811. I feel like the 2811 should be able to handle it but doing any kind of upload or download through the tunnel spikes the CPU/Interrupts and makes the router CLI basically stop responding until the traffic transfer is stopped or completed. During this time, certain Cisco SCCP phones on our Broad works platform cycle while the SIP phones on the same platform are OK. We are trying to alleviate the load on the 2811 by setting up a VRF from the HQ network to the private VRF used in the Core for private sub net communication. The problem I'm having is the the HQ also has some public traffic that I do not want to include in the VRFs and would like to have it travel through the P2P circuit we have and access the internet or other public devices through the core public IP Internet routing table.
The flow would be this:
-going to a public address use the public internet routing table
-going to private address in the 10.x.x.x or 172.x.x.x - use VRF to core Private network.
This is a little different of a set up from most of the VRF VPN examples I've seen. Most of those the CE devices is completely private. This is not the case at our HQ.
View 6 Replies
View Related
Apr 19, 2012
Small datacenter design. My requirements and setup will be as follows Dell PowerEdge M1000E Blade Chassis (initially one full chassis)Dell Powerconnect 10GbE Blade SwitchesDell Compellent Storage Array 10Gb iSCSI with redundant controllersDell Powerconnect 7024 dedicated external storage Virtual host blade servers 2 x Cisco ASA for firewall (5525-X or similar in active-active configuration)2 x redundant routers or switches as gateway to public internet I am looking to be able to segregate customers (approximately 100) into seperate VLANs at the access layer and route them up to the Cisco ASA firewalls using Dot1Q trunking for segregation. The Cisco ASA's will perform NAT functionality and route to the redundant gateways. I then need to police each customers traffic at the gateway to limit bandwidth and perform specific traffic marking along with simply routing out to the internet.
Budget is somewhat restrictive so I am looking for the most "cost effective" devices I can use at the gateway to perform the traffic policing/marking/routing for each customer.
View 1 Replies
View Related
Jun 1, 2012
I'm looking for feedback and constructive criticism on our network redesign project for our company.We are currently on a 192.168.1.x/24 and running out of addresses. We are looking to move to the following design and implement VLANs as well for segregation and security. We are probably going to use a few SG300s for switches. [code]
View 4 Replies
View Related
Aug 10, 2012
This past networkers I was at the Cisco booth discussing how the 2248 can connect to the 5548 and have server connectivity. It was told to me that now, as of a fairly recent NX-OS release, you can have the 2248 going dual-homed to both 5548 via VPC and then have a server connected to both 2248 and be in active-active mode. Is this correct?
When we first deployed our 5548 and 2248 we had to put the 2248 in a straight pin mode, where it only had connections to one 5548 and then the server would dual connect to the 2248's and be in active-active mode. I was told that this changed with an NX-OS release however documentation still seems to be fragmented on what exactly is the case.
View 3 Replies
View Related
Jun 14, 2012
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
View 10 Replies
View Related
Jul 21, 2012
When quoting a Catalyst 3750X with PoE (WS-C3750X-48P-E) the Dynamic Configurator Tool allows to include as the secondary power supply option the Catalyst 3K-X 350W AC Secondary Power Supply (C3KX-PWR-350WAC/2), but the default included primary power supply is the Catalyst 3K-X 715W AC Power Supply (C3KX-PWR-715WAC). My questions are the following:
1. Will this combination of power supply work?
2. Will the C3KX-PWR-350WAC/2 be able to power up the switch if the primary power supply of 715W fails?
3. Will the PoE will be lost if the primary power supply fails and only the secondary power supply of 350W keeps working?
4. If this secondary power supply of 350W is not suitable for PoE, why it is available as a secondary power supply option in the Dynamic Configurator Tool for a PoE switch?
View 4 Replies
View Related
Mar 17, 2012
Got 2 of these switch stacked and there is some changes that we are going to undertake which will require us to utilize the whole 8 or 4 (2 from each switch) SFP ports. Just need some adivce on which particular fiber modules should I procure. Does this switch support 10GB of SFP ?
View 7 Replies
View Related
Sep 8, 2012
What are the options avilable to add a cat3560 g switch to a stack of 3750x switches.?is there a connector avilable ?or is it possible to trunk via fiber ? cat 3560 has 4 sfps and 224 10/100/1000 ports with poe. cat 3750 stack has a 10 gb up link . What are the possible options?
View 6 Replies
View Related
Sep 26, 2012
I would like to do the following architecture with the same C3750 : network X,Y,Z connected to 3750 in VRF D the 3750 uses a routed interface on subnet E for the default route in VRF D on this routed interface a BYPASS EQUIPMENT the other BYPASS EQUIPMENT interface is connected also to another routed interface on subnet E "also" this routed interface is in another VRF C with other network A and B.do you know if it will work because of 2 routed interfaces on the same IP subnet or is there a way to do that ? the only goal for me is to catch traffic from network X,Y,Z on SYN and ACK.
View 5 Replies
View Related
Sep 16, 2012
We have our network setup as displayed in the attached. We have 2 HQ offices and 1 branch office. The branch office needs to connect to resources located at both HQs but taking the most effecient path. We have ethernet circuits connecting from each HQ to 2 x Cisco 3560 switches in the branch. HSRP has been configured on the 3560 switches with SW1 as active and SW2 as standby. OSFP has been configured in a single area 0 and the path cost on the link between HQs has been increase to allow 3560 SW1 to route to HQ1 directly and HQ2 via 3560 SW2.The 3560s are connected with a trunk with a L3 SVI for OSPF. This seems to work ok but I have noticed that the branch could become transit if the HQ1 to HQ2 link breaks. How can this be avoided? I realise that if we configure the branch subnets and SW1 to SW2 link in a stub area (area1) then all traffic will route from SW1 to HQ1 and will never share over SW2. I'm assuming that this is because OSPF chooses inter-area routes over intra-area.
View 4 Replies
View Related
Apr 11, 2013
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
View 2 Replies
View Related
Oct 28, 2012
I have recently split the voice vlan (10) from the data network (1), and am wondering why my catalysts and router do not require an interface Vlan10 statement. In the past I used OpenBSD boxes to do the routing, and I first needed to configure vlan 10 on the interface before I could get inter-vlan communication to work. With these Cisco devices it works, and I am wondering if it is because of VTP, for the fact that the ports maybe just pass all traffic, or is there some other explanation? Below is the setup, and firmware is up-to-date on all of the devices.
When I plug a phone into the POE SGE, the phone turns on, obtains an address on the proper subnet, and conversations are clear (whereas without the ip nat inside on the new subnet the calls had a lot of static). Possibly the reason that it works is because the phones properly create the tcp/ip packet, and it hops over the trunks and creates the states so that traffic routes back properly. I will install wireshark to see exactly what is going on, but is there a simple explanation that I am overlooking?
View 1 Replies
View Related
Jan 13, 2013
I have configured DHCP snooping on a WS-3560G-48PS running IOS 12.2(58)SE2 ipservicesk9 variant.When I enable DHCP snooping clients don't get IP addresses, when DHCP snooping is disabled, everything works fine.I have set up a SPAN port and run a capture (attached) on the traffic. Wireshark notes the Seconds elapsed field appeared to be encoded in little-endian but only on some packets. Apart from that, I can see nothing wrong with the DHCP Offer responses from my DHCP server.Attachment config.txt contains the interesting parts of the configuration. Please note g0/32 has been set to ARP inspection trust as without working DHCP snooping it would require a static bind.Is there any way of figuring out which option can't be parsed? Is there a way to force forwarding of unparsable DHCP packets while still running DHCP snooping?
View 3 Replies
View Related
Feb 12, 2012
I have a couple of WS-C3750X-48T-L and a couple of WS-C3750X-12S-S, I want to stack all four of them together into a single stack. WS- C3750X-12S-S are running c3750e-universalk9-mz.122-58.SE2 whereas WS-C3750X-48T-L are running c3750e-universalk9-mz.122-55.SE3.I have got a couple of queries as under:What are the options to achieve putting all these 4 switches into a single stack? Can the LAN Base switches upgraded to IP Base?
View 3 Replies
View Related
Mar 23, 2013
I need to enable multicast routing on 2960s but the command "ip multicast-routing" isn't available on my release (12.2.(55)).
From which release this command is available?
View 1 Replies
View Related
Oct 8, 2012
I have C2960S-48FPS-L and C2960S-24TS-S both of them are using C2960S-UNVERSALK9-M image with version 15.0(2)SE on both I run "mls qos"
and on 48FPS-L I run "mls qos map cos-dscp..."on 24TS-S I cannot run it. there is no such command. there is just "mls qos rewrite..." and "mls qos srr-queue..." variants.
I thought that one image give the same set of commands...?
View 5 Replies
View Related
Jun 19, 2012
I'm working designing a switch system for our core/data center.
We have 5 esx hosts, 2 sans with 3 nodes each. We have voice servers, a couple of routers and a few odds and ends. There are 7 other locations aggregating into this data center via 1-2gbps fiber connections. The bandwidth usage on these links is minimal, but there is a total of about 3000 devices aggregating into the system. My main concern right now is the 3560G's are seeing many output drops, due to the small buffer size on those switches. I have been looking at couple of options to resolve this issue, including the 4948E, 4507E, and 3750X switches.
Budget being the biggest factor, I am finding that the 4507 might be out of the price range. So I was leaning towards the 4948E switches for connecting the servers and iscsi san's as the 3750X is not recommended for iscsi. Redundancy is important so I would like to have two. The second concern is that I need to aggregate the fiber connections and for that I was looking at the ME-3600X or possibly the WS-C3750X-12S-E. I'm running eigrp, so this switch would need to have full routing, as it would also serve as the core switch for the 4948E's.
So in the end I was thinking that two 4948E switches up linked to the ME-3600X which would do full routing for the fiber aggregation and any routing needed for the servers and sans.
Servers and Sans_________4948E________ME-3600X_________7 fiber connections
|____________4948E_____________|
I would look at a second ME-3600X in the future for redundancy. This is the lowest cost biggest buffer solution that I could find.
View 2 Replies
View Related
